By Sean Davis, National Consumers League
When you ask consumers about the kind of information that they’d like to keep private, location data is usually near the top of the list. That’s why Motherboard’s recent investigation into cell phone companies’ location data sharing services is so troubling.
In the sting, Motherboard reporters paid a bounty hunter $300 to locate a phone. The bounty hunter was able to find the phone without any hacking tools. Instead, he used real-time location data originally sourced from the phone’s wireless carrier.
Additional reporting revealed that approximately 250 bounty hunters and related companies had access to AT&T, T-Mobile, and Sprint customer location data. To put this in perspective, one bail bond firm admitted to utilizing phone location services at least 18,000 times, and other companies used the services thousands or tens of thousands of times.
These kinds of abuses are exactly what NCL and other public interest groups were worried about when we supported the Federal Communications Commission’s (FCC) 2016 broadband privacy rules. Those common-sense rules would have prohibited Internet service providers (ISPs) from sharing consumers’ location data and other types of sensitive information without their consent. In particular, NCL filed comments urging the FCC to create strong data security rules for ISPs.
When the FCC adopted its broadband privacy rules in October 2016, it was a victory for privacy and data security advocates. Unfortunately, those rules would be short-lived, thanks to Congress’ decision to use the Congressional Review Act (CRA) to overturn the rules in March 2017. By using the CRA to overturn the broadband privacy rules, Congress effectively precluded the FCC from ever passing “substantially similar” rules in the future.
The Motherboard investigation has not only sparked multiple responses calling for a more detailed investigation but also proves two important things: it has confirmed that ISPs have been irresponsible with consumers’ data and that broadband privacy rules are still needed.
House Energy & Commerce Committee Chairman Frank Pallone (D-NJ) wrote FCC Chairman Ajit Pai, asking him to provide an emergency briefing explaining what the FCC has done to address the broadband privacy issue. Incredibly, Chairman Pai declined. FCC Commissioner Geoffrey Starks commented on the recent findings saying, “the for-profit location data industry has flourished in the shadows without any government oversight.” Additionally, Motherboard’s revelations prompted calls from senators and FCC commissioners to investigate the cell phone companies’ data sharing practices. While investigations are a good start, real consumer privacy protections can only come through legislation. If you don’t think that cell phone companies should be allowed to sell your personal information without your permission, now is the time to call your Congressional representatives and tell them you want real broadband privacy protections.