The Federal Communications Commission (FCC) is again investigating the collection and use of carrier location data – the information mobile networks have about where your mobile devices are, as well as your movement patterns.

It follows a previous investigation which last year found that wireless carriers broke federal law by selling this private data to a number of third-party companies …

Background

Simply carrying your iPhone or other cellular-connected device like an Apple Watch or iPad is enough to tell your mobile carrier where you are. Your devices regularly ping the network so that incoming calls can be routed to the appropriate cell tower. Triangulating strength of signal at three or more cell towers can reveal your location to within 100 meters – sometimes even more precisely.

A report back in 2019 found that carriers were making this location data available for sale. Buyers included bounty hunters, some of who subsequently resold the data on the black market.

An FCC investigation into the practice found that wireless carriers “apparently broke federal law” through the unauthorized sale of the data. AT&T denied involvement, while T-Mobile and Sprint said they would stop selling this data – promises which were seemingly not kept.

Carrier location data usage – fresh investigation

Arstechnica reports that a new FCC investigation has been ordered into current practices.

One question specifically asks whether, and how, customers can opt-out.

Federal Communications Commission Chairwoman Jessica Rosenworcel has ordered mobile carriers to explain what geolocation data they collect from customers and how they use it […]

“Mobile Internet service providers are uniquely situated to capture a trove of data about their own subscribers, including the subscriber’s actual identity and personal characteristics, geolocation data, app usage, and web browsing data and habits,” the letters say. Under US communications law, carriers are prohibited from using or sharing private information except under specific circumstances.

Rosenworcel told carriers to answer the questions by August 3. Letter recipients included the big three carriers AT&T, T-Mobile, and Verizon; cable companies Comcast and Charter, which resell mobile service; mobile operators Consumer Cellular, C-Spire, Dish, Google, H2O Wireless, Lycamobile, Mint Mobile, Red Pocket, and US Cellular; and Best Buy Health, which operates the medical-focused Lively mobile service.

Concern that privacy law could make things worse

While there was progress on a federal privacy law this week, some are concerned that it could actually make things worse, by removing FCC powers to intervene.

Describe in detail the process by which a subscriber may opt out of the sharing of their geolocation data. Under this opt-out process, is that subscriber’s data still shared with third parties? In particular, does the opt-out process allow a subscriber to opt out of the sharing of their geolocation data with all third parties that are not law enforcement?

Some say that the FTC has proven more reluctant than the FCC to act on privacy issues.

Harold Feld, senior VP of consumer advocacy group Public Knowledge, and others are concerned the FCC could be prevented from regulating the phone industry’s privacy practices under bipartisan legislation that was approved by the House Commerce Committee on Wednesday. The American Data Privacy and Protection Act (ADDPA) “makes the Federal Trade Commission the sole enforcement agency overseeing data privacy, with a few exceptions, preempting the role of the Federal Communications Commission” […]

“The FCC’s investigation into mobile carriers’ geolocation data policies is a powerful reminder that the FCC already has the authority to protect the privacy of mobile phone customers” under Section 222 of the Communications Act, Stanford Law Professor Barbara van Schewick wrote on Twitter. “The federal privacy bill ADDPA negotiated in Congress would eliminate this authority.”

Photo: NASA/Unsplash