Mobile Providers to Stop Selling Location Data After Scandal

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Hasan Diwan <hasan.diwan () gmail com>
> Date: June 20, 2018 at 4:56:41 AM GMT+9
> To: "dave () farber net" <dave () farber net>
> Subject: Mobile Providers to Stop Selling Location Data After Scandal
>
> [for IP, should you choose]
> https://www.zdnet.com/article/senator-rebukes-carriers-sharing-real-time-location-data/
>
> A senator has strongly criticized three of the US' largest cell
> carriers that have not promised to stop selling their customers'
> real-time location data to third party companies.
>
> Sen. Ron Wyden (D-OR) welcomed Verizon's move to end its agreements
> with data aggregators, including LocationSmart, which sold location
> data to a prison tech company that claimed to be able to track any
> cell phone in the US "within seconds."
>
> Senator wants to know how police can locate any phone in seconds
> without a warrant
>
> Real-time location data was accessible by police under "the legal
> equivalent of a pinky promise," said a senator.
>
> But the senator rebuked AT&T, T-Mobile, and Sprint for continuing the practice.
>
> "Verizon did the responsible thing and promptly announced it was
> cutting these companies off," said Wyden in a statementTuesday,
> following an investigation by his office.
>
> "In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to
> sell their customers' private information to these shady middle men,
> Americans' privacy be damned," he said.
>
> AT&T later said it was also cutting off access to third-parties.
>
> Sprint said it will "determine next steps" after its internal review
> is over. T-Mobile did not return a request for comment.
>
> Letters from the four cell giants were published Tuesday after Wyden
> demanded last month to know why millions of Americans' real-time
> location data was being shared with so-called aggregators, which
> manage data requests for customer data across the carriers.
>
> The phone giants say it's "common" to share data, such as when
> motorists are stranded or as part of workforce and fleet tracking, but
> said that customer data should have more tightly controlled.
>
> The carriers partnered with LocationSmart, which claimed it had
> "direct connections" to the cell giants' cache of location data.
> Aggregators could then share location data with their own customers.
>
> But the carriers found that one of LocationSmart's customers,
> 3Cinteractive, shared location data with another company, Securus, a
> prison technology company, which used the data in violation of the
> carriers' policies.
>
> Aggregators must obtain consent from the customer before their
> location data can be used, such as by sending a one-time text message
> or allowing a user to hit a button in an app. But The New York Times
> found that police and correctional officers could track anyone's
> location without their consent, because Securus turned over the data
> without verifying that a warrant had been obtained.
>
> The phone giants said they took "prompt steps to protect customer data
> and shut down" location data access to 3Cinteractive and Securus.
>
> A spokesperson for 3Cinteractive did not respond to a request for comment.
>
> LocationSmart said in a statement Tuesday that it was reviewing the
> letters from the carriers, and denied that it buys and sells location
> data. "The company does not warehouse or track a mobile user's
> historic identity and location information," said the company.
>
> The company said that it disabled Securus' access on May 10. "We
> continue to review all customer use to ensure compliance with
> LocationSmart's terms of user requiring user consent."
>
> But the phone giants remained vague on exactly how the companies
> obtained customers' consent to provide data to LocationSmart in the
> first place.
>
> ZDNet previously asked how each carrier obtains consent from their
> customers, but none offered concrete answers.
>
> Sprint hinted that its privacy policy allows the phone giant to share
> customers' personal data, "including location information," with
> third-parties. Verizon, in its letter to Wyden's office, also hinted
> that customers give their consent by agreeing to the company's privacy
> policy.
>
> Customers, unable to opt out of the phone giants' privacy policies,
> may be locked in to sharing their location data with aggregators.
>
> "I don't believe that there is anything consumers can do to opt-out of
> having their location data shared with third-parties like
> LocationSmart," said Stephanie Lacambra, staff attorney at the
> Electronic Frontier Foundation, in an email.
>
> LocationSmart was later forced to pull part of its website offline
> after a vulnerability allowed a security researcher to obtain
> real-time location data without obtaining consent from the user.
>
> Robert Xiao said that the company had "no security oversight" before
> the site served location data.
>
> LocationSmart said that "did not result in any customer information
> being obtained without their permission" beyond the researcher's
> queries.
>
> The Federal Communications Commission is investigating the website flaw.
>
>
> -- 
> OpenPGP: https://sks-keyservers.net/pks/lookup?op=get&search=0xFEBAD7FFD041BBA1
> If you wish to request my time, please do so using bit.ly/hd1AppointmentRequest.
> Si vous voudrais faire connnaisance, allez a bit.ly/hd1AppointmentRequest.
>
> Sent from my mobile device
> Envoye de mon portable



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180619175152:F7FDEEC6-740A-11E8-BC3B-839794F84B4B
Powered by Listbox: http://www.listbox.com