Multiple class actions target US carriers over selling location data
All four major U.S. carriers -- AT&T, T-Mobile, Verizon, and Sprint -- are facing proposed class action lawsuits over their selling of customer location data.
The classes would cover all of the carriers' customers between 2015 and 2019, topping 300 million people, Ars Technica reported on Monday. The companies are accused of violating Section 222 of the U.S. Communications Act, which specifies that carriers can't use or share location data "without the express prior authorization of the customer." The defendants are further said to have violated their own privacy policies.
At the heart of the matter is a January 2019 report by Motherboard that found that through data brokers using carrier data, it was possible to pay a bounty hunter as little as $300 for help tracking down a smartphone -- and by extension, its owner. The carriers have since started winding down their sharing practices.
The carriers made similar promises to Sen. Ron Wyden (D-OR) in June 2018 however, following a scandal with a firm called Securus. That business was not only selling location data to police forces, but found itself the victim of a hack that resulted in hundreds of police officers having their logins stolen.
In fact Securus is referenced in all four of the new lawsuits, and three of them cite Motherboard.
AT&T is promising to "fight" its case, claiming the facts don't support the plaintiffs and that there are "clear and even life-saving benefits" to sharing location data in some instances, such as roadside assistance.
"We only share location data with customer consent. We stopped sharing location data with aggregators after reports of misuse," it added.
Sprint and T-Mobile have refused to comment beyond the former saying it's "reviewing the legal filing," and the latter reiterating that it "terminated all service provider access to location data as of Feb. 8." Verizon has yet to make a public statement.
The carriers are under growing pressure from the Federal Communications Commission, which recently asked for confirmation that they're fulfilling promises, and is < ahref="https://appleinsider.com/articles/19/03/26/us-ftc-orders-comcast-google-att-others-to-share-full-details-on-data-collection-practices">investigating both mobile and landline ISPs.
The classes would cover all of the carriers' customers between 2015 and 2019, topping 300 million people, Ars Technica reported on Monday. The companies are accused of violating Section 222 of the U.S. Communications Act, which specifies that carriers can't use or share location data "without the express prior authorization of the customer." The defendants are further said to have violated their own privacy policies.
At the heart of the matter is a January 2019 report by Motherboard that found that through data brokers using carrier data, it was possible to pay a bounty hunter as little as $300 for help tracking down a smartphone -- and by extension, its owner. The carriers have since started winding down their sharing practices.
The carriers made similar promises to Sen. Ron Wyden (D-OR) in June 2018 however, following a scandal with a firm called Securus. That business was not only selling location data to police forces, but found itself the victim of a hack that resulted in hundreds of police officers having their logins stolen.
In fact Securus is referenced in all four of the new lawsuits, and three of them cite Motherboard.
AT&T is promising to "fight" its case, claiming the facts don't support the plaintiffs and that there are "clear and even life-saving benefits" to sharing location data in some instances, such as roadside assistance.
"We only share location data with customer consent. We stopped sharing location data with aggregators after reports of misuse," it added.
Sprint and T-Mobile have refused to comment beyond the former saying it's "reviewing the legal filing," and the latter reiterating that it "terminated all service provider access to location data as of Feb. 8." Verizon has yet to make a public statement.
The carriers are under growing pressure from the Federal Communications Commission, which recently asked for confirmation that they're fulfilling promises, and is < ahref="https://appleinsider.com/articles/19/03/26/us-ftc-orders-comcast-google-att-others-to-share-full-details-on-data-collection-practices">investigating both mobile and landline ISPs.
Comments
However there's another way that doesn't require a fee or a phone number!!! If you text a web link of an image (using SMS or MMS) to someone's phone (having stored that image on a server that shows the IP addresses of all people who access it, and Google's image site allows this) you can then get the IP address and location of the user easily. There are videos of how to do this online, I'm sure you can look it up. I watched one today while researching my posts. In order to do this you will require either the phone number, or, I think for some services like iCloud, their email address is sufficient. Think about that - an iCloud-enabled email address (or a phone number) is enough to get someone's geographic location! Albeit they have to view your image for this to work. This also works on computers if you send the picture to someone via email and they open or preview the message. Here's a video with 4 million views explaining how to do this on Android but iOS would be virtually the same:
I appreciate that you are trying to understand. Most people don't have any clue how cell phones work behind the scenes. How do you think they work in this scenario: someone in Japan tries dialling your cell number in the USA, but your cell phone service provider is based in Canada and you are currently roaming in the USA. How does the Japanese cell phone company even know how/where to route the phone call? ANSWER: They send an SS7 signal to all cell phone companies in the WORLD (!) and the company that sees your signal (based on your SIM's number) reaching one if its cell towers sends a response telling them where you are (within a mile or so). At that point the Japanese company can start to route the call, if they want to route it at all. How else do you think it should work? >>> Explain how a phone call is routed around the world if there is no way to look up a user's location by their phone number.