Endpoint Security , Governance & Risk Management , Internet of Things Security
FCC: Wireless Carriers Violated Law by Sharing Location Data
Democrats Had Been Asking FCC for Investigation UpdatesA Federal Communications Commission investigation found that one or more U.S. wireless carriers violated federal law by selling consumer location data to third parties, according to a letter FCC Chairman Ajit Pai sent to congressional lawmakers.
See Also: Frost Radar™ on Healthcare IoT Security in the United States
In his letter sent Friday, Pai did not name the companies that violated federal law, and he did not specify which statute may have been broken when the carriers sold real-time location data.
The findings described in the letter came from an investigation the FCC launched after the New York Times in 2018 reported about how the biggest wireless carriers, including AT&T, Verizon and T-Mobile, were giving real-time location data to third-party companies.
Following these stories, Democratic members of the House Energy and Commerce Committee wrote to Pai to demand more details on FCC investigations into these practices as well as the agency’s efforts to enforce the Communications Act (see: Democrats Pose Phone Data Privacy Questions to FCC )
In his brief letter, Pai noted: "I wish to inform you that the FCC’s Enforcement Bureau has completed its extensive investigation and that it has concluded that one or more wireless carriers apparently violated federal law.”
Pai said he’d ask the full commission to consider issuing a "Notice of Apparent Liability for Forfeiture" - an official document that notes a company violated federal law – to one or more carriers.
It’s not yet clear whether the FCC, which has the power to issue civil monetary penalties, will, indeed, sanction one or more companies.
Democrats React
Following the release of the letter, several Democrats, including Frank Pallone Jr., D-N.J., the chairman of the House Energy and Commerce Committee, noted that the FCC’s action was welcome but should have been announced sooner.
Following our longstanding calls for action, @FCC finally informed @EnergyCommerce today that one or more wireless carriers apparently violated federal privacy laws by turning a blind eye to widespread disclosure of consumers’ real-time location data. https://t.co/6bhEFF8b2W
— Rep. Frank Pallone (@FrankPallone) January 31, 2020
In addition, Jessica Rosenworcel, a Democratic FCC commissioner, noted on Twitter: "Today the FCC says this violates the law. It never should have taken so long. It put the privacy and safety of everyone with a wireless phone at risk."
Privacy Concerns
In 2019, the FCC launched an investigation after 11 Democratic members of the House Energy and Commerce Committee accused the FCC of failing to enforce privacy provisions in the Communications Act following the New York Times report that several wireless carriers were giving real-time phone location data to third parties.
The Times reported that some wireless carriers were sharing customers' location data with Securus Technologies, a provider of phone services for prison inmates. Plus, some law enforcement officers and others were using other services that Securus provides to track U.S. citizens.
The Times also reported how third-party companies were using customers' personal information, including real-time location data, from these carriers without the consent of the users.
Accusing the FCC of inaction, the lawmakers urged the agency to do more to ensure that customer privacy is protected.
"These aggregators were then selling location-based services to a wide variety of companies, without the consent or knowledge of the affected customers," according to a 2019 letter from the Democrats to the FCC.
The lawmakers further requested that the agency take speedy disciplinary action against the carriers because the statute of limitations regarding these violations only lasts for a year.
Surge In Third-Party Breaches
The House Energy and Commerce Committee has held several hearings about consumer privacy and how companies use the data that they collect.
In November 2019, some House lawmakers pushed for a federal privacy law that would curb the ability of companies to collect data from American citizens without getting consent first (see: Bill Would Create a Federal Digital Privacy Agency ) The Online Privacy Act of 2019 is still being debated in the House and there is currently no companion bill in the Senate.