Published: Fri, June 22, 2018
Electronics | By Shannon Stone

Wyden: Verizon to stop selling customers' location

Wyden: Verizon to stop selling customers' location

"Verizon did the responsible thing and promptly announced it was cutting these companies off", Wyden said in a statement.

The extent of carrier location sharing was made clear by a recent case in Missouri, which involved a former sheriff in Missouri using a system supplied by Securus Technologies to track the cellphones of other individuals, including some of his deputies.

Analyst Rich Mogull of Arizona-based Securosis LLC said telecom providers track and sell location data as a matter of course, with a wide range of businesses including Google extensively attempting to compile location datasets on consumers.

In a letter to Oregon Democratic Senator Ron Wyden, the company said roughly 75 third-parties had gotten their hands on customer data via two separate companies, reports the Associated Press. The data reveals the location of subscribers using a wireless device, and without their permission, the information is sold to data brokers who sell access to the data.

In May, Wyden asked the FCC to investigate the "abusive and potentially unlawful practices" of cell phone companies selling access to customers' real-time location.

Verizon's decision does not mean that the company will suspend all uses of customer data.

A Securus spokesman said the company was authorized to give law enforcement the location of a phone in certain circumstances, under Securus' contract with the third party data aggregator.

But once that data is readily available and people are willing to pay... Verizon told Wyden that not only had it suspended Securus' access to its customer location data, it had also chose to end its arrangements with LocationSmart and Zumigo.

Nor can the other carriers, she said. Following Wyden's letter, security researcher Brian Krebs revealed that LocationSmart was leaking the real-time data "to anyone via a buggy component of its Web site - without the need for any password or other form of authentication or authorization".

Sprint hinted that its privacy policy allows the phone giant to share customers' personal data, "including location information" with third-parties.

Location data from Verizon and other carriers makes it possible to identify the whereabouts of almost any phone in the US within seconds. It was, after all, the abuse of this data that sparked the letters in the first place.

On its website, LocationSmart claims it is the No. 1 "location-as-a-service" provider with data from every top tier USA wireless carrier and more than 200 enterprise customers.

"Verizon deserves credit for taking quick action to protect its customers' privacy and security", Wyden said in a news release.

"In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to sell their customers' private information to these shady middle men, Americans' privacy be damned", he said. Wyden called on FCC Chairman Ajit Pai, who represented Securus in 2012, to recuse himself from the investigation.

Wyden didn't mince words over the controversial FCC chief. "The company does not warehouse or track a mobile user's historic identity and location information", said the company.

Like this: