Tech

FCC says carriers broke the law by selling location data

They could be fined, though it likely won’t be enough to hurt them.

Chip Somodevilla/Getty Images News/Getty Images

The FCC has acknowledged that “one or more” wireless carriers violated federal law by selling user location information to data brokers who let it fall into the hands of shady characters. The revelation followed an investigation by Motherboard, which found that for as little as $300, effectively anyone could track a phone’s location down to a street block.

“I wish to inform you that the FCC’s Enforcement Bureau has completed its extensive investigation and that it has concluded that one or more wireless carriers apparently violated federal law,” FCC boss Ajit Pai said in a letter sent to Representative Frank Pallone.

According to Pai, the FCC will likely fine the carriers involved.

Carriers were giving away data without oversight — Motherboard found in its investigation that T-Mobile, Sprint, and AT&T were selling user location data to brokers who would then sell it to authorized groups, like police agencies and bail bondsmen. But then someone looking to make a quick buck would resell access on the black market for more questionable uses, like stalking. Simply provide a phone number and a few hundred bucks and you could locate just about anyone. The carriers were passing on responsibility for oversight to the brokers, who obviously weren’t doing enough.

All the major carriers have since said they have stopped selling location data following the report.

The consequences will likely be minor — The largest fine the FCC has ever approved was $120 million — a mere speeding ticket to the likes of AT&T and Sprint. And there’s no telling how much money the carriers made selling location data in the first place.

Still, it’s good that some action is being taken to crack down on this practice. It’s not hard to see how such tracking capabilities can be abused to stalk ex-lovers and celebrities or hunt down people who owe money. The lack of stringent access control on the part of data brokers and carriers made this all possible for a relatively small sum of money.

I just hope the amount is high enough to actually scare them into being more careful in the future. But of course it won't be.