(Bloomberg) -- Verizon Communications Inc. and AT&T Inc. will rein in third-party selling of their phone-location data after a prison contractor let law-enforcement officers track wireless customers without authorization.
The two largest U.S. wireless carrier announced the move in response to a plea from Senator Ron Wyden, a Democrat from Oregon. The legislator had demanded last month that carriers and the Federal Communications Commission investigate the practice of tracking phones by Securus Technologies Inc., which provides telecom services to prisons and jails.
The situation has renewed concerns about user privacy in the U.S., following revelations this year about Cambridge Analytica, a political consulting firm that used Facebook Inc. customer data without consent.
“When these issues were brought to our attention, we took immediate steps to stop it,” Rich Young, a Verizon spokesman, said in an email. “Customer privacy and security remain a top priority for our customers and our company. We stand by that commitment to our customers.”
Securus’s primary purpose is letting inmates communicate with the outside world. For instance, it offers prepaid debit cards for prisoners to make phone calls and helps set up videoconferencing between inmates and their families.
But it drew outcry after developing a website that let law-enforcement officials find people -- including non-inmates -- using the location of their phones. For instance, a Missouri sheriff used the tracking service to target a judge and other law-enforcement officers, according to a New York Times story.
When Wyden voiced concerns about Securus last month, he noted that wireless carriers are only supposed to provide real-time location data to law-enforcement agencies after a court order is obtained. Securus users -- typically law-enforcement and correctional facilities -- were able to sidestep the usual court-authorized requirements on tracking customer locations.
The practice skirts the carriers’ “legal obligation to be the sole conduit by which the government conducts surveillance of Americans’ phone records, and needlessly exposes millions of Americans to potential abuse and surveillance by the government,” Wyden said at the time.
The Securus flap also spotlighted the use of third-party data aggregators by Verizon and AT&T. Verizon has worked with two such firms, LocationSmart and Zumigo, which provide location-based services to corporate customers. Those services have many legitimate purposes, including using data to route a customer’s call or prevent identify fraud, the company said. About 75 intermediaries have received services through those two brokers.
But Securus purchased Verizon customer data through LocationSmart. And that has prompted Verizon to end its agreement with both companies. AT&T took a similar step on Tuesday, though it said it would have to make sure that roadside assistance and other services are preserved.
Verizon said that it immediately blocked Securus once it determined the company was accessing location information for unauthorized purposes. AT&T, meanwhile, said it never authorized Securus to use its data and is investigating how the company gained access.
“Our top priority is to protect our customers’ information,” said Jim Greer, an AT&T spokesman. “To that end, we will be ending our work with aggregators for these services as soon as practical in a way that preserves important, potential lifesaving services.”
T-Mobile US Inc., the third-largest U.S. carrier, said it too shut down location data to Securus. The company is now reviewing its policies.
Sprint Corp., No. 4 in the industry, also sent a letter to Wyden, saying that it only provides location information to aggregators under privacy safeguards -- and in response to court-approved requests. Sprint didn’t mention Securus.
©2018 Bloomberg L.P.