Getting off easy –
Pai’s FCC fines carriers “less than one one-thousandth” of annual revenue.
These are “proposed” fines, meaning the carriers can dispute them and try to get them reduced or eliminated. The proposed fines are $ million for T-Mobile, $ million for AT&T, $ 91 million for Verizon, and $ 18 million for Sprint. That’s a total of $ million.
The FCC announcement said the carriers’ punishments are for ‘apparently selling access to their customers’ location information without taking reasonable measures to protect against unauthorized access to that information. ” The FCC said it also “admonished these carriers for apparently disclosing their customers’ location information, without their authorization, to a third party.”
Pai said that the FCC has taken “strong enforcement action” with today’s proposed fines. But the two Democrats on the Republican-majority commission said the fines are too low and criticized the Pai-led FCC for secrecy during the investigation.
“The FCC’s investigation is a late day and a dollar short,” Democratic Commissioner Jessica Rosenworcel said in a statement. “The FCC kept consumers in the dark for nearly two years after we learned that wireless carriers were selling our location information to shady middlemen.”
Commissioner Geoffrey Starks, the FCC’s other Democrat, said the FCC’s investigation was extensive enough:
The FCC said the size of each fine was based on how long each carrier sold access to customer-location data without appropriate safeguards and on the number of entities each carrier sold data to. according to Rosenworcel, the FCC is proposing “a $ , 05 fine for the violation of our rules — but only on the first day. For every day after that, it reduces to $ 2, 800 per violation. The FCC heavily discounts the fines the carriers potentially owe under the law and disregards the scope of the problem. ” Rosenworcel also said each carrier was given a ” – day pass, ” eliminating (days worth of fines.) “This 32 – day ‘get-out-of-jail-free’ card is plucked from thin air, “Rosenworcel said.
Location data leaked in
The FCC said it began its investigation “following public reports that a Missouri Sheriff, Cory Hutcheson, used a ‘location-finding service ‘operated by Securus, a provider of communications services to correctional facilities, to access the location information of the wireless carriers’ customers without their consent between and . “Carriers violated opt-in consent rule
The Communications Act requires carriers “to protect the confidentiality of certain customer data related to the provision of telecommunications service, including location information , “and” take reasonable measures to discover and protect against attempts to gain unauthorized access to this data, “the FCC said.
T-Mobile, AT&T, Verizon, and Sprint all “sold access to their customers’ location information to ‘aggregators,’ who then resold access to such information to third-party location-based service providers (like Securus), “the FCC said. “Although their exact practices varied, each carrier relied heavily on contract-based assurances that the location-based services providers (acting on the carriers’ on behalf) would obtain consent from the wireless carrier’s customer before accessing that customer’s location information.”
Hutcheson’s access to customer-location information makes it clear that the carriers did not make adequate efforts to safeguard the data, the FCC said. “Yet all four carriers apparently continued to sell access to their customers’ location information without putting in place reasonable safeguards to ensure that the dozens of location-based services providers acting on their behalf were actually obtaining consumer consent,” the FCC said.