FCC Does The Bare Minimum: Asks Wireless Carriers To Be Honest About Location Data (original) (raw)

from the base-levels-of-transparency dept

It took fifteen years filled with constant scandal, but the FCC finally recently announced that it would be “cracking down on” wireless carrier abuse of consumer location data, thanks to pressure from our new post-Roe reality. This “crackdown” involves politely asking the nation’s top wireless carriers to disclose what kind of location data they were collecting, and who they’ve been sharing and selling it to.

Wireless carriers have now shared their responses with the FCC, all of which have been posted to the agency’s website:

“Today, I’m publishing the responses I received from mobile carriers on how they handle geolocation data to help shed light on this issue for consumers. Additionally, I have asked the Enforcement Bureau to launch a new investigation into mobile carriers’ compliance with FCC rules that require carriers to fully disclose to consumers how they are using and sharing geolocation data,” said Chairwoman Rosenworcel.

So basically the FCC is asking an industry with a history of lying about this stuff to be transparent about what they’re collecting and selling, and if they’re very clearly breaking fairly flimsy agency rules, they might face penalties. Someday. If those enforcements can survive an agency that’s been intentionally vote gridlocked by the telecom industry.

Consumer groups applauded the move, but were quick to note that carriers responses — and behaviors — were all over the map:

“These letters show that, despite the constant invocation of carriers of ‘industry standards’ and ‘best practices,’ carrier geolocation data practices are all over the map. The only ‘industry standard’ appears to be that there is no standard at all for how long carriers retain data, how they protect it or how hard they make it for their customers to invoke their rights,” Harold Feld, senior vice president for the digital rights group Public Knowledge, said in reaction to the commission’s release of the companies’ responses Thursday.

While there are some wireless carriers who claim to never collect or sell user location data, others (notably Verizon and AT&T) utilize familiar legalese to suggest the collection and sale of this data is tightly controlled, anonymous, and secure, despite the fact that, again, fifteen years of scandals have shown that’s very much never been the case.

Activists, for years, have warned about the obvious threat of over-collection and sharing of sensitive consumer wireless location data, be it gleaned from your mobile phone or apps. Now, post-Roe, it’s all but guaranteed this and other data (search histories, app usage) are going to be used by states (and vigilantes, since this data is often easy to purchase) targeting abortion seekers and those who help them.

It’s all a bit of an enforcement nightmare. Most companies claim that collecting this data isn’t a big deal because it’s “anonymized,” despite the fact that studies keep showing that word means nothing. Telecom giants often claim they don’t “sell” this kind of data, but that’s often found to be a lie (they just call the practice of bundling and transferring and selling it to others something else entirely).

Telecom giants also routinely claim to have working opt out tools, but that’s often found to be a dubious claim as well, with opt out systems that either don’t work, only temporarily opt you out of surveillance, or only opt you out of seeing targeted advertising but not the underlying creation of profiles based on a broad combination of location, browsing, and other data.

That’s before you get to the fact that industry has worked tirelessly to try and ensure the FCC lacks the authority to do much of anything even if you could clearly prove they’re breaking the law or FCC rules.

For one, we don’t really have functional privacy laws for the modern Internet era, so there’s often no law to break. And the FCC has increasingly seen its authority on consumer protection and privacy stripped away by captured lawmakers as part of a multi-decade campaign to lobotomize telecom sector oversight. The agency also remains in a 2-2 commissioner voting gridlock specifically thanks to the lobbying of these same companies in pursuit of a zero-accountability environment.

Even if an intentionally underfunded, understaffed, and underpowered U.S. regulator can bring enforcement action and survive a legal campaign against a company like AT&T with unlimited resources, the penalties often wind up being a tiny fraction of the revenue gleaned from any abuse.

So while asking some questions and only just starting to consider holding companies accountable if they’re breaking the rules is a good start, it’s a comically belated one. And it may not mean a whole lot if boxed-in and/or captured regulators don’t meaningfully follow through.

Filed Under: browsing data, fcc, ftc, location data, surveillance, wireless