Verizon, AT&T, Sprint to Cut Off Data Providers After Customer Locations Were Revealed -- 3rd Update
June 19 2018 - 5:10PM
Dow Jones News
By Drew FitzGerald and Sarah Krouse
Verizon Communications Inc., AT&T Inc. and Sprint Corp.
pledged to stop sharing customer locations with two data brokers
after at least one company revealed individuals' whereabouts
without their consent.
Verizon said it would wind down data-sharing agreements with
LocationSmart and Zumigo Inc., which buy the location data from
major U.S. carriers and allow other businesses to access the
information for everything from marketing nearby shops to
preventing credit-card fraud.
"We will not enter into new location aggregation arrangements
unless and until we are comfortable that we can adequately protect
our customers' location data," Verizon privacy chief Karen Zacharia
wrote in a June 15 letter to Sen. Ron Wyden (D., Ore.), who wrote
all four national wireless operators last month asking them about
their privacy practices.
Ending those partnerships will take several weeks to a couple of
months, a Verizon spokesman said Tuesday.
In a statement Tuesday, AT&T said it "will be ending our
work with aggregators for these services as soon as practical in a
way that preserves important, potential lifesaving services like
emergency roadside assistance."
Sprint "suspended all services with LocationSmart" last month
and "is beginning the process of terminating its current contracts
with data aggregators to whom we provide location data." A
spokeswoman said that effort "will take some time in order to
unwind services to consumers, such as roadside assistance and fraud
prevention services."
The U.S. phone carriers are the latest corporate giants
promising to improve their privacy standards after embarrassing
revelations about their handling of customer data. Facebook Inc.
continues to face questions from government authorities in several
countries after the social network revealed that data firm
Cambridge Analytica obtained data on as many as 87 million of its
users without the company's permission.
LocationSmart and Zumigo have contracts with the four U.S.
wireless companies that allow them to pull cellphone users'
locations in real time and share them with other businesses. For
example, the carriers say truck rental firms use the data to better
assist customers on the road and banks use the data to determine
proximity to a caller's home to help confirm their identity.
All four carriers said their agreements with the data
aggregators required them to get users' consent to use their
location information. Some users consent to sharing their cellphone
location information when they do business with financial
institutions or other companies from which they are buying
services. Those firms often include that request for permission in
lengthy terms and conditions policies.
It is unclear whether consumers will notice a change after the
partnerships end. It wouldn't affect location data that customers
agree to share with applications such as Uber Technologies Inc. and
Google Maps through their cellphone's operating system. Software on
Apple Inc.'s iPhones and Google's Android smartphones help those
mobile apps identify users' locations.
Chirag Bakshi, Zumigo's founder and chief executive, said
Verizon told his company it has until November to agree on a
solution that more tightly controls customer data. Mr. Bakshi said
the San Jose, Calif., company handles fewer than 100,000 location
requests a day, mostly on behalf of financial institutions seeking
to root out fraud and of shipping companies tracking truck
movements.
"We're very careful in who we select as customers and we only do
this for companies who are very well known," Mr. Bakshi said in an
interview. "This is to protect consumers"
More than 100 companies ranging from truck fleet operators to
online lotteries draw on location data that ultimately flows from
LocationSmart, Mario Proietti, the company's chief executive, said
in a May interview.
He said LocationSmart logs each location request made through
its system. "All our location is on request," except for developers
testing the system, he said. "There's not tracking going on."
The wireless providers took action after the New York Times
reported that a prison telephone company called Securus
Technologies had expanded a service designed to monitor inmate
calls with a website that let sheriffs and corrections officers
find any cellphone user's location without a court order.
The carriers said that service was unauthorized and had accessed
the information through another third-party, 3cinteractive Corp.,
that in turn obtained the data from LocationSmart. Representatives
from 3cinteractive didn't respond to requests for comment.
Securus spokesman Mark Southland said in a statement that the
company adheres to its contract, adding that cutting off law
enforcement access to location tools "will hurt public safety and
put Americans at risk."
All four carriers said in separate letters to Sen. Wyden that
they curtailed Securus's access to customer-location data. T-Mobile
US Inc. stopped short of cutting off LocationSmart.
A LocationSmart spokesman on Tuesday said the Carlsbad, Calif.,
company isn't a data broker that buys and sells customer records.
"LocationSmart is an 'aggregator' only in the sense that it
provides an interface that enables service providers to request
location information from wireless carriers," he said.
Wireless companies typically share their customers' locations
with emergency responders in specific situations. The operators say
other uses are subject to customers' explicit consent. Wireless
carriers also share anonymized location data with marketers. They
often require that users explicitly opt out of those programs.
Securus wasn't the only company accused of mishandling location
information. A Carnegie Mellon University researcher in May found
similar data potentially exposed via LocationSmart's website.
Robert Xiao, the researcher who discovered the flaw on
LocationSmart's website, said wireless companies often say they
only share customer information with their consent. This incident
"calls that assumption into question," he said.
Write to Drew FitzGerald at andrew.fitzgerald@wsj.com and Sarah
Krouse at sarah.krouse@wsj.com
(END) Dow Jones Newswires
June 19, 2018 16:55 ET (20:55 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From Mar 2024 to Apr 2024
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From Apr 2023 to Apr 2024