Wireless carriers defend location data policies to Congress

The nation's Tier 1 wireless carriers defended the way they collect and store subscribers' location data in letters to Congress. The companies argued that while they collect location information to keep their networks functioning properly and provide location-based services, they do not rent or sell any information they collect and that they go to great lengths to ensure that the data is secure.

The carriers laid out their stances on collecting and storing location data in letters sent to Reps. Ed Markey (D-Mass.) and Joe Barton (R-Texas), co-chairmen of the Congressional Bipartisan Privacy Caucus. The lawmakers had asked Verizon Wireless (NYSE:VZ), AT&T Mobility (NYSE:T) Sprint Nextel (NYSE:S) and T-Mobile USA in March to explain in detail what personal information they collect, how it is used and whether the location data is used for marketing.

In their responses, the carrier said that they ask for subscribers' consent before tracking their location, but they lamented that they cannot control how third-party applications that subscribers download will use their location information. That issue was of particular concern to the lawmakers.

"While I am happy to hear that carriers inform their customers of the risks of using independent third-party applications, third-party developers can access the location of customers anytime they want," Barton said in a statement. "I believe it is time we hold third-party developers accountable, and I am determined to work with other members of Congress to get this done."

While much of the carriers' responses are boilerplate--most cited their terms of service that outlines how they use location data--the responses are notable in the wake of the imbroglio regarding Apple (NASDAQ:AAPL) and Google's (NASDAQ:GOOG) methods for tracking and storing location data collected from smartphones.

Of particular note in the wireless carrier responses were AT&T and Sprint's answers to questions on how they store location information, how long it is stored and how it is disposed of. In its response, AT&T said that it in 2009 it started a program to encrypt all subscribers' "sensitive personal information"--such as longitude and latitude information and when that information is associated with a customer name or credit card number--and that the project should be finished by next year. AT&T stated that location information can be stored for as little as several days, but depending upon the platform, such as call and data detail records, might be kept for as long as five years.

Sprint, meanwhile, said it encrypts customers' personal information when it is transmitted outside of Sprint's network to, say, a vendor. Sprint said it uses logical access controls at the operating system, database and network layers to safeguard subscribers' data, and that access to such data is blocked off when an employee or contractor leaves Sprint. Additionally, Sprint said that requests for location data are processed through a specific internal gateway, and that they are logged and retained in an unreadable format for two years, but no actual location data is included in those records.

Verizon did not disclose whether it encrypts location data, but said that it has corporate policies in place to protect the privacy of sensitive customer information, including encryption policies. T-Mobile did not disclose its encryption tactics, but said that it uses a variety of physical, electronic and procedural safeguards to protect customer information, and those vary based upon the type and sensitivity of the information.

The furor over location data reached a boil this week. In a rare interview, Apple CEO Steve Jobs said that the company does not track iPhone users' locations, but said that iOS devices are in fact gathering location information to maintain a database of Wi-Fi hotspots and cell towers in the user's vicinity. Meanwhile, Google has said it collects information anonymously and provides "users with notice and control over the collection, sharing and use of location" on Android phones, according to the Wall Street Journal. Apple and Google were sued this week in federal court by customers over the location data issue. Both companies intend to send representatives to testify at upcoming congressional hearings on the issue.

For more:
- see this release
- see this WSJ article (sub. req.)
- see this Politico article
- see this CNet article
- see this Verizon response (PDF)
- see this AT&T response (PDF)
- see this Sprint response (PDF)
- see this T-Mobile response (PDF)
- see this WSJ article (sub. req.)

Related Articles:
Lawmakers probe wireless carriers on location data
Congressman urges FTC probe of iPhone location tracking
Apple: We're not tracking the location of your iPhone
iPhone location tracking targeted in class action suit
Apple CEO Jobs on location data: 'We don't track anyone'
Lawmakers press Apple on location collection and sharing policies
Google continues to feel fallout from collecting WiFi payload data