AT&T, Sprint, T-Mobile, and Verizon say they've stopped selling customer geo-location data to third-parties, according to letters the four companies have sent the US Federal Communications Committee; made public today.
The four have been called to answer for their business practices after investigations last year revealed that they were selling access to customer geo-location data to bounty hunters, prisons, and various other third-party companies, in many cases without user knowledge.
Now, following an official request from the FCC sent out at the start of the month, the US telcos say they've stopped, with a few exceptions.
"As of March 29, 2019, AT&T stopped sharing any AT&T customer location data with location aggregators and LBS [location-based service] providers," AT&T said in its letter.
"Our contracts require all parties who have received AT&T customer location data in connection with those arrangements to delete that information and we are verifying that they have done so, subject to any of their preservation obligations," the company said.
The only third-parties accessing AT&T's user location database are 911 emergency services and app developers, for services like ride-sharing services, but the company claims these are legal and highly controlled cases.
"As of May 31, 2019, Sprint will no longer contract with any location aggregators to provide [location-based services]," the company said.
"Sprint is currently only using one location aggregator to provide LBS to two customers with a public interest - a provider of roadside assistance for Sprint customers, and a provider that facilitates compliance with state requirements for a lottery that funds state
"As of February 2, 2019, T-Mobile terminated all service provider access to location data under the program, and T-Mobile terminated its location-based service contracts with the Location Aggregators, effective March 9, 2019," T-Mobile said.
T-Mobile location data contractors were notified of the company's intentions since October 26, 2018, "in light of the Securus incident."
In its letter, the company also tried to downplay its former practice of selling location data by saying it was "always relatively small."
As for Verizon, the company said it terminated its location aggregator program in November of 2018.
Four roadside assistance companies were allowed to use the service into 2019, but those arrangements were terminated at the end of March 2019.
Just like AT&T, Sprint, and T-Mobile, Verizon said that at no point any of its partners received information from the National Emergency Address Database ("NEAD"), the system that provides location data to 911 services across the US.
Related cybersecurity coverage:
- Hackers are collecting payment details, user passwords from 4,600 sites
- Microsoft recommends using a separate device for administrative tasks
- Microsoft SharePoint servers are under attack
- SHA-1 collision attacks are now actually practical and a looming danger
- Microsoft Office 365: Change these settings or risk getting hacked, warns US govt
- Future Android versions to support Electronic IDs
- Why cybersecurity pros want to share information to combat threats TechRepublic
- Google takes aim at imposter websites with new Chrome warning CNET