US data brokers sell geodata without user consent - their work will be regulated

    American data brokers are accused of selling information about the location of smartphones without the consent of users. We tell how the community responded to this.

    / Flickr / olli's place / CC BY

    Flowing data

    In early January, the Motherboard article appeared in the network, which raised the problem of free access to geodata of US smartphones. The portal writes that geolocation data to which data brokers have access often fall into the hands of third parties — for example, private detectives who are not authorized to work with such information.

    Who are data brokers
    Это компании-агрегаторы, собирающие информацию о пользователях интернет-сервисов и клиентах сотовых операторов, в том числе и геолокацию. Отметим, что все данные авторизованные брокеры получают только с согласия пользователей. Затем информация о местоположении мобильных устройств используется различными системами фрод-мониторинга и экстренными службами для поиска пострадавших.

    The author of the article writes that for the purpose of the experiment, he paid the private detective $ 300 and asked to track the smartphone with the T-Mobile operator number. In response to his request, he received a screenshot of Google Maps showing the location of the device with an accuracy of several hundred meters.

    This article caught the attention of American politicians. In particular, Senator Ron Wyden (Ron Wyden) began to actively advocate a ban on the sale of geolocation data. In his opinion, this should exclude situations when “doubtful” intermediary companies who resell geolocation data to unauthorized persons become customers of authorized brokers.

    Not the first time

    This is not the first time that the problem associated with leaks from data brokers is being discussed. Last spring, LocationSmart, which officially and with the consent of users receives geolocation data from mobile operators, resold them to another broker - Securus. His services were used by law enforcement agencies to track smartphones dialed by US prisoners. This was required by security protocols. But as it turned out, Securus provided access to data on the location of all mobile devices in the country.

    There was also information that one of the brokers transmitted data on the location of mobile devices to organizations that used them to spy on people. Then some US telecommunications providers — Verizon, AT & T, Sprint, and T-Mobile — promised to stop selling geolocation data to unauthorized brokers.

    Community response

    In the light of recent events, a number of American politicians decided to draw attention to problems in this area. Last year after the scandal with Securus, work began on the legal regulation of brokers. In particular, in the state of Vermont, laws were passed that oblige brokers to undergo annual certification and immediately report potential data breaches within a month. Similar measures have been approved in the state of Colorado.

    Senator Ron Widen, after the investigation Motherboard began to actively promote the law on the complete prohibition of the transfer of geolocation data to third parties. In his opinion, this will help to eliminate situations where the APs of the country's inhabitants fall into the hands of intruders. The Widen initiative was supported by other senators.

    / Flickr / Andrew Magill / CC BY

    As for representatives of telecommunications operators, they are also concerned about the current situation. For example, T-Mobile CEO John Ledger (John Legere), in the summer, “personally tackled the problem” and promised on his twitter that the company would stop supplying information about the location of US residents' devices to “doubtful intermediaries”.

    After the publication of the investigation Motherboard John said that the company completely stops working with aggregators of geodata. However, the process will take time. According to T-Mobile, this will happen in March of this year. For example, the operator has already terminated the contract with the broker Zumigo.

    Representatives of AT & T also noted that the situation described in the Motherboard investigation, when geo-data are sent to private detectives, violates the user agreement. The company said that they have ceased to transmit to brokers any information about the location of customer devices.

    As for the brokers themselves, they reacted to the situation differently. Some organizations (for example, Microbilt) removed information about work with geodata from their sites and ceased cooperation with unreliable companies that were suspected of reselling personal data to third parties.

    A broker Zumigo noted that the problem of illegal access to PD is in all industries. To guarantee that the information does not fall into the hands of attackers can not be. But to completely abandon the services that can benefit (for example, to search for cars that have fallen into an accident), also not worth it. To reduce potential damage and somehow protect personal data, representatives of the broker noted that they inform customers of the location of the device with an error of a kilometer.

    One way or another, as noted by one of the sources Motherboard, working in a brokerage firm, while on the data you can make money they will sell. Whether Senator Weiden’s bill can make a difference will be seen in the near future.

    Posts from the corporate blog VAS Experts:

    Свежие посты из нашего Хабраблога:

    Also popular now: