FCC Chairman Ajit Pai (Credit: Chip Somodevilla/Staff via Getty)

The FCC has concluded that "one or more" wireless carriers violated federal law by selling customers' real-time location information to third-party companies.

FCC Chairman Ajit Pai revealed the finding in Friday letters sent to US lawmakers. They came in response to news reports that said real-time location data was ending up in the hands of law enforcement and bounty hunters without a warrant.

"I wish to inform you that the FCC's Enforcement Bureau has completed its extensive investigation and that it has concluded that one or more wireless carriers apparently violated federal law," Pai wrote.

He refrained from naming which wireless carriers broke the law. "Our general process is to provide names after adoption of any enforcement action," an FCC spokesman told PCMag. According to letters, Pai plans on circulating the proposed penalty to the FCC's other commissioners in the coming days.

The issue was first brought to light in May 2018 when The New York Times reported on how a little-known prison IT company was buying the location data to run a phone-tracking service for police and correctional officers. By simply plugging in a phone number, the service could let you access the real-time location data of a target device without a court-issued warrant.

The prison IT company, Securus Technologies, was apparently buying the data from third-party "data aggregators," which help the mobile carriers manage location-based service requests coming from mobile apps and internet services. The same location data can be harvested and sold off, with consumers often unaware of what they're consenting to. A follow-up report from Motherboard last year found bounty hunters were able to get the location data as well by paying only a few hundred dollars.

In response, the major mobile carriers vowed to take action, and cut off the data sharing. However, critics including Senator Ron Wyden (D-Oregon) and FCC Commissioner Jessica Rosenworcel demanded US regulators step up and crack down on the practice. It now appears they're getting their wish following questions from Congress over the status of the FCC's investigation.

"Today this agency finally announced that this was a violation of the law," Rosenworcel wrote in response to the news. "Millions and millions of Americans use a wireless device every day and didn't sign up for or consent to this surveillance."

The remaining question is the proposed penalty. The FCC declined to comment on what it might entail. But if the penalty is perceived as a slap on the wrist, US lawmakers and the FCC's Democratic commissioners will almost certainly blast Pai after previously criticizing him for his handling of the investigation.

Further Reading

Security Reviews