Verizon, AT&T, T-Mobile Finally Fined $192 Million For Abuse Of User Location Data

For several decades, major wireless carriers AT&T, Verizon, and T-Mobile collected vast troves of sensitive user location and movement data, then sold access to any random nitwit with two nickels to rub together. The result was a parade of scandals wherein everybody from stalkers to law enforcement (or pretending to be law enforcement) abused the data in problematic ways never made clear to the end user.

Though this behavior had been going on for years, it only gained mainstream attention thanks to a 2018 New York Times story showcasing how police and the prison system routinely bought access to this data and then failed completely to secure it. In 2020 the FCC proposed fining wireless carriers $196 million ($91 million for T-Mobile, $57 million for AT&T, $48 million for Verizon).

After four years of legal wrangling and delays (caused in part by the telecom industry’s attack on the Gigi Sohn FCC nomination, preventing the FCC from having a working voting majority) the FCC announced they had voted to finally formalize the fines:

“These carriers failed to protect the information entrusted to them. Here, we are talking
about some of the most sensitive data in their possession: customers’ real-time location
information, revealing where they go and who they are.”

It should be clear than $192 million (actually proposed by the Trump FCC) is a tiny, tiny fraction of the money these companies made monetizing your every last movement for decades. And it’s still very likely the carriers never get close to paying that amount. All three have promised to appeal, and it’s very likely that after another few years of legal wrangling those penalties are reduced further, if not vacated entirely.

All three carriers claim they’ve stopped the practice, but it’s extremely likely they’ve just revamped the programs after consultations with company lawyers, calling them something creatively new. It’s not particularly hard to avoid violating internet privacy laws in a country too corrupt to actually pass them.

While “big tech” gets the lion’s share of policy and press attention these days, telecom privacy violations have a long, rich, multi-decade history. An FTC study from 2021 documented how your ISP collects real-time location data, DNS data, browsing data, and demographic data, sells access in a myriad of creative ways, then routinely lies about what it’s doing, calling the process of “selling” your data, something else.

The FCC and FTC are too short staffed, under-funded, and boxed in by years of lobbying and dodgy court rulings to police privacy abuses at the scale they’re happening with any consistency. And Congress is too corrupt to pass even a baseline privacy law setting some ground rules and penalties for companies and executives. So this cycle continues until there’s another privacy scandal too messy to politically ignore.