Last week, news broke that real-time cell phone location data from Sprint, AT&T, and T-Mobile was available for sale on the black market. With just $300, a journalist was able to buy a phone’s geolocation from a bounty hunter, Motherboard reported.
As was previously reported, the cell phone carriers were selling location data to companies that were technically obligated to protect it from falling into unauthorized hands, and to obtain permission from consumers before selling it. In practice, however, these restrictions were ineffective at stopping the unauthorized and potentially illegal flow of such information.
The data would often change hands multiple times. Sen. Ron Wyden (D-Ore.), who helped the New York Times expose other unauthorized use of geolocation data last May, quipped that the contracts between cell phone carriers and the companies they sold location data to were essentially “the legal equivalent of a pinky promise.”
In an email, Sprint told Motherboard that “recent events” had led to its decision to stop selling real-time location data.
In its statement, AT&T also indicated that reporting on the issue had inspired it to clean up its act, though the company did complain that some location aggregation services have “clear consumer benefits,” presumably referring to services such as roadside assistance.
Consumers will subsequently have to give their permission before their location can be shared with a third party—which is technically already the law.
T-Mobile and AT&T separately said that they would stop selling geolocation information in March. Sprint did not provide a definitive date when it will do the same.