WingNews logo WingNews
top | item 22205948

Carrier sales of phone-location data is illegal, FCC plans punishment

611 points| Stanleyc23 | 6 years ago |arstechnica.com

156 comments

order

stock_toaster|6 years ago

Presumably this only happened because the :

> lawmakers in November accused[1] the FCC of failing to protect consumers’ privacy, and said that major wireless carriers were disclosing real-time location to data compilers without consumers’ consent or knowledge. The information could be obtained by companies including bounty hunters, the lawmakers said in a letter.

> [1]: https://energycommerce.house.gov/sites/democrats.energycomme...

> -- as reported by Bloomburg

> https://www.bloomberg.com/news/articles/2020-01-31/wireless-...

The FCC really has become just a lobbying goat under Pai. Yikes.

taurath|6 years ago

> The FCC really has become just a lobbying goat under Pai. Yikes.

Who could’ve predicted that, given he was a lobbyist for Verizon.

adrr|6 years ago

Biggest industry affected is the banks. They’ll ping your phone location if you make out of area purchases as a part of fraud detection. If your bank doesn’t require travel notices, they are probably pulling mobile location. Some don’t, I know chase uses mobile app to determine location.

russdill|6 years ago

The saddest thing about this is that my bank no longer requires notification for international travel, but still does for travel within the US. I've had my card shut off for fraud a few times while traveling in the US. Once when I had almost no gas and was outside of cell service, thanks for that.

This is presumably due to all transactions outside of the US requiring chip, but those in the US only requiring swipe.

sjg007|6 years ago

This isn’t a carrier selling the data issue. In the mobile app case you install the app and authorize location tracking.

sizzle|6 years ago

They can just ping their banking app on your phone and estimate your geolocation via ip address. No network provider level snooping needed.

service_bus|6 years ago

I think you're confused. Banks aren't buying location information from carriers.

This has nothing to do with them being able to get your location from their app.

badrabbit|6 years ago

They'll ping your phone? Are you kidding me? You mean they'll look up records right, not a realtime query of device location? How is that legal?

underpand|6 years ago

Do banks actually buy location data from carriers?

gersh|6 years ago

I think they can just tell the zip code where you use the card.

dehrmann|6 years ago

Or, you know, hedge funds.

johnrgrace|6 years ago

I note that only REAL TIME location data is illegal, if I want to do most marketing things data from several days ago is perfectly usable.

charred_toast|6 years ago

Are there even laws anymore? It seems like the law only applies to non-corporate entities and citizens. If you're in politics, law enforcement, or the Fortune 500, expect zero consequences for breaking the law. Exceptions exist but aren't the rule.

anonymousiam|6 years ago

So it's okay for the carriers to provide the phone-location (and other metadata) to government entities without a warrant, but it's not okay to sell it commercially? I'd love to see a legal analysis of that argument.

munk-a|6 years ago

That is in no way contradictory. I disagree with it as much as you but there's lots of stuff the government does that you can't and this isn't anything new.

As a parallel statement:

> So it's okay for defense contractors to sell tanks to the government but not commercially? I'd love to see a legal analysis of that argument.

mark_l_watson|6 years ago

I am actually OK with that. I don’t believe the government is going to routinely misuse location data, confiscate my guns, ... etc. I don’t want corporations having my tracking data.

The government, Democrats and Republicans, basically do whatever corporations want, so this action is surprising and welcome.

tomc1985|6 years ago

Do you want the ambulance/police car dispatched for you as soon as the operator determines there is a problem, or wait for them to receive your location by you telling them? What about all the people that can't for some reason?

It's the only reason in my mind the government should have access to that info, and it's a damn good one

AuthorizedCust|6 years ago

> So it's okay for the carriers to provide the phone-location (and other metadata) to government entities without a warrant...

I don't see where the article addresses that point. While it has some resemblance, seems like a different issue covered by different parts of law.

lonelappde|6 years ago

Why make that leap? This is a new ruling.

Ask the FCC if they believe sharing to government is legal.

flattone|6 years ago

At the end of the day the government can do whatever it wants.

foota|6 years ago

I'm sure the same precedent will apply for telecoms injecting ads, right?

dv_dt|6 years ago

I bet someone bought location data for legislators and showed it to them.

