AT&T Defends Selling User Location Data

On May 17, 2019, AT&T published a public letter addressing the sale of user location data.

The letter noted that selling location data of AT&T customers was technically legal because the data in question was not the type that the Federal Communications Commission (FCC) prohibits carriers from selling without consent.

The FCC is currently looking into the actions of AT&T, T-Mobile, Sprint and Verizon for this long-standing practice that has only become known to the public after press investigations.

In June 2018, all four carriers said that they would stop the practice after a security breach exposed that sensitive data.

Verizon was the first to say it would stop providing such data, only allowing data-sharing with roadside assistance providers. However, early in 2019, it was found that some third-party companies like Zumigo and Microbilt were still buying user info.

However, new information — location information acquired by black market bounty hunters — has come to light which significantly undermines the companies’ promises.

The companies have laid the blame on their partners for not handling the data appropriately by deleting it when required.

According to AT&T’s letter, the type of data — known as A-GPS — it has provided to third parties without user consent is not in violation of federal law.

As noted by Joan Marsh, AT&T’s VP of Regulatory and State External Affairs, “While A-GPS is certainly used by 911 dispatchers to assist in locating individuals in emergency situations, it is also an important feature commonly used by app developers to provide location services… Reports of purported improper use of A-GPS are incorrect.”

Regardless, AT&T has announced it stopped sharing location data with third-party services in March.

However, the FCC is continuing its investigation.

As Commissioner Jessica Rosenworcel notes, “I don’t recall consenting to this surveillance when I signed up for wireless service — and I bet neither do you. This is an issue that affects the privacy and security of every American with a wireless phone.”

CloudWedge