Interesting People mailing list archives
Mobile Providers to Stop Selling Location Data After Scandal
From: "Dave Farber" <farber () gmail com>
Date: Wed, 20 Jun 2018 06:51:35 +0900
Begin forwarded message:
From: Hasan Diwan <hasan.diwan () gmail com> Date: June 20, 2018 at 4:56:41 AM GMT+9 To: "dave () farber net" <dave () farber net> Subject: Mobile Providers to Stop Selling Location Data After Scandal [for IP, should you choose] https://www.zdnet.com/article/senator-rebukes-carriers-sharing-real-time-location-data/ A senator has strongly criticized three of the US' largest cell carriers that have not promised to stop selling their customers' real-time location data to third party companies. Sen. Ron Wyden (D-OR) welcomed Verizon's move to end its agreements with data aggregators, including LocationSmart, which sold location data to a prison tech company that claimed to be able to track any cell phone in the US "within seconds." Senator wants to know how police can locate any phone in seconds without a warrant Real-time location data was accessible by police under "the legal equivalent of a pinky promise," said a senator. But the senator rebuked AT&T, T-Mobile, and Sprint for continuing the practice. "Verizon did the responsible thing and promptly announced it was cutting these companies off," said Wyden in a statementTuesday, following an investigation by his office. "In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to sell their customers' private information to these shady middle men, Americans' privacy be damned," he said. AT&T later said it was also cutting off access to third-parties. Sprint said it will "determine next steps" after its internal review is over. T-Mobile did not return a request for comment. Letters from the four cell giants were published Tuesday after Wyden demanded last month to know why millions of Americans' real-time location data was being shared with so-called aggregators, which manage data requests for customer data across the carriers. The phone giants say it's "common" to share data, such as when motorists are stranded or as part of workforce and fleet tracking, but said that customer data should have more tightly controlled. The carriers partnered with LocationSmart, which claimed it had "direct connections" to the cell giants' cache of location data. Aggregators could then share location data with their own customers. But the carriers found that one of LocationSmart's customers, 3Cinteractive, shared location data with another company, Securus, a prison technology company, which used the data in violation of the carriers' policies. Aggregators must obtain consent from the customer before their location data can be used, such as by sending a one-time text message or allowing a user to hit a button in an app. But The New York Times found that police and correctional officers could track anyone's location without their consent, because Securus turned over the data without verifying that a warrant had been obtained. The phone giants said they took "prompt steps to protect customer data and shut down" location data access to 3Cinteractive and Securus. A spokesperson for 3Cinteractive did not respond to a request for comment. LocationSmart said in a statement Tuesday that it was reviewing the letters from the carriers, and denied that it buys and sells location data. "The company does not warehouse or track a mobile user's historic identity and location information," said the company. The company said that it disabled Securus' access on May 10. "We continue to review all customer use to ensure compliance with LocationSmart's terms of user requiring user consent." But the phone giants remained vague on exactly how the companies obtained customers' consent to provide data to LocationSmart in the first place. ZDNet previously asked how each carrier obtains consent from their customers, but none offered concrete answers. Sprint hinted that its privacy policy allows the phone giant to share customers' personal data, "including location information," with third-parties. Verizon, in its letter to Wyden's office, also hinted that customers give their consent by agreeing to the company's privacy policy. Customers, unable to opt out of the phone giants' privacy policies, may be locked in to sharing their location data with aggregators. "I don't believe that there is anything consumers can do to opt-out of having their location data shared with third-parties like LocationSmart," said Stephanie Lacambra, staff attorney at the Electronic Frontier Foundation, in an email. LocationSmart was later forced to pull part of its website offline after a vulnerability allowed a security researcher to obtain real-time location data without obtaining consent from the user. Robert Xiao said that the company had "no security oversight" before the site served location data. LocationSmart said that "did not result in any customer information being obtained without their permission" beyond the researcher's queries. The Federal Communications Commission is investigating the website flaw. -- OpenPGP: https://sks-keyservers.net/pks/lookup?op=get&search=0xFEBAD7FFD041BBA1 If you wish to request my time, please do so using bit.ly/hd1AppointmentRequest. Si vous voudrais faire connnaisance, allez a bit.ly/hd1AppointmentRequest. Sent from my mobile device Envoye de mon portable
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180619175152:F7FDEEC6-740A-11E8-BC3B-839794F84B4B Powered by Listbox: http://www.listbox.com
Current thread:
- Mobile Providers to Stop Selling Location Data After Scandal Dave Farber (Jun 19)