US carriers again vow to better control data access after pay-to-track scandal
Major U.S. carriers have for a second time promised to better control data access after a site successfully tracked down a T-Mobile phone by paying a bounty hunter $300.
The bounty hunter found the phone by way of data from a third-party aggregator, Zumigo, Motherboard reported. Zumigo was providing access from carriers to a location-tracking service called Microbilt, which extended service to multiple industries.
Democratic Senators Kamala Harris and Mark Warner were quick to criticize carriers in response, as was FCC commissioner Jessica Rosenworcel, who suggested that her agency needs to investigate immediately.
Sprint told The Verge it doesn't "knowingly share personally identifiable geo-location information" except in response to legal demands, and claimed that Zumigo and Microbilt were violating its privacy policies.
"We took immediate action to ensure Microbilt no longer had access to Sprint location data, and have notified Zumigo that we are immediately terminating our contract," a spokesperson said.
A T-Mobile representative said that the carrier has "blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt," and is halting data access from third-party aggregators in general. In response to another Democrat, Sen. Ron Wyden, CEO John Legere said on Twitter that changes will take effect in March.
AT&T has so far gone without comment. Verizon said it had already canceled its arrangement with Zumigo and some other firms before the Motherboard story emerged, the exceptions being roadside assistance companies, which should still see their contracts end in the near future.
Last year all four of the major national carriers wrote letters to Wyden making similar pledges, following the aftermath of a scandal involving Securus. That firm was not only found to be selling precise location data to police forces, but also the victim of a hack that resulted in hundreds of police officers having their logins stolen. Securus was tapping into data from 3Cinteractive, which got its own data from LocationSmart. T-Mobile and Verizon acknowledged Zumigo as a partner as well.