from the everything-terrible-I-do-is-perfectly-legal dept
In a rare win for U.S. consumer privacy, the US Court of Appeals for the District of Columbia Circuit has ruled unanimously against T-Mobile and its subsidiary Sprint, upholding (for now) a $92 million 2020 FCC fine against the company for selling sensitive wireless customer location data without consumer consent.
For decades now major wireless companies have collected granular customer movement and location data (often down to the meter), then sold it to a long list of random dipshits — usually without bothering to clearly inform customers or get their consent. Five years ago, this resulted in folks like stalkers and people pretending to be law enforcement abusing said data.
Though this behavior had been going on for years generating untold billions, it only gained mainstream attention thanks to a 2018 New York Times story showcasing how police and the prison system routinely bought access to this data and then failed completely to secure it. In 2020, the FCC finally proposed fining wireless carriers $196 million ($91 million for T-Mobile, $57 million for AT&T, $48 million for Verizon).
Five years later, the three major carriers (who appealed the fines to three different courts) are still fighting accountability in court. With varying degrees of success. AT&T recently managed to convince the Trumplican-stocked Fifth circuit to vacate its fine entirely. T-Mobile, so far, isn’t having the same luck.
U.S. telecoms have worked tirelessly, with significant success, to ensure that the FCC has less and less authority to hold them accountable for anything. They’ve had particular success on this front in the Trump era, thanks to radical Supreme Court rulings like Loper Bright and the Securities and Exchange Commission v. Jarkesy.
Again here T-Mobile tried to argue the FCC overstepped its authority. They also tried to claim that rampant privacy violations were perfectly legal, but the DC Circuit wasn’t having it:
“Neither [Sprint nor T-Mobile] denies what happened. Instead, they argue that the undisputed facts do not amount to a violation of the law. The Carriers also argue that the Commission misinterpreted the Communications Act, miscalculated the penalties, and violated the Seventh Amendment by not affording them a jury trial. Because the Carriers’ arguments lack merit, we deny the petitions for review.”
T-Mobile can now apply for an en banc review, or try and have the case heard before the Trumplican-stocked Supreme Court (which they’ll likely win). Radical Trumplicans are having smashing success in dismantling whatever’s left of U.S. consumer protection, but T-Mobile has experienced a brief hiccup in that effort. Still, we’re still looking at another year or more of litigation, which could still end with T-Mobile facing no penalties at all.
This quibbling over FCC authority occurs because the U.S. is too corrupt to pass even a baseline privacy law for the Internet era. One, because widespread privacy abuses and the resulting dysfunction are wildly profitable for unethical companies, and two, because the U.S. government likes the ability to buy sensitive data as a means to bypass warrants.
As regulatory authority is hollowed out, U.S. privacy scandals continue to get increasingly more dire. Meanwhile T-Mobile, which spent most of its recent energy merging with Sprint, has increasingly let its privacy and security standards slip, resulting in the company being hacked eight times in just the last five years. Dismantling the regulatory state has very real costs, a lesson the U.S. is intent on refusing to learn.
Filed Under: consumers, dc circuit, fcc, fines, location, location data, privacy, security, wireless
Companies: sprint, t-mobile
