The FCC has now reached out to AT&T via a publicly-available letter in a renewed bid to determine exactly what actions the carrier is taking to safeguard customer location data. Specifically, the commission is asking the service provider for an exact date when AT&T stopped selling its customers’ location data to aggregators, which unintentionally led to the data becoming available to bounty hunters and others earlier this year.
The FCC is also demanding a timeframe for when the company ended agreements to sell more accurate assisted or augmented GPS data.
Problems of secrecy, bounty hunters, and data farming
The request from the commission follows investigative reports from earlier this year lambasting the company and its competitor T-Mobile for selling data that eventually wound up in the wrong hands. Since the reports broke, the FCC has made repeated calls for carriers to end the practice of selling data and commission chairman Ajit Pai was initially scheduled to brief Congress on the matter before backing out — citing the then-ongoing government shutdown.
AT&T and T-Mobile weren’t the only carriers caught up in the mess either, with both Verizon and Sprint later coming forward to say they’d be ending contracts with aggregators. AT&T and T-Mobile ended theirs following the report and the former is supposed to have stopped the practice as of some time in March.
Through the faulty chain of selling and resells the data, users’ privacy was available to “hundreds” of bounty hunters and just about anybody else willing to shell out money for access. At issue here is the fact that end users and wireless provider customers did not give consent for their data to be sold and weren’t aware that the policies allowing that were in place.
Since even data that’s meant to be anonymous can be linked to other data to discover the identity of users, the FCC, via its letter, is also seeking to determine whether or not AT&T’s policies permitted aggregators or any other third-parties to save and store the location data that was being given to them. The commission wants to know what steps are being taken to safeguard against that practice and to ensure that those third-parties are deleting shared data.
More generally, AT&T is being asked to provide details for the public about how much of their location data is being stored and saved.
The bigger picture
While data aggregation has resulted in some positive outcomes in the past, it has also been a point of contention for consumers over the past several years. Predominantly that use has involved felony crimes being solved using location data obtained by the proper channels but it is cause for concern.
Selling data is a different matter entirely and even has Google worried but carriers aren’t the only culprit and companies such as Google are all but complicit.
The search giant did reportedly demand that its partner networks, which form the backbone of its own Google Fi carrier services, put an end to their ties with aggregators and data selling practices. It also stopped short of taking any real action and has been involved in a widening scope of cases where law enforcement agencies have successfully obtained and used location data.
The use of data by law enforcement and by third-party companies may seem to be separate but the letter from the FCC could help address both.
By demanding that AT&T provide more detailed accounts for how it is storing data and what data is being stored, the public should be able to gain a greater understanding of the process behind the practice. That includes a better understanding of how the data is being used across a much wider array of circumstances than just how it’s been sold to other companies.