PRIVACY: Selling 911 location data is illegal—US carriers reportedly did it anyway.

“The Motherboard investigation has uncovered what appears to be a clear violation of what the FCC required” in orders released in 2015 and 2017, Public Knowledge Policy Fellow Dylan Gilbert wrote. The 2017 order refers to data in the National Emergency Address Database (NEAD), saying that “the data in the NEAD and any data associated with the NEAD may not be used for any non-911 purpose, except as otherwise required by law.”

In order to use that database, mobile carriers “must certify that they will not use the NEAD or associated data for any purpose other than for the purpose of responding to 911 calls, except as required by law,” the FCC’s 2015 order states.

Section 222 of the Communications Act is the US law that requires carriers to protect CPNI, and it says that carriers may not use or disclose location information “without the express prior authorization of the customer.”

“The location of a customer’s use of a telecommunications service also clearly qualifies as CPNI,” the FCC said in a 2013 declaratory ruling.

“The Federal Communications Commission, led by Chairman Ajit Pai, needs to act immediately to enforce what appears to be a clear violation of the FCC’s rules against the selling of A-GPS data with third parties,” Gilbert wrote.

This kind of thing won’t stop until the punishment is commensurate with the crime. To that end, I humbly suggest a fine of triple the money collected from data sales, to be distributed to wireless customers whose data was sold.