Wireless Carrier Abuse Of Location Data Makes The Facebook, Cambridge Scandal Look Like Amateur Hour

As we've noted a few times now, however bad the recent Facebook and Cambridge Analytica scandal was, the nation's broadband providers have routinely been engaged in much worse behavior for decades. Yes, the Cambridge and Facebook scandal was bad (especially Facebook threatening to sue news outlets that exposed it), but the behavior they were engaging in is the norm, not the exception. And watching people quit Facebook while still using a stock cellphone (which lets carriers track your every online whim and offline movement) was arguably comedic.

As the recent Securus and LocationSmart scandal highlights, wireless carriers pretty routinely sell your location data to a laundry list of companies, governments, and organizations with only fleeting oversight. And while some lawmakers are pressuring the FCC to more closely investigate the scandal (which resulted in the exposure of wireless location data of some 200 million users in the U.S. and Canada), few expect the same FCC that just killed net neutrality to actually do anything about it.

When the previous FCC tried to pass some pretty modest privacy protections last year requiring that ISPs be more transparent about all of this, ISPs quickly took advantage of a cash-compromised Congress to scuttle those protections before they could even take effect:

This collective apathy to routine telecom sector privacy abuses has been going on for decades. You might recall that multiple ISPs were accused years ago of collecting and selling consumer clickstream data. When they were pressed for details, many simply either denied doing it or refused to respond. As more sophisticated network gear like deep-packet inspection emerged, ISPs began tracking and selling your online browsing habits down to the millisecond, some even charging users extra if they wanted to protect their own privacy.

But things got immeasurably more profitable once wireless carriers began tracking user location data, which they now sell to everyone from urban planners to government agencies. Companies like Verizon Wireless were subsequently caught covertly modifying wireless user data packets to track users around the internet without telling them. It took security researchers two years to even discover this was happening and another six months of public shame before Verizon even provided an opt out option (a more powerful version of the tech is now being used by Verizon's Oath advertising brand).

And yet even in the wake of the LocationSmart fracas, which literally exposed the private data of nearly everybody in America, we're still somehow only seeing a fraction of the media, regulatory or public outrage we saw during the Facebook and Cambridge kerfuffle:

"You might think that the major wireless carriers would be facing intense pressure to account for their lax handling of customers’ data. You might think the story would be all over newspapers’ front pages and cable news. You might think their CEOs would be hounded by the media, as Facebook’s Mark Zuckerberg was after the Cambridge Analytica story broke. You might think they’d be dragooned into testifying before Congress.

You might think that, if you expected a reaction commensurate to the one that accompanied the Cambridge Analytica revelations. And it’s conceivable that it will still happen. But so far, there has been none of that."

It remains odd that the press and public still don't realize how deep this particular rabbit hole goes. And whereas the Cambridge scandal made headlines for months, the location data scandal has barely registered a fraction of the collective outrage in media coverage or in DC. Meanwhile, wireless carriers are effectively refusing to even acknowledge they work with companies like LocationSmart, and there's little to no indication accountability is heading their direction anytime soon.