Oregon Sen. Ron Wyden has expressed “disappointment” and “disbelief” at T-Mobile’s failed promise to end the collection and sale of user location data to dubious intermediaries. Wyden on Thursday also began to apply some additional pressure on other wireless carriers he claims have been negligent and secretive when it comes to treatment of this data. T-Mobile’s failed promises were unearthed when a recent Motherboard investigation showcased how such data is routinely abused by a wide variety of sketchy third parties. The scale of the problem has been percussively highlighted by a series of scandals showcasing how this data is routinely being abused by everyone from law enforcement to bail bondsmen. In a letter sent to T-Mobile CEO John Legere (embedded below), Wyden notes that T-Mobile CEO John Legere promised last June to end the sale of such data to “shady middlemen,” yet clearly failed to live up to his promise.
“I write you today to express my disappointment and disbelief regarding T-Mobile’s continued partnership with companies that have enabled spying on Americans without their knowledge and consent,” the Senator said. “Your company’s continued sale of customer location data to these so-called ‘location aggregators’ is in direct contradiction to your ‘personal evaluation’ of the issue six months ago.”
In the wake of Motherboard’s reporting, numerous wireless carriers have promised to discontinue the sale of such data to third party aggregators and data brokers. Legere has subsequently promised to end the practice entirely by March. The problem: the lack of carrier transparency and government apathy traditionally makes verification difficult. Wyden said he was “shocked” by the Motherboard investigation showcasing how the CEO had yet to take meaningful action on this front. By the time T-Mobile acts, the Senator complained, it will have been nine months since Legere’s original Twitter promise. “T-Mobile calls itself the ‘Uncarrier,’” Wyden said. “To that end I urge you to immediately ‘uncarry’ the ability of stalkers and middlemen to purchase your customers location information.”
Experts have told Motherboard that ending the collection and unauthorized sale of such data could be easily done by existing FCC and FTC authority, without the passage of a new privacy law. Instead, the government has largely ignored the practice, despite a steady increase in scandals clearly highlighting the scope of the problem. Wyden on Thursday also fired off a second letter to the CEOs of Verizon, AT&T, T-Mobile, and Sprint, demanding additional information on the volume of user location data they collect and sell, accusing the companies of being less than forthcoming to Wyden’s past requests. “None of you provided complete answers to these questions,” Wyden complained. “Your companies continue to refuse to identify the companies with whom you shared your customers’ private data, citing contractual commitments to protect the privacy of those companies.” “It is telling that you and your lawyers seem to prioritize corporate secrecy over transparency about how your customers’ information has been shared without their knowledge,” Wyden added. “You should end this profiteering immediately and own up to your mistake at having let it go on for this long.” Experts have told Motherboard that Legere’s failure to live up to his promise could technically violate the FTC Act. And while FCC authority (and its proposed privacy rules) have been methodically stripped away by wireless carrier lobbyists, the FCC still has the authority to police this behavior under authority granted to it by Section 222 of the Communications Act. Whether Congress, the FCC or FTC will actually take concrete action remains uncertain, but as the frequency and scale of these scandals continues to grow, so does the public pressure for carriers and government alike to finally do something about it.