In a published letter by FCC Chairman Ajit Pai, the Federal Communications Commission will be punishing more than one mobile network operators who broke U.S. law by selling customers’ real-time location data.
“I am committed to ensuring that all entities subject to our jurisdiction comply with the Communications Act and the FCC’s rules, including those that protect consumers’ sensitive information, such as real-time location data,” Pai wrote in a letter to members of Congress who asked for an update on the probe. “Accordingly, in the coming days, I intend to circulate to my fellow Commissioners for their consideration one or more Notice(s) of Apparent Liability for Forfeiture in connection with the apparent violation(s).”
The carriers could fight the FCC’s notices in an attempt to avoid punishment. AT&T has claimed that selling location data wasn’t illegal.
Members of Congress responded to Pai’s letter with a mix of frustration, relief, and a bit of distrust. In particular, Democratic FCC Commissioner Jessica Rosenworcel had repeatedly called on Pai to reveal details of the investigation. In a statement, Rosenworcel said:
“For more than a year, the FCC was silent after news reports alerted us that for just a few hundred dollars, shady middlemen could sell your location within a few hundred meters based on your wireless phone data. It’s chilling to consider what a black market could do with this data. It puts the safety and privacy of every American with a wireless phone at risk.
“Today this agency finally announced that this was a violation of the law. Millions and millions of Americans use a wireless device every day and didn’t sign up for or consent to this surveillance. It’s a shame that it took so long for the FCC to reach a conclusion that was so obvious.”
According to Ars Technica, House Commerce Committee Chairman Frank Pallone, Jr. (D-N.J.) said that Pai’s response “is a step in the right direction, but I’ll be watching to make sure the FCC doesn’t just let these lawbreakers off the hook with a slap on the wrist.”
The revelation that four major wireless network providers (Verizon, AT&T, T-Mobile, and Sprint) were selling location-data was publicized in 2018. All companies stated they would stop selling their mobile customers’ location data to third-party data brokers but an investigation by Motherboard in January 2019 found that “T-Mobile, Sprint, and AT&T are [still] selling access to their customers’ location data and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.”
All carriers later confirmed to the FCC that they had stopped their data-selling programs.
The letter from FCC Chairman Pai did not state exactly which federal law the carriers broke, but it is most likely Section 222 of the Communications Act, which states that carriers cannot use or disclose location information “without the express prior authorization of the customer.”