The FCC has finally stepped up and fined the four major U.S. carriers — AT&T, Sprint, Verizon, and T-Mobile — $200 million for selling real-time live customer locations to third-party resellers without user consent. Stepped up is a slight exaggeration because a small fine is more like the cost of doing business than any sort of deterrent. Yes, $200 million is a small fine when you consider how much data was sold and how much even the smallest of the Big Four carriers is actually worth.
Here's the gist of it all, in case you're not aware of what's going on: in 2018 it was discovered that all four U.S. carriers were selling live customer location data to third-party services like Zumigo or Microbilt (dubbed "shady" companies by privacy organizations). These companies then resold that same data to people like bounty hunters, used car salesmen, and debt collectors.
To make matters worse, some of these clients would, in turn, resell the data again to private individuals. If I had an extra $300, I could buy information about where you are right now from the right person. Scary, right?
There was money to be made because it was perfectly legal for the carriers to sell you like you would sell your old sofa on Craigslist and because buying in bulk could get location data as cheap as $8.42 per customer. Paying $8.42 for something you can resell for $300 is too tempting for shady companies who are happy to exploit each and every one of us. Even our kids.
After a year of bickering (because that's what governments do best) we find out that the hammer is coming down and carriers are going to be fined. Too bad the fine is less than a slap on the wrist; $200 million to Verizon is like $10 you most of us, just Starbucks money.
What should have happened is carriers be forced to hand over every customer number that had information sold this way, and the fines split among them all. After the fines are increased to the level where it's a financial burden so carriers will think twice before they sell our data. And that's being gentle, because nobody wins if the carriers are driven out of business over this as they should be.
Nothing is sacred
I sound pretty passionate about this, I know. But I don't think I sound unreasonable.
That was our data. We have the right to expect it to be our private data. I take no issue with carriers being able to access our real-time location for legitimate reasons. The 911 system, or network diagnostics, or complying with a lawful warrant come to mind here. But doing it as a cash grab isn't something any of us agreed to, especially when it was done under the table.
Most smartphone users have and use a secure lock screen. Many take further measures and use 2FA or take advantage of granular access permissions for apps. We allow Google to collect so much data because it has proven how much it values the data itself and has always abided its side of the terms of service. And when some company or someone finds a way to exploit a thing like location data, Google makes changes to the way that data is retained and handled.
But when carriers can sell you out, why bother? We're not Holstein dairy cows that can be milked anytime a new way to make money is found. Our milk isn't free, and we're owed something for being used.
I think your view is the right one. I'm sure a lot of money was made on the sale of location data . And who knows how it was used. Drug dealers looking for money. Angry ex's with crazy ideas. Nobody knows if it was exploited to a further extent . And that's the scary part. If the fines add up to a couple coffee per head of its customers. The big 4 should be ashamed. I'm in Canada and probably have the same thing happening here as well with the big three. The world we live in is easily tainted by those with money or the need for money . I have had my identity compromised because of a quote i sent out for a government building needed to do a background check so they requested a copy of my driver's license. Someone that had access to that used my company GST # and my info from my license to start applying for loans and lines of credit. And this was an offline event. That I still can't get clear of. Hard to prove I'm me sometimes. Imagine how dangerous it can become if they even know where you are.
No punishment at all... They must be laughing all the way to the bank...
'because nobody wins if the carriers are driven out of business over this as they should be' Better still, go after the CEO and company board members. Large personal fines or even jail time; that'll act as a credible deterrent without endangering the companies...
Agree, until corporate executives are held personally responsible the corporations can act with impunity...and they do.
When things like this happen we always look too blame someone like the CEO. The idea to sell the data probably came from low level management, these are regulated companies so the decision to sell our location data went through legal, compliance and risk review. The fact that this happened means it was the right decision. That's the problem. The challenge is how do we fix this. Fines don't work. I don't know the answer.
'went through legal review... the right choice' Obviously not, seeing as how they got a fine. In the end, the board members are responsible; that's why their wages are through the roof. Holding them personally responsible will ensure that grey areas are thoroughly investigated, and moral issues are actually considered. Nothing wrong with charging people further down the ladder either, if dodgy decisions have been made without the consent of the board...
Does this happen in other countries?
It's the same here in the UK.
Of course, but tighter legislation and a higher degree of public crucifixion usually results in fewer and less severe cases than in the States, where money talks proportionally louder...
Thanks Jerry this needed to be said.
ALL fines to corps should go to the peeps that are/were victimized.
Get the best of Android Central in in your inbox, every day!
Thank you for signing up to Android Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.