US carriers again vow to better control data access after pay-to-track scandal

Posted:
in iPhone
Major U.S. carriers have for a second time promised to better control data access after a site successfully tracked down a T-Mobile phone by paying a bounty hunter $300.

Apple iPhone XR


The bounty hunter found the phone by way of data from a third-party aggregator, Zumigo, Motherboard reported. Zumigo was providing access from carriers to a location-tracking service called Microbilt, which extended service to multiple industries.

Democratic Senators Kamala Harris and Mark Warner were quick to criticize carriers in response, as was FCC commissioner Jessica Rosenworcel, who suggested that her agency needs to investigate immediately.

Sprint told The Verge it doesn't "knowingly share personally identifiable geo-location information" except in response to legal demands, and claimed that Zumigo and Microbilt were violating its privacy policies.

"We took immediate action to ensure Microbilt no longer had access to Sprint location data, and have notified Zumigo that we are immediately terminating our contract," a spokesperson said.

A T-Mobile representative said that the carrier has "blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt," and is halting data access from third-party aggregators in general. In response to another Democrat, Sen. Ron Wyden, CEO John Legere said on Twitter that changes will take effect in March.

AT&T has so far gone without comment. Verizon said it had already canceled its arrangement with Zumigo and some other firms before the Motherboard story emerged, the exceptions being roadside assistance companies, which should still see their contracts end in the near future.

Last year all four of the major national carriers wrote letters to Wyden making similar pledges, following the aftermath of a scandal involving Securus. That firm was not only found to be selling precise location data to police forces, but also the victim of a hack that resulted in hundreds of police officers having their logins stolen. Securus was tapping into data from 3Cinteractive, which got its own data from LocationSmart. T-Mobile and Verizon acknowledged Zumigo as a partner as well.

Comments

  • Reply 1 of 11
    hodarhodar Posts: 277member
    Well, it seems like Verizon did the right thing, and cancelled the contract. Nice work, Verizon - you get to keep my business.
  • Reply 2 of 11
    gatorguygatorguy Posts: 20,918member
    hodar said:
    Well, it seems like Verizon did the right thing, and cancelled the contract. Nice work, Verizon - you get to keep my business.
    They canceled THAT contract. Don't assume there are not other "sharing" arrangements. Not that it matters since ALL the carriers were doing pretty much the same thing. 

    FWIW a report on another site learned for themselves (by simply asking!) that "your" location data could be purchased for less than $5.00 in bulk packages, iPhone or Android doesn't matter.

    No the decimal point in not misplaced. Really less than $5.
    muthuk_vanalingam
  • Reply 3 of 11
    sflocalsflocal Posts: 4,683member
    And why are carriers getting into contracts with these kind of companies in the first place?!
  • Reply 4 of 11
    MplsPMplsP Posts: 1,569member
    sflocal said:
    And why are carriers getting into contracts with these kind of companies in the first place?!
    $$$
    AppleExposed
  • Reply 5 of 11
    MplsPMplsP Posts: 1,569member
    gatorguy said:
    hodar said:
    Well, it seems like Verizon did the right thing, and cancelled the contract. Nice work, Verizon - you get to keep my business.
    They canceled THAT contract. Don't assume there are not other "sharing" arrangements. Not that it matters since ALL the carriers were doing pretty much the same thing. 

    FWIW a report on another site learned for themselves (by simply asking!) that "your" location data could be purchased for less than $5.00 in bulk packages, iPhone or Android doesn't matter.

    No the decimal point in not misplaced. Really less than $5.
    Exactly. This is yet another “sorry! We promise to be good now” response. Sorry - you companies have proven time and again that the only ‘ethics’ you understand are fines and regulations. 
    lostkiwimuthuk_vanalingamStrangeDays
  • Reply 6 of 11
    ceek74ceek74 Posts: 324member
    When someone starts tracking their execs phones their policies will change.
    lostkiwilibertyforallmacbear01
  • Reply 7 of 11
    AppleExposedAppleExposed Posts: 1,395unconfirmed, member
    More reason for Apple to become a carrier.
    libertyforallmacbear01
  • Reply 8 of 11
    jimh2jimh2 Posts: 160member
    They either knew what was going on with the data (being resold) or employ the worst lawyers. I find it hard to believe that any purchase contract for the phone data would allow for the reselling of it. I don't see this as being any different from a rental of anything. They rarely allow for the rented item to be rented out to a 3rd party unless the contract explicitly allows for that type of use. 

    I don't trust the phone and cable companies at all. Just when you think they have bottomed out they take it a step lower. My biggest concern is being able to get raw internet access in the future. I see those companies clamping down on unfettered access especially as their cable TV model falls by the wayside and consumers buy direct. They will not go down without a fight and may use Internet access to slow us down.
    tony411la
  • Reply 9 of 11
    davgregdavgreg Posts: 429member
    When the internet and the cell phone became reality we needed a thoughtful and timely review of privacy laws and rights here in the US. No level of government to my knowledge ever did such a thing and a Wild West has ensued. Pandora has been out of the box for a very long time.

    Not sure if we can put the genie back into the bottle, but she did not have to get out in the first place.
    n2itivguy
  • Reply 10 of 11
    macguimacgui Posts: 1,374member
    There is no assurance of responsibility for safeguarding data without liability of failing to do so.
    macbear01
  • Reply 11 of 11
    linkmanlinkman Posts: 924member
    There is simply no end to these sorts of privacy intrusions. Each time a company/entity gets caught it's the same thing; sorry [you caught us again], we promise to do better and won't do it again [you're all suckers if you believe that because we make way too much money doing this compared to any penalties]. A partial list:

    * Carrier IQ
    * Google "Wi-spy"
    * Android cell tower data-collecting
    * Google+ cookie tracking
    European Commission fined Facebook $122 million for misleading WhatsApp users about its data sharing with Facebook
    Belgian courts have twice ruled that Facebook’s use of cookies violates European privacy laws
    * Google and several other advertising agencies bypassed the default privacy settings which allowed it to track the online behavior of iOS users browsing in Safari [Google halted the practice once it was reported by the Wall Street Journal]
    * Stingray fake cell phone towers
    * PRISM
Sign In or Register to comment.