{"id":33128,"date":"2020-02-04T00:56:47","date_gmt":"2020-02-04T00:56:47","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/your-mobile-network-broke-the-law-by-selling-location-data-and-may-be-fined-millions-or-maybe-not-shrugs-fcc\/"},"modified":"2020-02-04T00:56:47","modified_gmt":"2020-02-04T00:56:47","slug":"your-mobile-network-broke-the-law-by-selling-location-data-and-may-be-fined-millions-or-maybe-not-shrugs-fcc","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/your-mobile-network-broke-the-law-by-selling-location-data-and-may-be-fined-millions-or-maybe-not-shrugs-fcc\/","title":{"rendered":"Your mobile network broke the law by selling location data and may be fined millions… or maybe not, shrugs FCC"},"content":{"rendered":"

It\u2019s been nearly two years since it was first revealed that US cellular networks were selling real-time location data with inadequate safeguards. Late last week, after months of political pressure, the regulator in charge, the FCC, finally revealed the results of an investigation.<\/p>\n

\u201cI wish to inform you that the FCC\u2019s Enforcement Bureau has completed its extensive investigation,\u201d FCC chairman Ajit Pai informed<\/a> lawmakers who demanded to know<\/a> where the report was three months earlier. \u201cIt has concluded that one or more wireless carriers apparently violated federal law.\u201d<\/p>\n

Pai\u2019s statement went on: \u201cAccordingly, in the coming days, I intend to circulate to my fellow Commissioners for their consideration one or more Notice(s) of Apparent Liability for Forfeiture in connection with the apparent violation(s). We are unable to provide additional information about any pending enforcement action(s) beyond what is stated in the letter.\u201d<\/p>\n

If that seems unusual vague: that \u201cone or more\u201d mobile operators \u201capparently violated\u201d the law by selling location data, you\u2019re not the only one.<\/p>\n

The sale of location data<\/a> would, in any other era, have provoked outrage and determined federal action. But the FCC\u2019s response to revelations that bounty hunters were buying the real-time location of people for $100 through third-parties, contracted through third-parties with little or no oversight, has been almost complete silence.<\/p>\n

That inaction has only added to fears that FCC boss, and former Verizon executive, Pai is not only hesitant to take on the powerful companies that his office is supposed to oversee, but actively defends and supports the industry from behind the scenes.<\/p>\n

Third time lucky<\/span><\/h3>\n

The mobile operators were caught not once, not twice, but three times over the course of eight months selling location data without adequate privacy safeguards, despite promising each time to take corrective action.<\/p>\n

When caught for the third time, all four operators \u2013 AT&T, Sprint, T-Mobile US and Verizon \u2013 promised to stop the provision of location data to third parties altogether. But, notably, the promise is not binding and can be lifted at any time.<\/p>\n

The issue and the failure by both the mobile companies and the FCC to take it seriously is one factor behind a broader push for federal privacy legislation.<\/p>\n

But concerted pressure from lawmakers \u2013 who have sent repeated letters to the mobile operators and demanded answers in a series of Congressional hearings, has finally brought a promise of action from the federal regulator. It\u2019s still not clear what that response will be however and those pushing the FCC to investigate remain frustrated.<\/p>\n

The chair of the House Energy and Commerce Committee \u2013 which oversees the FCC \u2013 Frank Pallone (D-NJ) issued a statement: \u201cFollowing our longstanding calls to take action, the FCC finally informed the Committee today that one or more wireless carriers apparently violated federal privacy protections by turning a blind eye to the widespread disclosure of consumers\u2019 real-time location data. This is certainly a step in the right direction, but I\u2019ll be watching to make sure the FCC doesn\u2019t just let these lawbreakers off the hook with a slap on the wrist.\u201d<\/p>\n

For her part, Commissioner Rosenworcel put out a statement saying: \u201cFor more than a year, the FCC was silent after news reports alerted us that for just a few hundred dollars, shady middlemen could sell your location within a few hundred meters based on your wireless phone data.”<\/p>\n

“It\u2019s chilling to consider what a black market could do with this data. It puts the safety and privacy of every American with a wireless phone at risk. Today this agency finally announced that this was a violation of the law. Millions and millions of Americans use a wireless device every day and didn\u2019t sign up for or consent to this surveillance. It\u2019s a shame that it took so long for the FCC to reach a conclusion that was so obvious.\u201d<\/p>\n

In the dark<\/span><\/h3>\n

It\u2019s still not clear what the FCC will do. We spoke to both Pallone and Rosenworcel\u2019s offices and they both told The Register<\/em> they have no details beyond the statement made on Friday. As for the FCC itself, it has continued with its entirely unhelpful approach.<\/p>\n

We asked the FCC:<\/p>\n