Verizon has agreed to stop selling customers' real-time location data to third-party data brokers after serious concerns were raised over user privacy and security. The US carrier's move was praised by Senator Ron Wyden, who also took the opportunity to slam its three other competitors - At&T, T-Mobile and Sprint - for not following suit as well.
“Verizon has notified these location aggregators that it intends to terminate their ability to access and use our customers’ location data as soon as possible,” Karen Zacharia, Verizon’s chief privacy officer, said in a statement. “We recognize that location information can provide many pro-consumer benefits. But our review of our location aggregator program has led to a number of internal questions about how best to protect our customers’ data.”
“We will not enter into new location aggregation arrangements unless and until we are comfortable that we can adequately protect our customers’ location data through technological advancements and/or other practices,” she said.
Following Verizon’s footsteps
“Verizon deserves credit for taking quick action to protect its customers’ privacy and security,” Wyden said in a statement. “After my investigation and follow-up reports revealed that middlemen are selling Americans’ location to the highest bidder without their consent, or making it available on insecure web portals, Verizon did the responsible thing and promptly announced it was cutting these companies off.
“In contrast, AT&T, T-Mobile, and Sprint seem content to continue to sell their customers’ private information to these shady middle men, Americans’ privacy be damned.”
Shortly after Wyden’s statements, AT&T and Sprint also committed to shut down their customers’ data access to third parties.
"We will be ending our work with aggregators for these services as soon as practical in a way that preserves important, potential lifesaving services like emergency roadside assistance," a spokesperson for AT&T said, ZDNet reported.
"This will take some time in order to unwind services to consumers, such as roadside assistance and fraud prevention services," Sprint said.
Hours after the two companies announced their move, T-Mobile CEO John Legere tweeted that his company would not sell customer data to “shady middlemen” either.
Serious privacy concerns
The decision made by four of the largest and most powerful carriers in the US came after the revelation that Securus - a previously unknown data firm - had abused its data sharing deal with AT&T and Verizon to sell an unauthorised service.
Securus’ service was targeted at US law enforcement authorities, allowing police departments to access the real-time location data of any customer that used one of the four major network providers, cybersecurity journalist Brian Krebs reported.
“We now understand that, despite AT&T’s requirements to obtain customer consent, Securus did not in fact obtain customer consent before collecting customers’ location information for its on-demand service,” said Timothy P. McKone, executive vice president of federal relations at AT&T, Krebs reported. “Instead, Securus evidently relied upon law enforcement’s representation that it had appropriate legal authority to obtain customer location data, such as a warrant, court order, or other authorizing document as a proxy for customer consent.”