Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
AT&T Businesses Privacy The Courts United States

EFF Hits AT&T With Class-Action Lawsuit For Selling Customers' Location To Bounty Hunters (vice.com) 53

An anonymous reader quotes a report from Motherboard: Tuesday, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against AT&T and two data brokers over their sale of AT&T customers' real-time location data. The lawsuit seeks an injunction against AT&T, which would ban the company from selling any more customer location data and ensure that any already sold data is destroyed. The move comes after multiple Motherboard investigations found AT&T, T-Mobile, Sprint, and Verizon sold their customers' data to so-called location aggregators, which then ended up in the hands of bounty hunters and bail bondsman.

The lawsuit, focused on those impacted in California, represents three Californian AT&T customers. Katherine Scott, Carolyn Jewel, and George Pontis are all AT&T customers who were unaware the company sold access to their location. The class action complaint says the three didn't consent to the sale of their location data. The complaint alleges that AT&T violated the Federal Communications Act by not properly protecting customers' real-time location data; and the California Unfair Competition Law and the California Consumers Legal Remedies Act for misleading its customers around the sale of such data. It also alleges AT&T and the location aggregators it sold data through violated the California Constitutional Right to Privacy.
The lawsuit highlights AT&T's Privacy Policy that says "We will not sell your personal information to anyone, for any purpose. Period."

An AT&T spokesperson said in a statement "While we haven't seen this complaint, based on our understanding of what it alleges we will fight it. Location-based services like roadside assistance, fraud protection, and medical device alerts have clear and even life-saving benefits. We only share location data with customer consent. We stopped sharing location data with aggregators after reports of misuse."
This discussion has been archived. No new comments can be posted.

EFF Hits AT&T With Class-Action Lawsuit For Selling Customers' Location To Bounty Hunters

Comments Filter:
  • by weilawei ( 897823 ) on Thursday July 18, 2019 @07:11PM (#58948562)

    It's been redefined just like, "unlimited".

  • by Anonymous Coward

    What if AT&T sells location info to the POLICE instead of bounty hunters, can EFF still sue AT&T ?

    • What if AT&T sells location info to the POLICE instead of bounty hunters, can EFF still sue AT&T ?

      If they do it without requiring a warrant, then yes, that is illegal, and they can and should be sued.

  • The lawsuit highlights AT&T's Privacy Policy that says "We will not sell your personal information to anyone, for any purpose. Period."

    In other words, "We won't sell your info unless we do. Period."

    I wonder if that statement in their Privacy Policy is legally binding on them or perhaps actionable in some way.

    • by guruevi ( 827432 )

      They probably didn't sell it. Look in the Privacy Policy:

      Do research and analysis to maintain, protect, develop and improve our networks and services;
      Let you know about service updates, content, offers and promotions that may be of interest to you;
      Improve entertainment options;
      Deliver Relevant Advertising;
      Create External Marketing & Analytics Reports;

      So basically they don't have to sell it but a quid-pro-quo with a marketing agency is fair game.

      • by kqs ( 1038910 )

        Personally, I always thought that exchanging something of value for something of value was what "selling" means, but I've been confused before.

        • by Xenx ( 2211586 )
          That would be trading or bartering. Selling requires exchange of money, by definition.
          • Tell that to the IRS when they tax you for it. If what you receive can be considered income, then it can be considered a sale.

            • by Xenx ( 2211586 )
              That isn't how that works. It's still bartering, or trading. It doesn't matter than the profit you gain isn't monetary, it's still profit. The IRS refers to it as bartering in those cases.
              • The point is, it's only semantics - and might not be different enough in a legal sense to clear AT&T.

  • Civilian stalkers, security agencies, and any vindictive bureaucrat with passwords all are obvious candidates to use and abuse this kind of information. This case documents _exactly_ such illicit use of the data.

  • won't 99% of AT&T customers be under Arbitration contracts? The remaining 1% are probably lawyers for the EFF...
    • Typically that would only be contract disputes and general torts, and if your cause of action comes from some Federal statute then you would still sue normally.

  • "We will not sell your personal information to anyone, for any purpose. Period."

    But they will 'share' your information with third parties. They even said:

    We stopped sharing location data with aggregators after reports of misuse.

    Which obviously implies they WERE sharing before.

    Who else do they share (but don't sell) their data with?

    This is incredibly shady, and incredibly misleading. This is about akin to saying "Of course I won't steal your bicycle. I'm just going to borrow it indefinitely."

  • Smoke and mirrors (Score:5, Insightful)

    by mrwireless ( 1056688 ) on Friday July 19, 2019 @02:01AM (#58949896)

    You can't understand what's going on the databroker market unless you differentiate between raw and derived data.

    What they don't sell is your raw data: the data you provided knowingly, and, hopefully, the data observed about you.

    What they will sell is the derived data: the algorithmically generated scores, predictions and classifications. Most databrokers will claim that this is no longer your data, it's theirs. They may even go so far as to say this is protected as free speech, as it's their opinion about you.

    The trick is to ask the right question. Don't ask "do you sell my data", but instead ask "do you sell data about me".

    • by Anonymous Coward

      The trick is to storm the citadel and start breaking executive kneecaps.

      Barring that fear, nothing will change. We need EU style privacy laws.

  • by mysidia ( 191772 ) on Friday July 19, 2019 @09:57AM (#58951284)

    Location-based services like roadside assistance, fraud protection, and medical device alerts have clear and even life-saving benefits. We only share location data with customer consent. We stopped sharing location data with aggregators after reports of misuse.

    "Aggregators" are not involved directly with providing location-based services.

    ATT had allowed this system where these companies whose business was location aggregation was able to pay them and thus request the location information about any user, with seemingly no real safeguards --- since bounty hunters were able to pay the aggregator as well.

    ATT COULD have implemented technical or contractual safeguards imposed on the 3rd parties about security and privacy of location info; Or, for example, they could have implemented a customer approval system requiring responding to a text message containing explanation of who is requesting current location and for what purpose, before servicing a "get current location request".

  • "We stopped sharing location data with aggregators after reports of misuse." That's like saying "I stopped robbing banks after I discovered it was causing people harm. I plan on fighting any legal action brought against me though."

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White

Working...