
AT&T says it’ll stop selling location data amid calls for federal investigation - tareqak
https://www.washingtonpost.com/technology/2019/01/10/phone-companies-are-selling-your-location-data-now-some-lawmakers-want-federal-investigation/
======
En_gr_Student
They are lying.

The only winning strategy is if the FBI does investigate, and if there is an
actual penalty. Nothing less will impact the long term behavior of AT&T or any
other cell company.

Seriously, it is game theory. They are saying "we will stop" because of the
presence of the threat. If the threat goes away, then they are going to keep
making money/selling you until the threat comes back. Like the boy crying
wolf, the villagers (fbi) takes longer to build momentum for the second event
than for the first.

The organization is the least common denominator, so its moral capacity is the
worst of a 5 year old child. Like raising/disciplining a child, the only way
to change their negative behavior is to add an expected penalty to the
behavior that is larger than the expected gain, so the risk-reward evaluation
they make says "don't do it".

~~~
wilkystyle
I'm not sure even a penalty will be enough, given how most of them end up
being a slap on the wrist that is easily affordable.

~~~
jonhohle
My hope would be that even if the slap is laughably small for the current
offense, the thread of larger fines for continued action would be a deterrent
to keep going.

My limited experience with legal issues at large companies is that once a
precedent has been set for legally risky behavior, the organization becomes
extremely averse to approaching that behavior again (due to optics, legal
complications, etc.). AT&T doesn't strike me as a company that cares all that
much about the optics from citizen customers (as opposed to business
customers), but being found to be a serial violator, i would hope, would have
larger consequence.

~~~
bradknowles
This is why corporate fines should be based on percentages of global gross
revenues, with minimums and no caps.

If your company might get fined and lose 5% of their global gross revenue for
being a repeat offender, that’s likely to be a much stronger incentive.

Especially if those fines double in percentage for every repetition of the
infraction.

------
hguhghuff
“Large company stops obviously inhumane/immoral behavior following gigantic
uproar from hundreds of thousands of people after being caught red handed
following years of secret misbehavior. Company Genuinely surprised, defends
its actions, reluctant to stop profitable activity, but willing to do so given
direct threat of action from government notoriously unwilling to stop
companies doing anything.”

Just substitute in company name and alleged misbehavior and repeat over and
over.

~~~
netcan
Ultimately... when it comes to a big enough company, these decisions get
squirrelly from the perspective of a moderate politician.

Take VW's emsissions test cheating. They broke the law, blatantly,
intentionally, for 6 years that we know of, with substantial financial and
competitive gains.

In Europe (most consequences were in the US), this is even more aggregious,
imo. European emissions standards, vehicle taxation and such are often
designed to give locals (esp VW) an advantage in the market. VW wrote a lot of
the rules they broke themselves, practically.

Anyway... Back to the moderate "jobs and harmony" politician. Handing out a
genuinely sufficient (enough so that crime doesn't pay, even if you only get
caught every 2nd time) penalty would endanger the solvency of the (limited
liability) company. That's not good for jobs.

Genuinely pursuing criminal charges against execs is something every major
company, bank and such cries "disaster" over.

It's kind of a "too big to fail" problem. Does Germany/EU care more about
fairness and rule of law or about the success of the biggest German company?

~~~
im3w1l
(Partially) nationalize it as a penalty. Screws over the shareholders without
endangering the jobs.

~~~
notSupplied
Why would you prioritize punishing the shareholders? Middle class savings are
also shareholders too, especially of big public companies. They're certainly
too diffuse to be complicit in the crime.

Punishing companies and shareholders has too much collateral damage to
innocent employees and shareholders. We should focus on criminal punishment of
executives via jailtime, not via fines.

------
raldi
Six months ago: "Verizon, Sprint, AT&T and T-Mobile stop sharing real-time
cell phone location data"

[https://www.zdnet.com/article/senator-rebukes-carriers-
shari...](https://www.zdnet.com/article/senator-rebukes-carriers-sharing-real-
time-location-data/)

But _this_ time they mean it.

~~~
mmrezaie
This is the same story in Sweden too. For a short period, I was part of the
team, and we were being asked to see how we can answer some questions with the
information for something around 10k peoples information in Spain and
Portugal. The way they just handed us the data and their explanation of why
this is not going to bite us back made me sick and I just left right away. But
the mentality of how to use these data in the business should be taught to
mainstream marketers. Obfuscation of these data to not pinpoint a single
person is not something that is as robust as people may think. I can easily
find myself in our neighborhood since I know some key points about myself!

