US: Millions fined for selling cell phone location data

T-Mobile USA, AT&T, Verizon and Sprint have sold their wireless customers' location data without obtaining their consent. Buyers of data should please do this. However, they resold access to the data and left it up to the buyers to claim with a mouse click that they had obtained the necessary consent from the victims. Dozens of companies access it and use it via automated interfaces (API). Now network operators have to pay fines, but only for part of the time.

Advertising

Related penalty notices The US regulatory authority FCC (Federal Communications Commission) published on Monday. Officially, location services were advertised for standard purposes like locating your lost devices or monitoring cell phone usage in prisons. Indeed, bounty hunters, secret services, private investigators, various corporations, and even police departments have illegally monitored Americans. Since 2007, location queries have been permitted only with the consent of the person concerned or with judicial approval or in certain emergencies.

A sheriff was sentenced to six months in prison as a result. He always clicked that his questions were legitimate. To do this, he uploaded any documents like a car insurance policy or personal pages from the police manual, but lacked the necessary judicial approvals as he would not have obtained them. No one checked his questions – on purpose. The LBS company, from which the sheriff purchased monitoring access, says the sheriff is responsible for verifying his compliance.

T-Mobile is now expected to pay approximately $80 million, AT&T $57 million, Verizon nearly $47 million and Sprint twelve million dollars. In total, this is about $196 million. Penalized network operators will likely challenge the penalties in court.

A different calculation

The way the punishments are calculated is strange. The authority does not count the number of victims, but rather the number of direct purchasers of location data (so-called aggregators) and their customers (so-called location-based services, LBS). T-Mobile, for example, had 81.

The authority multiplied this figure by USD 2,500 per day in which LBS companies had direct API access – but not for the entire duration of the breach, as the law allows fines to be imposed up to a year from the start of the proceedings. But it won't be a year, but June 9, 2018. That's 30 days later The New York Times reports Concerning the charge against the said sheriff.

So the FCC only considers network operators' conduct culpable 30 days after this report. Network operators were selling their customers' location data for up to ten months after the newspaper report. In addition, an LPS partner has a base amount of $40,000 plus a 50 to 100 percent surcharge, depending on how reprehensible the network operator's behavior is in the eyes of the authority after being exposed by the New York Times.

Republicans are now anti-punishment

With the approval of a Republican majority at the FCC, the FCC initiated the process under US President Donald Trump. Democrats now have a 3:2 majority, and now Republicans are suddenly against penalty announcements. One of the two espouses the vague theory that it is perfectly legal to sell location data, excluding user phone calls. Ordinarily, another authority should have conducted the proceedings. Other Republicans at the FCC believe that a network operator has only one legal violation, and counting days and buying companies is unacceptable. The authority should not have imposed any penalty and instead should have assured the network operators that they will do well in future.

Network operators say they have stopped selling location data for now. But that does not mean that LPS providers are unemployed. Today, location data is secretly collected and sold using all kinds of smartphone apps, including by authorities who are not allowed to collect the data themselves, such as the NSA (National Security Agency). To a lesser extent, Wi-Fi hotspots, Bluetooth beacons, and IMSI catchers are used to collect location data from cell phones and other devices.

Staircase Joke: The US secret service NSA has been warning for at least four years about the dangers of tracking the location of mobile phone users for national security. However, the US still lacks comprehensive data protection legislation.

(DS)