More details have emerged from the Motherboard investigation into carriers selling their customers’ real-time location data, including assisted GPS (“A-GPS”) data intended only for emergency services. The reports are shocking and illustrate both a brazen disregard for consumer privacy on the part of the companies involved and the disturbing, unregulated behavior of the data brokerage industry. The Federal Communications Commission, led by Chairman Ajit Pai, needs to act immediately to enforce what appears to be a clear violation of the FCC’s rules against the selling of A-GPS data with third parties. In addition, Congress must pass comprehensive privacy legislation that forces the data broker industry out of the shadows and stops the persistent misuse of data at the expense of consumer privacy.
Last week, the New York Times reported that Facebook has decided to integrate the back-end infrastructures of its three fully-owned messaging products: Facebook Messenger, WhatsApp, and Instagram. At Public Knowledge, aware of the different nature, features, and conditions of use of these three services, we are carefully following the possible privacy and security and competition implications of this market-changing move.
On Tuesday, Motherboard published an article exposing the jaw-dropping ease of data collection and commercialization practices that can allow a stranger to find a cell phone’s location with just a phone number and $300. Motherboard’s investigation found that telecommunications companies, including T-Mobile, AT&T, and Sprint, would sell location data with an aggregator, which sold the data to MicroBilt, which then sold it to a Motherboard investigator for “dirt cheap.”
Ever since the Facebook/Cambridge Analytica story broke, privacy has been the talk of the town in Washington, DC, and conventional wisdom is that Congress will begin debating comprehensive privacy legislation in earnest in 2019. In preparation, members of Congress are starting to drop their message bills and discussion drafts. Public Knowledge has evaluated each of the proposals so far, and we offer our initial take here.
It seems almost every week there are new revelations about Facebook’s data use and sharing policies. The Federal Trade Commission is currently investigating Facebook for a potential consent decree violation related to the release of user data to Cambridge Analytica. The new allegations of data misuse in the New York Times this week may also be a violation of the consent decree. They are at least worthy of FTC investigation. And the cache of previously sealed litigation documents published by a British Member of Parliament earlier this month seem to indicate that Facebook may have been strategically withholding this valuable data from “strategic competitors” such as upstart Vine. Taken together, the two stories paint a frightening picture. Was Facebook granting access to private user data to cement its market position, offering it up to the powerful and wielding it as a cudgel against potential competitors? At the close of the current investigation, the FTC should demand remedies that protect users’ privacy while encouraging competition on the Facebook platform and against Facebook itself.