AT&T came under fire in the last year or so — as did rival carriers Sprint, Verizon and T-Mobile — when press reports surfaced about the practice of carriers selling location data about its users. The Federal Communications Commission opened an investigation, and the carriers promised to drop the practice.
Meanwhile, a new letter made public from AT&T actually defends the behavior it got called to the carpet on, saying the company stayed within legal bounds — but that, fine, we went ahead and stopped the practice anyway.
In the letter to FCC commissioner Jessica Rosenworcel, AT&T defends the practice of making customer location data available to aggregators in some scenarios that it says are perfectly legitimate. “There can be real, and potentially life-saving, benefits,” the carrier writes, “when a towing company receives the location of a stranded motorist who does not know the nearest mile marker; or a son or daughter uses a medical alert device to locate an injured elderly parent; or a bank uses location information to thwart fraud and identify theft.”
Highlighting those emergency use cases is actually an important point. AT&T explains in the letter that it hasn’t violated federal law because the data it’s made available to third parties unbeknownst to the user is data that’s known as A-GPS. That’s a kind of data gathered for use in emergency situations as well as when GPS is needed, like when your Uber ride is trying to find you by your phone signal. That’s different from a kind of data the FCC doesn’t allow to be sold and data that’s housed in what’s known as the NEAD (which stands for National Emergency Address Database), which AT&T says is much more specific that A-GPS is.
Thus, the AT&T letter continues, media reports “regarding the legal requirements associated with A-GPS,’ are inaccurate and misplaced.” The company also stresses that it ended the practice of selling user location data to aggregators and other third parties in March.
A piece from The Verge on Friday, however, notes that while AT&T may be “technically correct” by saying it hasn’t violated FCC rules, the sale of location data may still constitute a violation of Section 222 of the Communications Act of 1934.