Over the last three months, Motherboard’s Joseph Cox has produced an excellent series of articles on how the major mobile carriers have sold sensitive geolocation data to bounty hunters and others, including highly precise information designed for use with “Enhanced 911” (E911). As we pointed out last month when this news came to light, turning over this E911 data (called assisted GPS or A-GPS), exposing E911 data to third parties -- whether by accident or intentionally, or using it in any way except for 911 or other purposes required by law violates the rules the Federal Communications Commission adopted in 2015 to protect E911 data.
This week featured back-to-back privacy hearings on Capitol Hill to discuss principles for federal privacy legislation. With the one-year anniversary of the European Union’s General Data Protection Regulation implementation coming in May and the California Consumer Privacy Act taking effect in 2020, industry players that have fiercely lobbied against federal privacy legislation in years past are now suddenly calling on Congress to pass a comprehensive privacy bill this year. Here’s a quick look at what happened in each hearing and a few key takeaways.
More details have emerged from the Motherboard investigation into carriers selling their customers’ real-time location data, including assisted GPS (“A-GPS”) data intended only for emergency services. The reports are shocking and illustrate both a brazen disregard for consumer privacy on the part of the companies involved and the disturbing, unregulated behavior of the data brokerage industry. The Federal Communications Commission, led by Chairman Ajit Pai, needs to act immediately to enforce what appears to be a clear violation of the FCC’s rules against the selling of A-GPS data with third parties. In addition, Congress must pass comprehensive privacy legislation that forces the data broker industry out of the shadows and stops the persistent misuse of data at the expense of consumer privacy.
Last week, the New York Times reported that Facebook has decided to integrate the back-end infrastructures of its three fully-owned messaging products: Facebook Messenger, WhatsApp, and Instagram. At Public Knowledge, aware of the different nature, features, and conditions of use of these three services, we are carefully following the possible privacy and security and competition implications of this market-changing move.
On Tuesday, Motherboard published an article exposing the jaw-dropping ease of data collection and commercialization practices that can allow a stranger to find a cell phone’s location with just a phone number and $300. Motherboard’s investigation found that telecommunications companies, including T-Mobile, AT&T, and Sprint, would sell location data with an aggregator, which sold the data to MicroBilt, which then sold it to a Motherboard investigator for “dirt cheap.”