T-Mobile Cares So Much About Consumer Privacy, It's Fighting The FCC's Flimsy Fine For Location Data Sharing

from the light-wrist-slaps dept

Wed, Mar 4th 2020 10:44am — Karl Bode

T-Mobile, like many mobile carriers, insists in highly values consumer privacy. But that hasn't really been reflected in the company's response to ongoing SIM hijacking scandals. Nor was that dedication particularly apparent when T-Mobile (along with AT&T, Verizon, and Sprint) were all caught selling access to user location and 911 data to pretty much any nitwith with a nickel.

Last week, after a year of stonewalling, the Trump FCC announced it would be doling out some light wrist slaps to companies that were caught selling access to this data. For most of the companies, the fines they received were a tiny, tiny fraction of not only their annual revenues, but the billions made over the last decade selling access to this data to law enforcement , people pretending to be law enforcement, and even stalkers. All four of the companies also just received tens of billions on dollars from the Trump tax cuts in exchange for promises they completely flaked out on.

It would be a pittance to pay off the fine and move on, especially given this particular FCC is unlikely to engage in much follow up to either confirm data collection has actually stopped, or police access to the mountains of data already collected. But T-Mobile says it's intending to fight the fine anyway, because, you know, it cares just that much about consumer privacy and accountability:

"While we strongly support the FCC’s commitment to consumer protection, we fully intend to dispute the conclusions of this NAL and the associated fine," the company said."

So yeah, T-Mobile will "support" the FCC's "commitment to consumer protection" (which barely exists in the first place) by...(checks notes)...fighting the already feeble end result. This is, again, apparently a reflection of T-Mobile taking "consumer privacy seriously":

"We take the privacy and security of our customers’ data very seriously," said T-Mobile. "When we learned that our location aggregator program was being abused by bad actor third parties, we took quick action. We were the first wireless provider to commit to ending the program and terminated it in February 2019 after first ensuring that valid and important services were not adversely impacted."

Again, there's little chance these companies will actually leave billions in location data revenues on the table. While all four major carriers say they've stopped the practice, it's far more likely they've simply tweaked their privacy policies, renamed the collection systems, and buried them deep in some subsidiary somewhere. After all, who is going to do the legwork required to audit the entire industry's privacy and data collection practices, Ajit Pai?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: competition, consumers, fcc, fines, privacy
Companies: t-mobile

6 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 4 Mar 2020 @ 10:47am

no surprise here, then. and i'll bet the wankers on the take in Congress will be all over this, making sure it never happens again!
[ link to this | view in chronology ]
Anonymous Coward, 4 Mar 2020 @ 11:45am

"While we strongly support the FCC’s commitment to consumer protection, we fully intend to dispute the conclusions of this NAL and the associated fine," the company said."

There is one way to reconcile this logic: T-Mobile asks the court to throw out this laughably small fine and replace it with some real punishment and a harsher report.
[ link to this | view in chronology ]
1998 OR2, 4 Mar 2020 @ 1:26pm

just out of curiosity in legal due process:

exactly what law/reg is T-Mobile being fined for violating ?

... or did FCC just create some new rule or novel interpretation of some longstanding rule ?
[ link to this | view in chronology ]
- Toom1275 (profile), 4 Mar 2020 @ 8:30pm
  
  Re:
  From another article:
  
  The Communications Act requires carriers "to protect the confidentiality of certain customer data related to the provision of telecommunications service, including location information," and "take reasonable measures to discover and protect against attempts to gain unauthorized access to this data," the FCC said.
  
  "The rules also require that carriers or those acting on their behalf generally must obtain affirmative, express consent from a customer before using, disclosing, or allowing access to this data," the FCC continued. "And carriers are liable for the actions of those acting on their behalf."
  
  T-Mobile, AT&T, Verizon, and Sprint all "sold access to their customers' location information to 'aggregators,' who then resold access to such information to third-party location-based service providers (like Securus)," the FCC said. "Although their exact practices varied, each carrier relied heavily on contract-based assurances that the location-based services providers (acting on the carriers' behalf) would obtain consent from the wireless carrier's customer before accessing that customer's location information."
  
  Hutcheson's access to customer-location information makes it clear that the carriers did not make adequate efforts to safeguard the data, the FCC said. "Yet all four carriers apparently continued to sell access to their customers' location information without putting in place reasonable safeguards to ensure that the dozens of location-based services providers acting on their behalf were actually obtaining consumer consent," the FCC said.
  
  [ link to this | view in chronology ]
Nathan F (profile), 4 Mar 2020 @ 1:27pm

As happy as I am to see this happen, I have to wonder if the fine is even going to be a fraction of the amount they earned selling the information. It is all well and good to censor and punish them for the violation of the law, but when the payoff is many times the value of the fine it doesn't act as any kind of real deterrent.

This was my comment from one month ago when the article saying the FCC was going to fine them was published. I am relieved that my expectations were not set that high so as to be disappointed by the amount of this fine. The fact that someone is actually contesting this amount vs the amount they likely made off the practice is ludicrous.
[ link to this | view in chronology ]
- Anonymous Coward, 5 Mar 2020 @ 4:54am
  
  Re:
  
  The fact that someone is actually contesting this amount vs the amount they likely made off the practice is ludicrous.
  
  Not if it legalizes the practice of selling user data to anyone who ticks all the correct boxes in contract.
  [ link to this | view in chronology ]