File photo: In this Tuesday, 2 May 2017, picture, Verizon corporate signage is fixed at a shop in Manhattan’s Midtown area, in New York. (AP Photo/Bebeto Matthews) (Copyright 2017, The Associated Press. All rights reserved.)
(Copyright 2017, The Associated Press. All rights reserved.)
Verizon is scaling back a program that may be exposing mobile phone location data of millions of customers, without their consent; AT&T has pledged to do the same.
The move comes after the prison company Securus Technologies was found to be using the data to let the police look up cell phone locations without a warrant. Last month, Sen. Ron Wyden of Oregon sent letters to all four major U.S. wireless carriers, demanding answers about the why of the sensitive data in the hands of a third party.
In response, Verizon is cracking down on the partners, making the abuse by the end of the data-sharing agreements with two companies, LocationSmart, and Zumigo, that are specialized in the processing of the location information of mobile carriers and allow business customers to access.
“Our review of our location aggregator program has led to a number of internal questions about how best to protect our customers” location information,” Verizon told Wyden in a 15 June letter.
More From PCmag
Nervous to the Practice of a New Language? Try AI, Duolingo Says
Deal Alert: Sony Discounting the ‘PlayStation Hits $20
Deals: Vizio 4K TV, Inspiron Laptop, Carbon Fiber Scooter
Why Everything Elon Musk Fears About AI Is Wrong
According to the letter, Securus was among the 75 corporate customers with access to Verizon customer data of both LocationSmart or Zumigo. The partnerships can provide power services such as fraud prevention, emergency roadside assistance, and marketing offers, that are dependent on knowing a customer’s residence. However, the location sharing should only take place with a client.
This was not happening in the case of Securus, which is the data of LocationSmart. After a study, Verizon pulled the plug on the prison technology company with access to sensitive information.
Last Friday, AT&T and T-Mobile also told Wyden’s office, that they cut off location access to Securus, but, with the exception of the termination of their data-sharing agreements with LocationSmart, and Zumigo. Sprint letter to Wyden did not explicitly mention an action against Securus or by third parties.
“Verizon deserves credit for taking quick action to protect the privacy and security,” Wyden said in a statement on Tuesday. “In contrast, AT&T, T-Mobile and Sprint seem content to continue to sell their customers’ private information to these shady middle men, Americans’ privacy be damned.”
The hard statement seems to have gotten of AT&T’s attention. On Tuesday, the carrier told PCMag it was the winding down of the partnerships with third-party data aggregator companies. However, AT&T and Verizon say the process will take time. The two carriers would still be in power “favourable” location-based services, such as the bank fraud prevention and call routing.
“Our first priority is to protect our customers’ information, and, in the end, we will be ending our work with aggregators for these services as soon as practicable in a way that preserves important, potentially life-saving services such as emergency roadside assistance,” AT&T told PCMag in a statement.
T-Mobile, on the other hand, told Wyden that the appropriate security measures to prevent abuse. “To the extent that a firm deviates from the protocol, T-Mobile, will take action, as it did with Securus,” the carrier said in his letter to Wyden.
Sprint told PCMag the company is still investigating the matter, but suspended all services with LocationSmart on 25 May.
On Tuesday, a LocationSmart spokesman responded on the review of the business, saying: “There is a lot of wild, misleading information published about this situation,” and includes a link to a FAQ about the company. However, as far LocationSmart not yet responded to questions about why it was that Securus Technologies to make use of the data for the warrant-less police searches.
Last month, LocationSmart was also found accidentally exposing the location of the data online. A company-made demo contained a software bug that someone search real-time mobile phone locations of millions of devices.
This article originally appeared on PCMag.com.