~~~
retSava
Yeah, it's been shown time and time again how much de-anonymization can be
done on thought-to-be-anonymous data.

------
dawnerd
T-Mobile just did the same. I think what you'll see instead is the phone
companies selling the data directly instead of through a 3rd party broker.

In response to them claiming there's legitimate uses.. there's really not. If
someone needs roadside assistance you can ask if they can get your location or
require the caller to have a carrier app installed that requests location
data.

~~~
_jal
And hey, T-Mobile also did the same last year!

I fully expect them all to stop selling location data next year, too.

~~~
retSava
"I can quit anytime I want, I've done so hundreds of times already"

------
spinach
It's interesting that even companies that have a clear paid service do this
too. Companies like Google, Facebook and all sorts of free apps, rely on their
shady back-end manipulation/ads because their service is free, but that even
companies who actually have a product are doing these sorts of shady things as
well makes one wonder if there is a future where the web isn't so antagonistic
to the users.

~~~
acdha
We need something like the GDPR in the United States. Otherwise there’s always
going to be someone sleazy offering money which most managers won’t turn down
— the check makes their numbers better right now and it’ll be a long time if
ever before someone notices.

~~~
ptyyy
As much as I would love to have the protections offered by GDPR, I doubt it
would even make it past a committee vote. Telecom/technology lobbyists would
exert maximum pressure on legislators in order the proposal to die. There's
far too much money to be made in trafficking user data.

~~~
acdha
I don’t disagree that it’ll be hard but I think there’s more awareness of the
problem and rejection of “regulation is bad” propaganda than I can remember
seeing before. I won’t be surprised if something happens at the state level,
especially outside California.

------
superkuh
Even if they follow through and stick with it this doesn't meant they will
stop collecting and storing the data. All US mobile telcos store location
information for 2 to 5 years and that data is available on the drop of a hat
for any federal government agency that wishes to have it.

As actual 5G multiple-in multiple-out antenna beamforming arrays and
micro/nano/etc cells become more common the location data will be much more
fine grained as well.

The problem here is not the commercial providers selling it to 3rd parties.
The problem is them storing it for year and years. If it's there it will be
used.

------
bdz
Narrator: "They don't"

------
ceejayoz
Didn't they all promise this the _last_ time they got caught selling this
data?

~~~
wmf
"AT&T also said at the time it would be maintaining those of its agreements
that provided clear consumer benefits, such as location sharing for roadside
assistance services."

~~~
saagarjha
In the near future: “AT&T said in a statement today that they stand by the
views they expressed earlier regarding location sharing, saying that ‘matching
customers with ads is clearly in their best interests’.”

~~~
whatshisface
"Selling the names and locations of all people at all times allows us to
charge less for phone plans, and so is in the clear interests of the
consumer."

~~~
wmf
Sadly, Vizio made exactly this argument the other day about their TVs.

~~~
tyfon
The counter argument is obvious (but hated by marketing department).

If people loves their adds so much, just let them opt-in.

It should almost bring the server down from people pressing the "give me adds"
button if you are to believe how much people wants this :)

------
djohnston
CNN hasn't published anything on this and they are owned by AT&T. am i being a
tin-foil hat conspiracy theorist? it seems like lots of major outlets have
discussed it, including their major competitor fox news.

------
ianmf
I wouldn’t be surprised if this turns into a feature with a price attached.
AT&T location privacy add on. $5.

------
sitkack
We can know where the board of AT&T resides when they are in jail.

------
toufiqbarhamov
I don’t believe them, and I’m no longer interested in giving the industry more
chances. ISP’s need regulation, nothing else will stick for long.

~~~
criddell
I think it's nuts that your video rental records are better protected than
your phone records and ISP records. Maybe a future administration will rebuild
the anti trust departments and they will start to break apart companies like
Facebook, Alphabet, and Verizon.

