AT&T and Verizon on Tuesday pledged to stop providing phone location data from cellular phone owners to data brokers following a leak of real-time location data.
The decision transpired
following an investigation by Senator Ron Wyden (D-Oregon), who found that law enforcement agencies could use the data to track people without their consent. The practice is common and legally done
with a search warrant.
"When these issues were brought to our attention, we took immediate steps to stop it,” Rich Young, spokesperson for Verizon, wrote in an email to Search
Marketing Daily. “Customer privacy and security remain a top priority for our customers and our company. We stand-by that commitment to our customers."
In a letter released
Tuesday from Verizon to Senator Wyden, the parent company of online ad firm Oath, which includes the former businesses of AOL and Yahoo, said it would end the practice of selling customer location
data to vendors that aggregate the data.
Verizon would do so after discovering that brokers who purchased data did not verify whether its users had legal permission to track cell phone users
through its service.
"Location data from Verizon and other carriers makes it possible to identify the whereabouts of nearly any phone in the U.S. within seconds," wrote security reporter Brian
Krebs in a May blog post.
Krebs wrote
that tracking firm LocationSmart leaked customer location data from all major U.S. mobile carriers — AT&T, Sprint, T-Mobile and Verizon — without consent. The New York Times
broke the news on May 10.
The Verge reported that because Verizon had little oversight into two California-based data brokers — LocationSmart and Zumigo — more than
75 companies had access to real-time user location data, which the telcom carrier claims to have had no control over. That means no control of how the brokers used the data.
The media outlet
also reported that AT&T followed suit later in the day.