FCC fines carriers $200 million for illegally sharing user location
- by nlqip
The Federal Communications Commission (FCC) has fined the largest U.S. wireless carriers almost $200 million for sharing their customers’ real-time location data without their consent.
FCC’s forfeiture orders finalize Notices of Apparent Liability (NAL) issued against AT&T, Sprint, T-Mobile, and Verizon in February 2020.
The fines imposed on Monday include $12 million for Sprint and $80 million for T-Mobile (the two carriers have merged since the investigation began), more than $57 million for AT&T, and an almost $47 million fine for Verizon.
An investigation was launched after reports that the largest American wireless carriers disclosed customers’ location information to a Missouri Sheriff through Securus’ “location-finding service” without consent or legal authorization.
Despite being informed of the unauthorized access, all four carriers continued to operate their programs without reasonable safeguards to ensure that location-based service providers with access to customers’ location information obtained consent.
During the investigation, the FCC’s Enforcement Bureau found that each of the four mobile carriers sold their customers’ real-time location data to “aggregators,” who then resold this information to third-party location-based service providers, revealing where the customers were going and who they were.
“In doing so, each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained,” the FCC said.
“This initial failure was compounded when, after becoming aware that their safeguards were ineffective, the carriers continued to sell access to location information without taking reasonable measures to protect it from unauthorized access.”
However, according to section 222 of the Communications Act, U.S. wireless carriers must take reasonable steps to safeguard specific customer data, such as location information.
They are also required to keep this customer information confidential and seek the customer’s consent before using, revealing, or providing access to it.
“When placed in the wrong hands or used for nefarious purposes, it puts all of us at risk,” said Loyaan A. Egal, the head of FCC’s Enforcement Bureau.
“Foreign adversaries and cybercriminals have prioritized getting their hands on this information, and that is why ensuring service providers have reasonable protections in place to safeguard customer location data and valid consent for its use is of the highest priority for the Enforcement Bureau.”
Source link
lol
The Federal Communications Commission (FCC) has fined the largest U.S. wireless carriers almost $200 million for sharing their customers’ real-time location data without their consent. FCC’s forfeiture orders finalize Notices of Apparent Liability (NAL) issued against AT&T, Sprint, T-Mobile, and Verizon in February 2020. The fines imposed on Monday include $12 million for Sprint and $80 million for T-Mobile (the two carriers have merged since the investigation began), more…
Recent Posts
- Windows 10 KB5046714 update fixes bug preventing app uninstalls
- Eight Key Takeaways From Kyndryl’s First Investor Day
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’