~~~
xoa
> _companies like Facebook, Alphabet, and Verizon_

It may well be worth applying far stronger anti-trust to all of those, but I
still think it's a mistake to lump together some companies that are merely big
and have network effects with a company that has both government granted and
natural monopolies on limited physical infrastructure. Given the massive
backlash in just the last year against Facebook, and competitors growing vs
Alphabet, it is at least arguable that it's too early for drastic steps before
seeing what happens. There have been other big tech players that nevertheless
got displaced over a decade or two (Xerox, IBM say). And even if they do need
remedies, those may well be _different_ remedies then what would be
appropriate for Verizon (GDPR-style for example, transparency and control for
people over data). There is in fact only so much available usable EM spectrum,
or rights of way for cables. It's a different class of problem with different
solutions and tradeoffs.

I just worry that if you lump too disparate things together it'll become an
easy defense for the worst of them, and we'll end up with a situation where
the likes of Verizon or Comcast or AT&T or whomever refer to themselves as
part of the "Google/Facebook" group and then point to Bing and claim anti-
trust is overblown. Also, reducing the most end point monopolies could have
ripple effects up the stack, if everyone had content neutral symmetric WAN
links closer to LAN speeds again it could significant aid decentralization, at
least for the initial growth stages.

~~~
anderskaseorg
A network effect _is_ a kind of monopoly, and this monopoly power can be
abused like any other. It’s harder to compete with Facebook than it would be
in an idealized free market because there are only so many different platforms
a user will be willing to use to keep in touch with their friends. This fact
alone doesn’t automatically make Facebook evil, but does mean it deserves an
appropriate level of scrutiny and regulatory oversight like companies with
other kinds of monopoly power, even if the details differ.

~~~
Atheros
You're describing a "common carrier".

[https://en.wikipedia.org/wiki/Common_carrier#Telecommunicati...](https://en.wikipedia.org/wiki/Common_carrier#Telecommunications)

------
bitxbitxbitcoin
It's horrible that it has taken this much time get them to take action against
their bottom line.

------
danepowell
Are there any cell providers out there that don't do this kind of shady stuff?
It's unfortunate that this seems like another market failure, where consumers
have no real choice and the only solution will be punishment/legislation.

~~~
woodrowbarlow
also, would using a MVNO carrier prevent the tier-one carrier from having
access to location data? either technically or legally? i.e. is it even
possible for an MVNO to position themselves as "the carrier that doesn't do
this kind of shady stuff"?

~~~
woodrowbarlow
looks like this article answers both questions:

[https://motherboard.vice.com/en_us/article/d3bnyv/google-
dem...](https://motherboard.vice.com/en_us/article/d3bnyv/google-demanded-
tmobile-sprint-to-not-sell-google-fi-customers-location-data)

MVNOs can't really provide any protection. Google is "demanding" that their
tier-one carriers don't sell their MVNO customers' data, but just by throwing
their weight around. i doubt they'll continue after this blows over, and other
MVNOs don't have that kind of weight.

which means every single mobile customer in the US has to choose the least
shady infrastructure owner -- between ATT, Sprint, TMobile, or Verizon. those
are literally the only four options in terms of which company you want to
trust with a never-ending stream of your personal location data. and if you
use an MVNO, chances are good that _more than one_ of these companies has
access to your data.

------
forgotAgain
PR trying to recover from the fake 5G fiasco.

~~~
JustSomeNobody
Oh, they doubled down on that lie. The CEO fully supports lying to their
customers.

------
TACIXAT
Wow, exactly like last time.

------
woodandsteel
I could be wrong, but I strongly suspect that when they say they are going to
stop selling the data, what they mean is that they are going to switch over to
some indirect means that is technically not selling, but accomplishes the same
ends.

------
thrillgore
"for now."

The moment the heat is off, they'll go back to doing it.

The only way to stop it is with legislation.

------
spsrich
That's hilarious. What's the difference between AT&T and the federal
government ?

~~~
rayvy
About 10 feet of walkway ;)

------
joejerryronnie
I don’t like the idea of my data being harvested and passed around the
internet. And somebody selling my location data seems super creepy. But what
exactly is this data used for? Targeted advertising? Is that it?

