Verizon Once Again Busted Handing Out Sensitive Wireless Subscriber Information To Any Nitwit Who Asks For It

(Mis)Uses of Technology

from the hey,-let's-do-absolutely-nothing-about-this-problem dept

Half a decade ago we documented how the U.S. wireless industry was caught over-collecting sensitive user location and vast troves of behavioral data, then selling access to that data to pretty much anybody with a couple of nickels to rub together. It resulted in no limit of abuse from everybody from stalkers to law enforcement — and even to people pretending to be law enforcement.

While the FCC purportedly moved to fine wireless companies for this behavior, the agency still hasn’t followed through. Despite the obvious ramifications of this kind of behavior during a post-Roe, authoritarian era.

Nearly a decade later, and it’s still a very obvious problem. The folks over at 404 Media have documented the case of a stalker who managed to game Verizon in order to obtain sensitive data about his target, including her address, location data, and call logs.

Her stalker posed as a police officer (badly) and, as usual, Verizon did virtually nothing to verify his identity:

“Glauner’s alleged scheme was not sophisticated in the slightest: he used a ProtonMail account, not a government email, to make the request, and used the name of a police officer that didn’t actually work for the police department he impersonated, according to court records. Despite those red flags, Verizon still provided the sensitive data to Glauner.”

In this case, the stalker found it relatively trivial to take advantage of Verizon Security Assistance and Court Order Compliance Team (or VSAT CCT), which verifies law enforcement requests for data. You’d think that after a decade of very ugly scandals on this front Verizon would have more meaningful safeguards in place, but you’d apparently be wrong.

Keep in mind: the FCC tried to impose some fairly basic privacy rules for broadband and wireless in 2016, but the telecom industry, in perfect lockstep with Republicans, killed those efforts before they could take effect, claiming they’d be too harmful for the super competitive and innovative (read: not competitive or innovative at all) U.S. broadband industry.

In fact, any time the FCC proposes doing absolutely anything about lax privacy standards in wireless or broadband, Republicans work in perfect synchronicity with Comcast, Verizon, and AT&T to demonize and crush the effort. They’re currently trying to block an FCC effort requiring that broadband providers do a better, faster job informing customers about hacks and data breaches.

The Republican party not only never has to truly own this dangerous policy decision in the press, you can often watch as cable news outlets present Republicans like Marsha Blackburn, Ted Cruz, or Brendan Carr as good faith privacy reformers (see their performative outrage about TikTok).

At the same time, Congress, as a whole, has proven too corrupt to pass even a basic privacy law for the internet era, despite no limit of problematic scandals. In part because there’s a massive coalition of companies across numerous industries lobbying against it, but also because this lax data-hoovering system we’ve constructed helps the government avoid having to get actual warrants.

So what we get is this steady beat of ugly and avoidable privacy scandals we’ve chosen to do nothing about. Those in power have effectively decided that making money is more important than market health, human safety, or pretty much anything else. Eventually, there will be a scandal at a scale so disturbing it finally shakes Congress out of its corrupt slumber, and it’s going to be a doozy.

Filed Under: location data, phone, privacy, security, stalker, verizon wireless service, wireless
Companies: verizon