By Matthew Kalhofer
Several U.S. wireless carriers previously contracted to sell location-sharing data to data purchasing companies. This sparked an investigation into the legality of these data companies’ access and the use of such confidential information. The companies that have contracted to purchase this location-sharing data from wireless carriers are alleged to have been able to access millions of individuals ‘real-time’ location, without their knowledge or consent. The FCC believes certain U.S. wireless carriers have violated the federal communications laws concerning the disclosure of their customers’ real-time location data. Many of these providers have terminated those contracts due to the enforcement actions currently being taken by the FCC. The focus of this blog will address what prompted this investigation, the response to this investigation, and how this may affect similar data privacy protection initiatives in the future.
Putting the Investigation in Context:
In May 2018, the Federal Communications Commission (“FCC”) began an investigation into data-purchasing companies such as LocationSmart. Essentially, companies like LocationSmart will contract with U.S. wireless carriers, such as Verizon, T-Mobile, Sprint, and AT&T, to purchase customers’ location-sharing data. What sparked this investigation was a study by Robert Xiao, a doctoral student at Carnegie Mellon University Human-Computer Interaction Institute, which found that those individuals with even an “elementary” understanding of websites, would have the capabilities of tracking millions of citizens, absent their knowledge and consent. In light of these developments, Oregon Senator Ron Wyden has aggressively called for the “FCC to expand the scope of this investigation, and to more broadly probe the practice of third parties buying real-time location data on Americans.” Not only has this investigation implicated LocationSmart, the Senator further urges that this investigation extends to Securus. The New York Times revealed that Securus obtained the same location-sharing data from 3Centeractive, who in turn, received this data from LocationSmart. Another intriguing aspect of the investigation is that FCC Chairman, Ajit Pai, was previously an attorney for Securus, one of the companies involved in this probe. Many individuals have called for his recusal from this investigation due to any potential conflicts of interest.
Response to The Investigation:
The initial response by the aforementioned wireless carriers was to terminate their contracts with these “location-aggregation companies,” but it was later revealed that these wireless carriers were still engaged in these practices. Roughly fifteen United States Senators sent a letter to both FCC chairman Ajit Pai, and FTC chairman Joseph Simons, contending that, pursuant to the Communications Act, “these wireless carriers have failed to regulate themselves or police the practices of their business partners, and have needlessly exposed American consumers to serious harm.” Chairman-Commissioner Pai responded to the increasing pressure by stating that an inquiry would be conducted towards notifying the wireless carriers of potential penalties by means of a “Notice of Apparent Liability for Forfeiture.”
Result of the Investigation:
On February 28, 2020, the FCC released a proposal that would fine T-Mobile, AT&T, Verizon, and Sprint, a combined $200 million, for their failure to police the practices concerning the sale of access to their customers’ location-sharing data. Although the FCC has ramped up efforts towards notifying the industry of the severity and consequences for engaging in neglectful self-regulatory policing practices, consumers, regulators, and congress, “criticized the agency for taking too long to act,” and for the negligible penalties proposed. A combined $200 million seems insignificant considering T-Mobile, alone, earned a total revenue of roughly $129 million for the Fourth Quarter of 2019.
These are the precise opportunities that allow the FCC to step in and protect American citizens from unauthorized entities accessing the location of individuals without their knowledge or consent. The lack of haste employed by the Commission in combating these offensive practices, combined with the trivial fines imposed on these wireless carriers and location-sharing data purchasing companies, will continue to effectuate a reactive approach, rather than a proactive approach towards preserving the privacy rights of American citizens.
Student Bio: Matthew Kalhofer is a second-year law student at Suffolk University Law School. He currently serves as a staff member on the Journal of High Technology Law. Matthew received his Bachelor of the Arts in Political Science from The University of Rhode Island.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.