Multiple class actions target US carriers over selling location data

Posted:
in iPhone
All four major U.S. carriers -- AT&T, T-Mobile, Verizon, and Sprint -- are facing proposed class action lawsuits over their selling of customer location data.

Apple Maps


The classes would cover all of the carriers' customers between 2015 and 2019, topping 300 million people, Ars Technica reported on Monday. The companies are accused of violating Section 222 of the U.S. Communications Act, which specifies that carriers can't use or share location data "without the express prior authorization of the customer." The defendants are further said to have violated their own privacy policies.

At the heart of the matter is a January 2019 report by Motherboard that found that through data brokers using carrier data, it was possible to pay a bounty hunter as little as $300 for help tracking down a smartphone -- and by extension, its owner. The carriers have since started winding down their sharing practices.

The carriers made similar promises to Sen. Ron Wyden (D-OR) in June 2018 however, following a scandal with a firm called Securus. That business was not only selling location data to police forces, but found itself the victim of a hack that resulted in hundreds of police officers having their logins stolen.

In fact Securus is referenced in all four of the new lawsuits, and three of them cite Motherboard.

AT&T is promising to "fight" its case, claiming the facts don't support the plaintiffs and that there are "clear and even life-saving benefits" to sharing location data in some instances, such as roadside assistance.

"We only share location data with customer consent. We stopped sharing location data with aggregators after reports of misuse," it added.

Sprint and T-Mobile have refused to comment beyond the former saying it's "reviewing the legal filing," and the latter reiterating that it "terminated all service provider access to location data as of Feb. 8." Verizon has yet to make a public statement.

The carriers are under growing pressure from the Federal Communications Commission, which recently asked for confirmation that they're fulfilling promises, and is < ahref="https://appleinsider.com/articles/19/03/26/us-ftc-orders-comcast-google-att-others-to-share-full-details-on-data-collection-practices">investigating both mobile and landline ISPs.

Comments

  • Reply 1 of 8
    22july201322july2013 Posts: 749member
    Even if the phone companies stopped selling your data, that wouldn't impact companies outside the US from selling that data. You ask, "How would companies outside the US know where I am?" You can read the answer by doing a web search for "SS7". The SS7 protocol by which all cell phones world-wide operate make it possible for any phone company outside the US to find where you are (if your cell phone is turned on, of course.) And they are legally allowed to operate, and they do sell location data online. https://en.wikipedia.org/wiki/Signalling_System_No._7 So I'm not really sure what the point is in getting US companies to stop selling your data. Here's a decent introduction to the topic: https://www.sans.org/reading-room/whitepapers/critical/fall-ss7-critical-security-controls-help-36225
    edited May 6
  • Reply 2 of 8
    dysamoriadysamoria Posts: 2,270member
    Prediction: if corporatocracy doesn’t win and throw the suit out of court, there will be a minor settlement, no wrongdoing admitted, most of the money will go to lawyers, and the carriers will add the appropriate “we may sell your location data” language to their non-negotiable contracts that no one reads nor can refuse (if they want cellular service).
    llama
  • Reply 3 of 8
    jhalmosjhalmos Posts: 10member
    How was this ever a thing they thought they could do? Stunning.
  • Reply 4 of 8
    22july201322july2013 Posts: 749member
    dysamoria said:
    Prediction: if corporatocracy doesn’t win and throw the suit out of court, there will be a minor settlement, no wrongdoing admitted, most of the money will go to lawyers, and the carriers will add the appropriate “we may sell your location data” language to their non-negotiable contracts that no one reads nor can refuse (if they want cellular service).
    The profit from being able to advertise "we don't sell your information" is probably a lot more than the profit from selling location data. Since, I presume, you would agree that these companies are greedy profit hunters, then you would have to agree that they will stop selling your location data.
  • Reply 5 of 8
    22july201322july2013 Posts: 749member
    jhalmos said:
    How was this ever a thing they thought they could do? Stunning.
    Because your location data isn't private! As I said above, anyone in the world can access your location data via the SS7 network. And that's not a bug, or a hack, that's a feature. That's how cell phones work. Your cell phone doesn't call the phone company to tell the company where it is, when you move from place to place, instead the phone company that's trying to call you issues a request on the SS7 network to get your location. Read my lips: ANYONE IN THE WORLD CAN ACCESS YOUR LOCATION AT ANY TIME.
  • Reply 6 of 8
    hentaiboyhentaiboy Posts: 992member
    jhalmos said:
    How was this ever a thing they thought they could do? Stunning.
    Read my lips: ANYONE IN THE WORLD CAN ACCESS YOUR LOCATION AT ANY TIME.
    So what's my location then?
  • Reply 7 of 8
    22july201322july2013 Posts: 749member
    hentaiboy said:
    jhalmos said:
    How was this ever a thing they thought they could do? Stunning.
    Read my lips: ANYONE IN THE WORLD CAN ACCESS YOUR LOCATION AT ANY TIME.
    So what's my location then?
    That's a fair question. Perhaps I didn't say this, but you have to have a person's cell phone number to be able to look up their location (although my para #2 below explains how to do it without a phone number). Sorry, I thought that was obvious. And also, most of the sites that permit this don't do it for free. I stated it my first post that you can PURCHASE a cell phone user's location on websites. Which means it's not free. So even if you gave me your cell number I'm not going to pay the fee to look you up. Also, in the US and Canada (and maybe the UK?), I believe it's against the law to sell these services to anyone in these countries. But in the rest of the world it's perfectly legal as far as I know. (I am not a lawyer.)