------
paavoova
And people literally call me crazy for not carrying a phone around 24/7.

------
JustSomeNobody
Great. But, of course, there'll be a new service fee to offset the lost
revenue.

------
Yhippa
Are there carriers that do _not_ sell your location data?

------
rmrfrmrf
We desperately need to nationalize telecoms.

------
a-dub
we need laws. with teeth.

~~~
mdpopescu
Laws are usually backed by guns, but your idea might work too.

------
eximius
For how long?

------
rambojazz
Is there a mirror of this article somewhere? Something that is not paywalled?

~~~
nabnob
[https://outline.com/6p5YjC](https://outline.com/6p5YjC)

------
kyboren
Just like 6 months ago. I won't bother typing up my thoughts again and instead
just copy/paste what I wrote before:
[https://news.ycombinator.com/item?id=17416804](https://news.ycombinator.com/item?id=17416804)

> You should seriously consider [not carrying a cell phone] once more.

>

> These carriers will use the narrowest possible interpretation of their
> statements. Historical

> location data appears to be fair game, and perhaps they'll just launch their
> own competing

> service so they aren't providing anything to a third party. These carriers
> all constantly

> record your location data and see it as another potential source of revenue.
> The law (in the

> US) does not prevent them from trading it, sharing it, selling it, targeting
> advertising

> using it, etc.

>

> They got caught with their hands in the cookie jar this time and are
> pretending to be really

> sorry about it so that the law stays that way, and they can go back to
> stealing cookies once

> this all dies down a bit. Don't for a second think that this means your
> location data will

> not be used against you in order for the carrier to make a quick buck.

~~~
A2017U1
What about simply not using a sim?

Depends on circumstance but I can survive just fine without one in many
cities. At home I have the wifi from so many restaurants/bars that even on the
move I usually get a connection.

~~~
kyboren
I'm not sure how much that helps.

That should prevent carriers from being told/trivially discovering your phone
number, but your cell radio might still broadcast with your IMEI, which is at
least as uniquely identifying.

The best is not to have a cellular radio, or to disable physically your
phone's radio (e.g. as the Librem 5 will be designed to do). If that's too
difficult or involved, soft disable the radio ('airplane mode'). That,
however, requires you to trust the software really does keep the radio off.

~~~
A2017U1
Fair point, tempted to go down this rabbit hole with a SDR.

You'd assume airplane mode should completely disable it simply for airline
regulation reasons, but can't say for certain, and some manufacturers perhaps
dont care. Xaiomi and Huawei come to mind.

------
keepper
So many people up in arms about Facebook. When the reality is that both cell
phone providers and ISP's ACTUALLY sell your data. Both location data and DNS
query logs. But sure, let's focus on the "social media boogie man".

~~~
huntermeyer
While I agree with you in part, social media isn't a "boogie man". Their data
brokering behavior is harmful. ISPs data brokering behavior is harmful. Both
things can be true.

~~~
keepper
Define data brokering. Only Targeting isn’t brokering. Being naive and opening
an app platform that allows users to give some information isn’t brokering.
Selling bundles of PII without the users knowledge from quasi legal sources to
companies and government agencies in digestible form is.

There are actual data brokers in the advertising industry. Seedy companies who
with a tracking pixel ( or just outright data dumps ) can give you actual PII
data. Facebook ( and to and extend google, althought an insane amount of
malware goes thru google ads,I’m sure you’ve gotten the “you’ve won
redirects”), have been putting those companies out of business.

Both Facebook and google have a ton of flaws. Facebook has been super naive on
some areas. But Most of the reporting on their “data issues”, have not
remotely offered a real view of the industry, or what actually happened.

~~~
mtgx
Facebook may have not "sold" the data but they were "sharing" it with other
companies like Huawei, Acxiom, etc. I don't see how that's any better. They
were giving it in exchange for other data or favor instead of monetary
compensation.

~~~
rock_hard
Nope they were not!

It was the other way around! You were able to use Acxiom/etc data to target
people on Facebook

~~~
djohnston
it blows my mind that, even in a community as technically literate as HN,
people are hurr-durr on "facebook selling my data!"

