AT & T defended the sale of user placement data in a letter published today, saying that the practice was technically legal because it did not imply that the Federal Communications Commission prohibits sellers from selling without the user's consent. In spite of that defense, the company claims that over the last few months they have accelerated the plan to stop supplying such data, which again, AT&T would like to recall that everyone was not against the law.
The FCC investigates the telecom and co-operators T-Mobile, Sprint and Verizon for the long-standing practice that has only come to light after the press functions in the last couple of years. All four main operators claimed they would stop the exercise in June 201[ads1]8 after a security breach of vulnerable sensitive user data, but new disclosures about location information obtained by bounty hunters on the black market have undermined companies' promises.
Verizon was the first company to say that it would cease to provide such data to aggregators and would merely give it to road vendors. The other carriers followed similar provisions for law enforcement and emergency requests. But earlier this year it was discovered that the data was still made available to some third-party companies such as Zumigo and Microbilt, which were readily available by bounty hunters, Motherboards found. The airlines argued that the error lies with their partners not to properly handle the data and to delete it when necessary, and lawmakers have used increased pressure on the companies to follow through on the promise to act and terminate the agreements.
According to AT & T's letter, the type of data it has provided to third parties without the user's consent is not contrary to federal law, especially the use of data known as A-GPS. The company is based on this is a bit technical, and says that A-GPS data, which compiled the company's requirements for use of both emergency services and for GPS-based services such as horseback riding apps, is not under the same umbrella as the data that FCC prohibits carriers from. to sell or store data in the so-called National Emergency Address Database (NEAD). AT&T says the NEAD data can is more granular and can use Wi-Fi and Bluetooth data to identify door location, while A-GPS is more general.
"Although A-GPS is certainly used by 911 transmitters to help find people in emergencies, it is also an important feature often used by app developers to deliver local services. For example, using vehicle applications A-GPS to ensure the car is displayed in the right place. For these reasons, reports of allegedly incorrect use of A-GPS errors are reported. "AT & T writes Joan Marsh, AT & T's Executive Vice President of Regulatory and State External Affairs.
However, AT&T said it stopped sharing location data with third-party services and aggregators at the end of March. "Our contracts require all parties who have received AT&T customer location data for these schemes to delete that information and we verify that they have done so, subject to any of their retention obligations," concludes Marsh. The decision to discontinue the sale of such data is likely because, although AT & T may be technically correct in interpreting FCC rules, the sale of the data may still be in contravention of Section 222 of the Communications Act, as mentioned in Ars Technica . AT & T did not immediately respond to a request for comment.
AT & T's defense comes today because the FCC is struggling internally to obtain the survey. "The FCC has been completely silent on press releases that for a few hundred dollars shady middlemen can sell your position within a few hundred meters based on the data from your cell phone. That is unacceptable," writes Commissioner Jessica Rosenworcel, a democrat who has accused the Republican controlled FCC to withhold vital information about the progress of the agency's investigation.
"I do not remember the consent to this monitoring when I signed up for wireless service – nor do I want to. This is a problem that affects the privacy and security of all Americans with a cell phone," Rosenworcel said. shocked to think about what a black market for this data could mean in the hands of criminals, stalkers, and those who want to hurt us. I will continue to push this agency to publish what it knows about what happened. But I don't think consumers should be kept in the dark. That's why I make these letters today. "
T-Mobile, Sprint and Verizon were less defensive in letters also published by Rosenworcel today. Verizon says it stopped all sales of such data back to third parties in November 2018, and it closed its road signposts in March. T-Mobile says it took a similar action and announced the vendors last fall that it would end up with contracts with location-based service providers and do so in March.
Sprint, on the other hand, says it is about to end the contracts "In response to your questions. Sprint currently only uses one placement aggregate to give [location-based services] two public interest customers – a provider of directions to Sprint customers, and a vendor that facilitates compliance with state requirements for a state-funded lottery, "Sprint Privacy Manager Maureen Cooney wrote. "As of May 31, 2019, Sprint will no longer contract with any placement aggregators to deliver LBS. Sprint expects that after May 31, 2019, it can provide LBS services directly to customers such as those described above, but there are no fixed plans at present. "