    However there's another way that doesn't require a fee or a phone number!!! If you text a web link of an image (using SMS or MMS) to someone's phone (having stored that image on a server that shows the IP addresses of all people who access it, and Google's image site allows this) you can then get the IP address and location of the user easily. There are videos of how to do this online, I'm sure you can look it up. I watched one today while researching my posts. In order to do this you will require either the phone number, or, I think for some services like iCloud, their email address is sufficient. Think about that - an iCloud-enabled email address (or a phone number) is enough to get someone's geographic location! Albeit they have to view your image for this to work. This also works on computers if you send the picture to someone via email and they open or preview the message. Here's a video with 4 million views explaining how to do this on Android but iOS would be virtually the same: 

    I appreciate that you are trying to understand. Most people don't have any clue how cell phones work behind the scenes. How do you think they work in this scenario: someone in Japan tries dialling your cell number in the USA, but your cell phone service provider is based in Canada and you are currently roaming in the USA. How does the Japanese cell phone company even know how/where to route the phone call? ANSWER: They send an SS7 signal to all cell phone companies in the WORLD (!) and the company that sees your signal (based on your SIM's number) reaching one if its cell towers sends a response telling them where you are (within a mile or so). At that point the Japanese company can start to route the call, if they want to route it at all. How else do you think it should work? >>> Explain how a phone call is routed around the world if there is no way to look up a user's location by their phone number.
    edited May 6
  • Reply 8 of 8
    habi000habi000 Posts: 9member
    hentaiboy said:
    jhalmos said:
    How was this ever a thing they thought they could do? Stunning.
    Read my lips: ANYONE IN THE WORLD CAN ACCESS YOUR LOCATION AT ANY TIME.
    So what's my location then?
    That's a fair question. Perhaps I didn't say this, but you have to have a person's cell phone number to be able to look up their location (although my para #2 below explains how to do it without a phone number). Sorry, I thought that was obvious. And also, most of the sites that permit this don't do it for free. I stated it my first post that you can PURCHASE a cell phone user's location on websites. Which means it's not free. So even if you gave me your cell number I'm not going to pay the fee to look you up. Also, in the US and Canada (and maybe the UK?), I believe it's against the law to sell these services to anyone in these countries. But in the rest of the world it's perfectly legal as far as I know. (I am not a lawyer.)

    However there's another way that doesn't require a fee or a phone number!!! If you text a web link of an image (using SMS or MMS) to someone's phone (having stored that image on a server that shows the IP addresses of all people who access it, and Google's image site allows this) you can then get the IP address and location of the user easily. There are videos of how to do this online, I'm sure you can look it up. I watched one today while researching my posts. In order to do this you will require either the phone number, or, I think for some services like iCloud, their email address is sufficient. Think about that - an iCloud-enabled email address (or a phone number) is enough to get someone's geographic location! Albeit they have to view your image for this to work. This also works on computers if you send the picture to someone via email and they open or preview the message. Here's a video with 4 million views explaining how to do this on Android but iOS would be virtually the same: 

    I appreciate that you are trying to understand. Most people don't have any clue how cell phones work behind the scenes. How do you think they work in this scenario: someone in Japan tries dialling your cell number in the USA, but your cell phone service provider is based in Canada and you are currently roaming in the USA. How does the Japanese cell phone company even know how/where to route the phone call? ANSWER: They send an SS7 signal to all cell phone companies in the WORLD (!) and the company that sees your signal (based on your SIM's number) reaching one if its cell towers sends a response telling them where you are (within a mile or so). At that point the Japanese company can start to route the call, if they want to route it at all. How else do you think it should work? >>> Explain how a phone call is routed around the world if there is no way to look up a user's location by their phone number.
    Um, to receive a call your (exact) location isnt needed. Only which tower you are connected to currently. This not equal to location. Triangulation is another completely different topic and gives sometimes about the same information that GPS data could give (but its not as good or incomplete if there is only 1-2 towers available. Anyways IP is not either equal to location (its more equal to area). If you think so please try to find your stolen phone on just a celltower ID or IP address LOL. This works only on the iphone on gps and maybe wifi nets on top of this (=triangulation from device to map). So phone can not get your location like the mobile operator does with its special software and is largly using GPS + some gimmics (like known wifi nets) .
Sign In or Register to comment.