PrivateRepo|6 years ago

What firms were sourcing this information?

sneak|6 years ago

The problem is that many private companies now have the historic data. Even if they don’t receive any more in the future, most people only ever go 3-5 places. Collect data for a few years and you have the majority of the population’s locations predicted most of the time for a decade or two.

thedirt0115|6 years ago

Is anything going to happen to the companies who bought the data? Is that also illegal?

paulmd|6 years ago

"one or more"

hint: it's all of them

kumarski|6 years ago

Some of the companies on this list could be hurt by this:

Alternativedata.org

dvduval|6 years ago

Does this increase the value of this data for Google?

jjohansson|6 years ago

That would be 3d chess move by Google.

nerpderp82|6 years ago

I think jailtime+fines should be the minimal remedy.

paulproteus|6 years ago

I've long believed that when companies do illegal things that would normally be punished by prison, the company should go to prison.

The company office would have to operate according to the same rules as a prison. Employees on arrival are security-checked the same way prisoners would be when they arrive for the first time. Rules about talking between cells, and device use, are the same as a prison. Once you get to your prison office, and you have your prison clothes on, you can work on paper.

I think this should be an existing prison. If a company wants to instead hire prison guards and do renovations to make their existing office work like a prison, I could be flexible to that.

Presumably all the employees would rather quit than work in prison. Sounds okay to me.

Presumably all investors would pressure the CEO to avoid getting the company put in prison because it would be a real productivity problem. Sounds okay to me.

KarlKemp|6 years ago

[deleted]

choward|6 years ago

Imagine someone time traveled here from 30 years ago first learning what cell phones are then seeing this headline. Why is this even debatable?

pinko|6 years ago

Boiling frog syndrome.

dd36|6 years ago

Toothless fines. Indict corporate officers or employees that did it... then you’ll get change.

Reelin|6 years ago

Unless they knowingly and intentionally broke criminal law, that's completely over the top and unnecessary.

Fines should presumably start small and have a graduated structure to prevent the "just a business expense" approach from becoming a viable one.

The current regulatory problems are due almost entirely (IMO) to lack of active enforcement; why care what the penalty is if you know it won't happen to you regardless?

KarlKemp|6 years ago

This is civil law, not criminal. Maybe criminal liability s needed, but it’s just not reality.

Also: beware what you wish for. Criminal law may allow your bloodlust to be satisfied. But it’s just as likely that the higher burden of proof it requires, and various other differences such as the 5th amendment, make prosecution difficult or impossible.

ska|6 years ago

Fines don't have to be toothless.

t-writescode|6 years ago

Depends on the size of the fine. GDPR fines theoretically hit plenty hard.

I think income-based fines are illegal under ‘cruel and unusual punishment’ though, in the United States, (not a lawyer), so maybe that won’t fly.

droithomme|6 years ago

Thank goodness for sanity!

Analemma_|6 years ago

I'll celebrate when the money from the fines is actually sitting in the Treasury account, and not a moment before. Pai is outrageously corrupt, is best friends with telecom CEOs, and with near-certainty will cave to requests to have these punishments reduced to next-to-nothing.

JohnFen|6 years ago

Yes. Particularly given that Pai's FCC has developed a bit of a habit of levying fines and then not bothering to actually collect them.

parvenu74|6 years ago

But Facebook, Google, Microsoft, et al are still free to sell phone location data acquired through apps (or Android itself in the case of Google), right? I wonder if there is any hope of laws to limit the ability of companies to sell this data...

londons_explore|6 years ago

It's time to differentiate selling "Bob is in Location X" from "Show this ad to all people at location X".

The first case is a far far bigger privacy concern to me, and seems to be what mobile networks were doing. Facebook, Google, and Microsoft are doing the latter.

prepend|6 years ago

Telcos are regulated carriers, facegoog are not. Maybe one day they will be.

veeralpatel979|6 years ago

These companies don't sell your data and it's not in their interest to do so.

Data is the cash cow that lets them sell ads. Why would they give away the cash cow and cut themselves, the middlemen, out of the picture?