Sprint promises to finally end sales of location data to third parties
Following shortly behind its rivals, Sprint on Wednesday promised that it would at last end sales of location data to third parties — something it and other U.S. carriers once promised to do before.
"Last year we decided to end our arrangements with data aggregators, but assessed that the negative impacts to customers for services like roadside assistance and bank fraud alerts/protection that would result required a different approach," Sprint said in a statement to CNET. "We implemented new, more stringent safeguards to help protect customer location data, but as a result of recent events, we have decided to end our arrangements with data aggregators."
"Recent events" is a reference to a recent Motherboard expose that showed a bounty hunter could pay just $300 to track down a T-Mobile phone. The hire went through a third-party aggregator, Zumigo, which was providing access from carriers to a location-tracking service called Microbilt.
Sprint insisted it doesn't "knowingly share personally identifiable geo-location information," but also said it was taking "immediate action" to cut off Microbilt and end a Zumigo contract.
T-Mobile noted that it had "blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt," and would halt all third-party aggregator access in March. Verizon claimed to have already halted a partnership with Zumigo and some other firms prior to the expose, with the temporary exception of roadside assistance companies. AT&T didn't comment but is also expected to end location data sales in March.
Sprint's contract deals will end "in the next several months," according to the company.
Last year all four of the major national carriers wrote letters to Democratic Senator Ron Wyden making similar pledges, following the aftermath of a scandal involving Securus. That firm was found not only to be selling precise location data to police forces, but also the victim of a hack that resulted in hundreds of police officers having their logins stolen. Securus was tapping into data from 3Cinteractive, which got its own content from LocationSmart.