Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

US carriers again vow to better control data access after pay-to-track scandal

Major U.S. carriers have for a second time promised to better control data access after a site successfully tracked down a T-Mobile phone by paying a bounty hunter $300.

The bounty hunter found the phone by way of data from a third-party aggregator, Zumigo, Motherboard reported. Zumigo was providing access from carriers to a location-tracking service called Microbilt, which extended service to multiple industries.

Democratic Senators Kamala Harris and Mark Warner were quick to criticize carriers in response, as was FCC commissioner Jessica Rosenworcel, who suggested that her agency needs to investigate immediately.

Sprint told The Verge it doesn't "knowingly share personally identifiable geo-location information" except in response to legal demands, and claimed that Zumigo and Microbilt were violating its privacy policies.

"We took immediate action to ensure Microbilt no longer had access to Sprint location data, and have notified Zumigo that we are immediately terminating our contract," a spokesperson said.

A T-Mobile representative said that the carrier has "blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt," and is halting data access from third-party aggregators in general. In response to another Democrat, Sen. Ron Wyden, CEO John Legere said on Twitter that changes will take effect in March.

AT&T has so far gone without comment. Verizon said it had already canceled its arrangement with Zumigo and some other firms before the Motherboard story emerged, the exceptions being roadside assistance companies, which should still see their contracts end in the near future.

Last year all four of the major national carriers wrote letters to Wyden making similar pledges, following the aftermath of a scandal involving Securus. That firm was not only found to be selling precise location data to police forces, but also the victim of a hack that resulted in hundreds of police officers having their logins stolen. Securus was tapping into data from 3Cinteractive, which got its own data from LocationSmart. T-Mobile and Verizon acknowledged Zumigo as a partner as well.



11 Comments

hodar 14 Years · 366 comments

Well, it seems like Verizon did the right thing, and cancelled the contract. Nice work, Verizon - you get to keep my business.

gatorguy 13 Years · 24628 comments

hodar said:
Well, it seems like Verizon did the right thing, and cancelled the contract. Nice work, Verizon - you get to keep my business.

They canceled THAT contract. Don't assume there are not other "sharing" arrangements. Not that it matters since ALL the carriers were doing pretty much the same thing. 

FWIW a report on another site learned for themselves (by simply asking!) that "your" location data could be purchased for less than $5.00 in bulk packages, iPhone or Android doesn't matter.

No the decimal point in not misplaced. Really less than $5.

sflocal 16 Years · 6138 comments

And why are carriers getting into contracts with these kind of companies in the first place?!

MplsP 8 Years · 4047 comments

sflocal said:
And why are carriers getting into contracts with these kind of companies in the first place?!

$$$

MplsP 8 Years · 4047 comments

gatorguy said:
hodar said:
Well, it seems like Verizon did the right thing, and cancelled the contract. Nice work, Verizon - you get to keep my business.
They canceled THAT contract. Don't assume there are not other "sharing" arrangements. Not that it matters since ALL the carriers were doing pretty much the same thing. 

FWIW a report on another site learned for themselves (by simply asking!) that "your" location data could be purchased for less than $5.00 in bulk packages, iPhone or Android doesn't matter.

No the decimal point in not misplaced. Really less than $5.

Exactly. This is yet another “sorry! We promise to be good now” response. Sorry - you companies have proven time and again that the only ‘ethics’ you understand are fines and regulations.