Everywhere we go our smartphones follow. They power the connections that we count on for so much of modern life. But because they are constantly in our palms and pockets, they are also collecting gobs of data about everything we are doing — and where we are doing it.
Our phones know our location at any given moment. This geolocation data is especially sensitive. It’s a record of where we’ve been, and by extension, who we are. This information needs to be treated with care. If it winds up in the wrong hands, it could provide criminals and stalkers with the ability to locate any one of us with pinpoint accuracy. It could be sold to domestic abusers or anyone else who wishes to do us harm. Its collection and distribution or sale without our permission is a violation of our most basic privacy norms.
But it’s happening anyway. At the start of this year, Vice exposed how hundreds of bounty hunters wound up with access to our wireless location data. For a few hundred dollars, they were willing to sell information about anyone’s location in real time, based on data from wireless phones.
The data the bounty hunters could buy and sell were so accurate that they could track a person to a specific location at a specific moment in time. Vice pieced together just how this sensitive geolocation data wound up in their hands. It turns out wireless carriers sold access to individual real-time location information to data aggregators, who then sold it to a skip-tracing firm, who then sold it to a bail-bond company, who then sold it to individual bounty hunters.
If that sounds like a tortured chain of data possession, it is. But more importantly, how did our sensitive and private location data wind up for sale? What went wrong?
When you have your wireless phone on hand, a lot of information is collected. In order to provide service, the phone regularly sends out signals to nearby cell towers, providing information about your location in the process. In addition, phones have Global Positioning System chips, which use satellite data to calculate your exact position. Your phone can combine these methods and also leverage other infrastructure, like Wi-Fi routers, to know where you are with even more precision.
Of course, wireless carriers are not the only ones with sensitive geolocation data. There is a whole range of apps that we can download that track our movements, as well as record when we use our devices, and for what purposes. Many of these apps use similar technologies to identify your location, aided by information provided by the accelerometers, magnetometers, cameras, and light sensors that are in our devices.
For the most part, app developers can hide behind well-written terms and conditions that we click on when we download service. But the law puts especially clear limits on what wireless carriers can do with the location information they collect simply by providing service. Under the Communications Act, carriers are generally prohibited from sharing customer location data without getting customer consent to do so.
If you don’t remember giving this kind of permission or signing up for the sale of your geolocation data on a black market, you’re not alone. Comb through your wireless contract, it’s a good bet there is nothing in there that discloses that your carrier could monetize your real-time location in this way.
This should make it simple for the Federal Communications Commission to take action under the Communications Act. But it hasn’t happened. For months the agency has said it is investigating. But it has not provided the public with any details, despite the ongoing risk to the security of every one of us with a smartphone.
This silence is unacceptable. The FCC appears more concerned with the privacy of its investigation than the privacy of consumers.
So we’ve taken this issue into our own hands — as a member of Congress and as a member of the FCC. As a result of our work, appropriations legislation now requires the FCC to provide an update on its investigation into the sale of geolocation data and every wireless company has received a letter demanding a report on their efforts to end sales of customer real-time location data and explain what steps were taken to secure any location data that had already been sold. Their responses have been made public, but their claims need to be verified.
This is only a start. Much more needs to be done. Our wireless devices provide extraordinary opportunities and conveniences but taking advantage of them should not require us to involuntarily give up real-time information about where we are with our devices. Moreover, public policy should recognize that geolocation data collection is especially sensitive. Issues involving its abuse go to the heart of our national and personal security.
Across the board, we need updated privacy policies in Washington — and new laws to reflect the challenges of the digital age. The privacy challenges we face as consumers are vast, and they go beyond the geolocation data that has been shared by our wireless providers without our permission. But the potential for harm in sharing information about where we are and what we are doing is real, so it is time for the FCC to use the laws it has in place to fix this mess and protect us without further delay.
US Representative Lori Trahan represents the Third District of Massachusetts. Jessica Rosenworcel is a Democratic commissioner on Federal Communications Commission.