Senate Democrat Ron Wyden (Oregon) is slamming the wireless carriers for their “atrocious track record” on privacy.
“By now, we have established that there is a clear, ongoing pattern of misuse and abuse of consumer data by wireless carriers,” Wyden said Wednesday on Twitter. “Now it’s time to talk about what Congress is going to do about it.”
The lawmaker, who recently floated a federal privacy bill, also blasted the carriers' CEOs.
“It is now abundantly clear that you have failed to be good stewards of your customers' private location information,” Wyden wrote Wednesday in a letter sent to top executives at AT&T, Sprint, Verizon and T-Mobile, and obtained by the publication Motherboard.
Wyden's new criticism comes after T-Mobile informed him about a previously undisclosed privacy breach. Last month, T-Mobile said in a letter to Wyden that the company had experienced at least five incidents involving alleged misuse of data that the company had shared with aggregators. Four of those incidents had already been publicized, but one -- which occurred in 2014 -- hadn't been disclosed before, according to Motherboard.
On Wednesday, Wyden told the carriers they're legally required to protect their subscribers' private information -- including location data -- and to inform federal law enforcement officials of breaches.
“Given your companies' atrocious track record protecting location data, Americans have good reason to doubt your compliance with your legal obligation to report such breaches,” Wyden wrote to the companies.
He is now asking the carriers to provide detailed information about any instances after 2009 in which the company shared location data with third parties who fraudulently obtained the information.
Earlier this year, Motherboard reported that the country's largest carriers were selling customers' location data to third parties. Motherboard's article detailed how a reporter paid a “bounty hunter” $300 to track a phone's location to a neighborhood in Queens, New York.
The carrier for that phone was T-Mobile, which reportedly shared the location data with the aggregator Zumigo, which in turn shared the data with Microbilt. Microbilt then shared the information with a bounty hunter, who shared it with a bail industry source.
After the report was published, the carriers promised to stop selling location data to third parties.