The FCC has finally stepped up and fined the four major U.S. carriers — AT&T, Sprint, Verizon, and T-Mobile — $200 million for selling real-time live customer locations to third-party resellers without user consent. Stepped up is a slight exaggeration because a small fine is more like the cost of doing business than any sort of deterrent. Yes, $200 million is a small fine when you consider how much data was sold and how much even the smallest of the Big Four carriers is actually worth.
Here's the gist of it all, in case you're not aware of what's going on: in 2018 it was discovered that all four U.S. carriers were selling live customer location data to third-party services like Zumigo or Microbilt (dubbed "shady" companies by privacy organizations). These companies then resold that same data to people like bounty hunters, used car salesmen, and debt collectors.
Your data is worth exactly $8.42 to your cell provider. That's bullshit.
To make matters worse, some of these clients would, in turn, resell the data again to private individuals. If I had an extra $300, I could buy information about where you are right now from the right person. Scary, right?
There was money to be made because it was perfectly legal for the carriers to sell you like you would sell your old sofa on Craigslist and because buying in bulk could get location data as cheap as $8.42 per customer. Paying $8.42 for something you can resell for $300 is too tempting for shady companies who are happy to exploit each and every one of us. Even our kids.
A fine is the right thing. Now up the amounts, please.
After a year of bickering (because that's what governments do best) we find out that the hammer is coming down and carriers are going to be fined. Too bad the fine is less than a slap on the wrist; $200 million to Verizon is like $10 you most of us, just Starbucks money.
What should have happened is carriers be forced to hand over every customer number that had information sold this way, and the fines split among them all. After the fines are increased to the level where it's a financial burden so carriers will think twice before they sell our data. And that's being gentle, because nobody wins if the carriers are driven out of business over this as they should be.
Nothing is sacred
I sound pretty passionate about this, I know. But I don't think I sound unreasonable.
That was our data. We have the right to expect it to be our private data. I take no issue with carriers being able to access our real-time location for legitimate reasons. The 911 system, or network diagnostics, or complying with a lawful warrant come to mind here. But doing it as a cash grab isn't something any of us agreed to, especially when it was done under the table.
Why bother trying to protect your data when your carrier sells you out?
Most smartphone users have and use a secure lock screen. Many take further measures and use 2FA or take advantage of granular access permissions for apps. We allow Google to collect so much data because it has proven how much it values the data itself and has always abided its side of the terms of service. And when some company or someone finds a way to exploit a thing like location data, Google makes changes to the way that data is retained and handled.
But when carriers can sell you out, why bother? We're not Holstein dairy cows that can be milked anytime a new way to make money is found. Our milk isn't free, and we're owed something for being used.