1 Year Later, FCC Finally Admits Wireless Carriers Broke The Law On Location Data
from the took-ya-long-enough dept
It only took a year of stonewalling, feet dragging, and dodging journalists’ questions, but the FCC has finally acknowledged that one or more wireless providers broke the law by collecting user location data–then selling access to that data to any nitwith with a nickel. In a letter (pdf) sent to Representative Frank Pallone last Friday, FCC boss Ajit Pai acknowledged for the first time that a year-long investigation into the wireless industry that the FCC has completed, concluding that yeah, one or several companies likely broke the law:
“I am writing to follow up on my letter of December 3, 2019 regarding the status of the FCC?s investigation into the disclosure of consumers? real-time location data. Fulfilling the commitment I made in that letter, I wish to inform you that the FCC?s Enforcement Bureau has completed its extensive investigation and that it has concluded that one or more wireless carriers apparently violated federal law.”
There had been some previous concerns among lawmakers that Pai had been trying to run out the clock to ensure carriers couldn’t be held accountable, but some dogged reporting from Joseph Cox appears to have thrown a wrench into the works. Pai also proceeded to note that fines are likely coming for one of several of the unnamed companies:
“in the coming days, I intend to circulate to my fellow Commissioners for their consideration one or more Notice(s) of Apparent Liability for Forfeiture in connection with the apparent violation(s).”
If you didn’t know, wireless carriers spent the last decade tracking your every movement, then selling access to that data to pretty much anybody. Not too surprisingly, the folks who bought that data — ranging from law enforcement to stalkers — abused the data in a universe of ways. Thanks in part to our brilliant decision to have absolutely no meaningful privacy laws for the internet era, and endless lobbying to ensure that companies — especially the telecom sector — face absolutely no penalty whatsoever for abusing the public trust for financial gain.
As a result, collecting your every waking online and offline movement and selling it to folks with few meaningful safeguards in place is considered acceptable and sexy, becoming the pastime of social media companies, app makers, and the telecom industry alike. But telecom specifically screwed up here by also selling access to even more accurate user 911 data, something more clearly in violation of the law and FCC policy. When the punishment drops, I’m guessing that 911 data collection winds up being the centerpiece of the FCC’s complaint, since it’s public safety related and harder to sweep under the rug.
The questions now are: who confirms wireless carriers actually stopped collecting this data? What happens to the data these carriers collected over the last decade? And how do we prevent this from simply happening again? Whatever FCC punishment gets doled out, I’d wager it probably fails to answer at one or several of these questions. It’s also a pretty solid bet based on US regulatory history that whatever fines are levied, even if deemed “historic” by the FCC and a dutiful press, wind up being a tiny, tiny fraction of what these companies made selling access to this data for a decade.
And while AT&T, Verizon, and T-Mobile all claim they’ve stopped selling this data, I’d wager a toe that’s not actually, technically true. One, they know full well nobody in this government will actually do the kind of deep audit required to actually check. Two, it would be fairly easy to just stop using the 911 data, rename all of your other location data projects, then bury them in layers of subsidiary and third-party deniability. There’s very little chance that these companies left billions of dollars on the table just because of some bad press and a belated, half-hearted inquiry by former Verizon lawyer Ajit Pai.