All four major U.S. wireless carriers, Verizon, T-Mobile, AT&T, and Sprint, are defendants in class action suits claiming that they sold their customers' location data to third-party firms. Bloomberg reports that the four nearly identical suits allege that the wireless providers violated federal communications law and the rights of their subscribers by releasing account information, phone numbers and geolocation information to data aggregators.
by offering services that help law enforcement and others quickly track any cellphone. About a month later, Verizon and AT&T said that they would no longer sell customer location data to third-party firms. This past January, both T-Mobile, and Sprint said that they would stop this practice soon.Nearly a year ago, we told you about a New York Times report showing how these data aggregators profit from the location data they buy
According to Motherboard, the case against Verizon deals with the company's business arrangements with the data aggregator mentioned in the Times story, a company called Securus. A previous report from Motherboard revealed that the nation's largest wireless provider also sold location data to a firm named Captira; this outfit then sold the info it bought from Verizon to bounty hunters seeking bail jumpers. Customer data from T-Mobile, Sprint, and AT&T also reportedly ended up in the hands of 250 bounty hunters. The information received was similar to the precise GPS data used by police and fire departments to help them respond to an emergency.
The suits against the other three carriers are nearly identical. The CEOs of all four carriers had received letters last May from Senator Ron Wyden (D-Oregon), asking questions about how each company deals with location data and asking them to comment on reports that this data was being sold to Securus and other aggregators. In the letters, Wyden pointed out that the carriers are not allowed to sell customer data without permission. The filings also point out how each of the carriers has privacy policies that promise subscribers that their personal information is not sold to unaffiliated third parties. For example, T-Mobile's policy states that it does "not license, sell, rent or otherwise provide your Personal Information to unaffiliated third parties to market their services or products to you without your consent."
FCC chairman Pai wouldn't attend an emergency briefing by a House committee looking into the matter
The classes in each suit cover Verizon, T-Mobile, AT&T and Sprint subscribers between April 30, 2015, and February 15, 2019. It also gives an approximate number of subscribers each wireless provider had during this time period; Verizon and AT&T each had 100 million customers while T-Mobile and Sprint each had 50 million. Each suit was filed by Z Law, described on its website as a "consumer protection law firm," and alleges that each of the four companies failed to protect each customer's proprietary network information (CPNI) as they are required to do under section 222 of the Federal Communications Act (FCA). The CPNI covers the date of each call made by a subscriber, the number call, the length of each call, the type of network a particular subscriber uses, and any other information that a customer sees on his monthly bill.
The suits were all filed last week and request a jury trial. A Sprint spokesman told Motherboard that "We are reviewing the legal filing and have no further comment at this time." T-Mobile said that it couldn't comment on pending litigation, and Verizon and AT&T have yet to respond to requests for comment from Motherboard.
You might remember that FCC chairman Ajit Pai refused to attend an "emergency briefing" with the House Energy and Commerce Committee to discuss the selling of customer location data by the four major carriers. Even though the briefing was scheduled during the government shutdown, committee chairman Rep. Frank Pallone, Jr. (NJ-D) said that the matter was too important to wait for the shutdown to end. Pai had sent out several tweets on the day he blew off the briefing leading Senator Wyden to note that the FCC chairman had "enough time to tweet cat videos and tired memes, but refuses to brief Congress about a real threat to every American’s security. It’s a new low for someone who has spent his tenure at the FCC refusing to do his job and stand up for American consumers."