By Drew FitzGerald and Sarah Krouse
This article is being republished as part of our daily
reproduction of WSJ.com articles that also appeared in the U.S.
print edition of The Wall Street Journal (June 20, 2018).
Verizon Communications Inc., AT&T Inc. and Sprint Corp.
pledged to stop selling the locations of individual customers to
two middlemen amid accusations that one of the firms mishandled the
information.
The carriers said they will wind down data-sharing agreements
with LocationSmart and Zumigo Inc., which buy access to the
real-time locations of users from major U.S. carriers and allow
other businesses to tap into it. The data are used for everything
from marketing nearby shops to preventing credit-card fraud.
Ending the partnerships will take several weeks to a few months,
a Verizon spokesman said Tuesday.
"We will not enter into new location aggregation arrangements
unless and until we are comfortable that we can adequately protect
our customers' location data," Verizon privacy chief Karen Zacharia
wrote in a June 15 letter to Sen. Ron Wyden (D., Ore.), who wrote
all four national wireless operators last month asking them about
their privacy practices.
The inquiry followed revelations that one of the companies with
access to LocationSmart's system, a prison phone provider, created
a website that let law-enforcement agencies find the location of
any cellphone user without obtaining a court order.
In a statement, AT&T said it "will be ending our work with
aggregators for these services as soon as practical in a way that
preserves important, potential lifesaving services like emergency
roadside assistance."
Sprint "suspended all services with LocationSmart" last month
and "is beginning the process of terminating its current contracts
with data aggregators to whom we provide location data." A
spokeswoman said that effort "will take some time in order to
unwind services to consumers, such as roadside assistance and fraud
prevention services."
The U.S. phone carriers are the latest corporate giants
promising to improve their privacy standards after embarrassing
revelations about their handling of customer data. Facebook Inc.
continues to face questions from government authorities in several
countries after the social network revealed that data firm
Cambridge Analytica obtained data on as many as 87 million of its
users without the company's permission.
LocationSmart and Zumigo have contracts with the four U.S.
wireless companies that allow them to pull cellphone users'
locations in real time and share them with other businesses. For
example, the carriers say truck-rental firms use the data to better
assist customers on the road and banks use the data to determine
proximity to a caller's home to help confirm their identity.
All four carriers said their agreements with the data
aggregators required them to get users' consent to use their
location information. Some users consent to sharing their
cellphone-location information when they do business with financial
institutions or other companies from which they are buying
services. Those firms often include that request for permission in
lengthy terms and conditions policies.
It is unclear whether consumers will notice a change after the
partnerships end. It wouldn't affect location data that customers
agree to share with applications such as Uber Technologies Inc. and
Google Maps through their cellphone's operating system. Software on
Apple Inc.'s iPhones and Google's Android smartphones help those
mobile apps identify users' locations. Wireless carriers also sell
anonymized location data to marketers.
Chirag Bakshi, Zumigo's founder and chief executive, said
Verizon told his company it has until November to agree on a
solution that more tightly controls customer data. Mr. Bakshi said
the San Jose, Calif., company handles fewer than 100,000 location
requests a day, mostly on behalf of financial institutions seeking
to root out fraud and of shipping companies tracking truck
movements.
"We're very careful in who we select as customers and we only do
this for companies who are very well known," Mr. Bakshi said in an
interview. "This is to protect consumers."
More than 100 companies ranging from truck fleet operators to
online lotteries draw on location data that ultimately flows from
LocationSmart, Mario Proietti, the company's chief executive, said
in a May interview.
He said LocationSmart logs each location request made through
its system. "All our location is on request," except for developers
testing the system, he said. "There's not tracking going on."
The wireless providers took action after the New York Times
reported that a prison telephone company called Securus
Technologies had expanded a service designed to monitor inmate
calls with a website that let sheriffs and corrections officers
find any cellphone user's location without a court order.
The carriers said that service was unauthorized and had accessed
the information through another third-party, 3cinteractive Corp.,
that in turn obtained the data from LocationSmart. Representatives
from 3cinteractive didn't respond to requests to comment.
Securus spokesman Mark Southland said in a statement that the
company adheres to its contract, adding that cutting off
law-enforcement access to location tools "will hurt public safety
and put Americans at risk."
Sen. Wyden first questioned carriers' location-sharing practices
in a May 8 letter that accused Securus of skirting requirements for
law-enforcement records requests. Verizon said in its June 15
response that Securus or its partner 3cinteractive "impermissibly
permitted law enforcement agencies to request location information
through LocationSmart for investigative purposes," adding that was
"not an approved use case in our agreement with LocationSmart."
All four carriers said in separate letters to Sen. Wyden that
they curtailed Securus's access to customer-location data. T-Mobile
US Inc. stopped short of cutting off LocationSmart, though its
chief executive said on Twitter the company "will not sell customer
location data to shady middlemen."
A LocationSmart spokesman on Tuesday said the Carlsbad, Calif.,
company isn't a data broker that buys and sells customer records.
"LocationSmart is an 'aggregator' only in the sense that it
provides an interface that enables service providers to request
location information from wireless carriers," he said.
Wireless companies typically share their customers' locations
with emergency responders in specific situations. The operators say
other uses are subject to customers' explicit consent. Wireless
carriers also share anonymized location data with marketers. They
often require that users explicitly opt out of those programs.
Securus wasn't the only company accused of mishandling location
information. A Carnegie Mellon University researcher in May found
similar data potentially exposed via LocationSmart's website.
Robert Xiao, the researcher who discovered the flaw on
LocationSmart's website, said wireless companies often say they
only share customer information with their consent. This incident
"calls that assumption into question," he said.
Write to Drew FitzGerald at andrew.fitzgerald@wsj.com and Sarah
Krouse at sarah.krouse@wsj.com
(END) Dow Jones Newswires
June 20, 2018 02:47 ET (06:47 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From Mar 2024 to Apr 2024
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From Apr 2023 to Apr 2024