US carriers again vow to better control data access after pay-to-track scandal
Major U.S. carriers have for a second time promised to better control data access after a site successfully tracked down a T-Mobile phone by paying a bounty hunter $300.
The bounty hunter found the phone by way of data from a third-party aggregator, Zumigo, Motherboard reported. Zumigo was providing access from carriers to a location-tracking service called Microbilt, which extended service to multiple industries.
Democratic Senators Kamala Harris and Mark Warner were quick to criticize carriers in response, as was FCC commissioner Jessica Rosenworcel, who suggested that her agency needs to investigate immediately.
Sprint told The Verge it doesn't "knowingly share personally identifiable geo-location information" except in response to legal demands, and claimed that Zumigo and Microbilt were violating its privacy policies.
"We took immediate action to ensure Microbilt no longer had access to Sprint location data, and have notified Zumigo that we are immediately terminating our contract," a spokesperson said.
A T-Mobile representative said that the carrier has "blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt," and is halting data access from third-party aggregators in general. In response to another Democrat, Sen. Ron Wyden, CEO John Legere said on Twitter that changes will take effect in March.
AT&T has so far gone without comment. Verizon said it had already canceled its arrangement with Zumigo and some other firms before the Motherboard story emerged, the exceptions being roadside assistance companies, which should still see their contracts end in the near future.
Last year all four of the major national carriers wrote letters to Wyden making similar pledges, following the aftermath of a scandal involving Securus. That firm was not only found to be selling precise location data to police forces, but also the victim of a hack that resulted in hundreds of police officers having their logins stolen. Securus was tapping into data from 3Cinteractive, which got its own data from LocationSmart. T-Mobile and Verizon acknowledged Zumigo as a partner as well.
The bounty hunter found the phone by way of data from a third-party aggregator, Zumigo, Motherboard reported. Zumigo was providing access from carriers to a location-tracking service called Microbilt, which extended service to multiple industries.
Democratic Senators Kamala Harris and Mark Warner were quick to criticize carriers in response, as was FCC commissioner Jessica Rosenworcel, who suggested that her agency needs to investigate immediately.
Sprint told The Verge it doesn't "knowingly share personally identifiable geo-location information" except in response to legal demands, and claimed that Zumigo and Microbilt were violating its privacy policies.
"We took immediate action to ensure Microbilt no longer had access to Sprint location data, and have notified Zumigo that we are immediately terminating our contract," a spokesperson said.
A T-Mobile representative said that the carrier has "blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt," and is halting data access from third-party aggregators in general. In response to another Democrat, Sen. Ron Wyden, CEO John Legere said on Twitter that changes will take effect in March.
AT&T has so far gone without comment. Verizon said it had already canceled its arrangement with Zumigo and some other firms before the Motherboard story emerged, the exceptions being roadside assistance companies, which should still see their contracts end in the near future.
Last year all four of the major national carriers wrote letters to Wyden making similar pledges, following the aftermath of a scandal involving Securus. That firm was not only found to be selling precise location data to police forces, but also the victim of a hack that resulted in hundreds of police officers having their logins stolen. Securus was tapping into data from 3Cinteractive, which got its own data from LocationSmart. T-Mobile and Verizon acknowledged Zumigo as a partner as well.
Comments
FWIW a report on another site learned for themselves (by simply asking!) that "your" location data could be purchased for less than $5.00 in bulk packages, iPhone or Android doesn't matter.
No the decimal point in not misplaced. Really less than $5.
I don't trust the phone and cable companies at all. Just when you think they have bottomed out they take it a step lower. My biggest concern is being able to get raw internet access in the future. I see those companies clamping down on unfettered access especially as their cable TV model falls by the wayside and consumers buy direct. They will not go down without a fight and may use Internet access to slow us down.
Not sure if we can put the genie back into the bottle, but she did not have to get out in the first place.
* Carrier IQ
* Google "Wi-spy"
* Android cell tower data-collecting
* Google+ cookie tracking
* European Commission fined Facebook $122 million for misleading WhatsApp users about its data sharing with Facebook
* Belgian courts have twice ruled that Facebook’s use of cookies violates European privacy laws
* Google and several other advertising agencies bypassed the default privacy settings which allowed it to track the online behavior of iOS users browsing in Safari [Google halted the practice once it was reported by the Wall Street Journal]
* Stingray fake cell phone towers
* PRISM