{"id":12403,"date":"2018-05-26T10:17:08","date_gmt":"2018-05-26T18:17:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/05\/26\/news-6172\/"},"modified":"2018-05-26T10:17:08","modified_gmt":"2018-05-26T18:17:08","slug":"news-6172","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/05\/26\/news-6172\/","title":{"rendered":"Why Is Your Location Data No Longer Private?"},"content":{"rendered":"<p><strong>Credit to Author: BrianKrebs| Date: Sat, 26 May 2018 16:18:48 +0000<\/strong><\/p>\n<p>The past month has seen one blockbuster revelation after another about how our mobile phone and broadband providers have been leaking highly sensitive customer information, including <a href=\"https:\/\/krebsonsecurity.com\/2018\/05\/mobile-giants-please-dont-share-the-where\/\" target=\"_blank\" rel=\"noopener\">real-time location data<\/a> and customer account details. In the wake of these consumer privacy debacles, many are left wondering who&#8217;s responsible for policing these industries? How exactly did we get to this point? What prospects are there for changes to address this national privacy crisis at the legislative and regulatory levels? These are some of the questions we&#8217;ll explore in this article.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-40944\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/09\/capitol.png\" alt=\"\" width=\"591\" height=\"277\" srcset=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/09\/capitol.png 1095w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/09\/capitol-580x272.png 580w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/09\/capitol-768x360.png 768w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/09\/capitol-940x440.png 940w\" sizes=\"auto, (max-width: 591px) 100vw, 591px\" \/><\/p>\n<p>In 2015,\u00a0the <strong>Federal Communications Commission<\/strong> under the Obama Administration reclassified broadband Internet companies as telecommunications providers, which gave the agency authority to regulate broadband providers the same way as telephone companies.<\/p>\n<p>The FCC also came up with so-called &#8220;<strong>net neutrality<\/strong>&#8221; rules designed to prohibit Internet providers from blocking or slowing down traffic, or from offering &#8220;fast lane&#8221; access to companies willing to pay extra for certain content or for higher quality service.<\/p>\n<p>In mid-2016, the FCC adopted new privacy rules for all Internet providers that would have required providers to seek opt-in permission from customers before collecting, storing, sharing and selling anything that might be considered sensitive &#8212; including Web browsing, application usage and location information, as well as financial and health data.<\/p>\n<p>But the Obama administration&#8217;s new FCC privacy rules didn&#8217;t become final until December 2016, a month after then <strong>President-elect Trump<\/strong> was welcomed into office by a Republican controlled House and Senate.<\/p>\n<p>Congress still had 90 legislative days (when lawmakers are physically in session) to pass a resolution killing the privacy regulations, and on March 23, 2017 the Senate voted 50-48 to repeal them. Approval of the repeal in the House passed quickly thereafter, and <a href=\"https:\/\/www.washingtonpost.com\/news\/the-switch\/wp\/2017\/04\/04\/trump-has-signed-repeal-of-the-fcc-privacy-rules-heres-what-happens-next\/\" target=\"_blank\" rel=\"noopener\">President Trump officially signed it on April 3, 2017<\/a>.<\/p>\n<p>In <a href=\"https:\/\/www.washingtonpost.com\/opinions\/no-republicans-didnt-just-strip-away-your-internet-privacy-rights\/2017\/04\/04\/73e6d500-18ab-11e7-9887-1a5314b56a08_story.html?noredirect=on&amp;utm_term=.115f6c2bebb0\" target=\"_blank\" rel=\"noopener\">an op-ed<\/a> published in <em>The Washington Post<\/em>, <strong>Ajit Pai<\/strong> &#8212; a former <strong>Verizon<\/strong> lawyer and President Trump&#8217;s pick to lead the FCC &#8212; said &#8220;despite hyperventilating headlines, Internet service providers have never planned to sell your individual browsing history to third parties.&#8221;<\/p>\n<div id=\"attachment_43997\" style=\"width: 261px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-43997\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2018\/05\/pai.png\" alt=\"\" width=\"251\" height=\"277\" \/><\/p>\n<p class=\"wp-caption-text\">FCC Commissioner Ajit Pai.<\/p>\n<\/div>\n<p>&#8220;That\u2019s simply not how online advertising works,&#8221; Pai wrote. &#8220;And doing so would violate ISPs\u2019 privacy promises. Second, Congress\u2019s decision last week didn\u2019t remove existing privacy protections; it simply cleared the way for us to work together to reinstate a rational and effective system for protecting consumer privacy.&#8221;<\/p>\n<p><strong>Sen. Bill Nelson<\/strong> (D-Fla.) came to a different conclusion, predicting that the repeal of the FCC privacy rules would allow broadband providers to collect and sell a &#8220;gold mine of data&#8221; about customers.<\/p>\n<aside id=\"\" class=\"nativo-promo nativo-promo-1 smartphone\"><\/aside>\n<p>&#8220;Your mobile broadband provider knows how you move about your day through information about your geolocation and internet activity through your mobile device,&#8221; <a href=\"https:\/\/www.computerworld.com\/article\/3184392\/security\/senate-votes-to-kill-fccs-broadband-privacy-rules.html\" target=\"_blank\" rel=\"noopener\">Nelson said<\/a>. The Senate resolution &#8220;will take consumers out of this driver\u2019s seat and place the collection and use of their information behind a veil of secrecy.&#8221;<\/p>\n<p>Meanwhile, pressure was building on the now Republican-controlled FCC to repeal the previous administration&#8217;s net neutrality rules. The major ISPs and mobile providers claimed the new regulations put them at a disadvantage relative to competitors that were not regulated by the FCC, such as <strong>Amazon<\/strong>, <strong>Apple<\/strong>, <strong>Facebook<\/strong> and <strong>Google<\/strong>.<\/p>\n<p>On Dec. 14, 2017, FCC Chairman Pai joined two other Republic FCC commissioners in a 3-2 vote to dismantle the net neutrality regulations.<\/p>\n<p>As <em>The New York Times<\/em> <a href=\"https:\/\/www.nytimes.com\/2017\/12\/14\/technology\/net-neutrality-repeal-vote.html\" target=\"_blank\" rel=\"noopener\">observed<\/a> after the net neutrality repeal, &#8220;the commission\u2019s chairman,\u00a0Ajit Pai, vigorously defended the repeal before the vote. He said the rollback of the rules would eventually benefit consumers because broadband providers like AT&amp;T and Comcast could offer them a wider variety of service options.&#8221;<\/p>\n<p class=\"css-c65vdd e2kc3sl0\">\u201cWe are helping consumers and promoting competition,\u201d Mr. Pai said. \u201cBroadband providers will have more incentive to build networks, especially to underserved areas.\u201d<\/p>\n<h4>MORE OR LESS CHOICE?<\/h4>\n<p>Some might argue we&#8217;ve seen reduced competition and more industry consolidation since the FCC repealed the rules. Major broadband and mobile provider <strong>AT&amp;T<\/strong> and cable\/entertainment giant <strong>Time Warner<\/strong> are now <a href=\"https:\/\/slate.com\/technology\/2018\/05\/at-and-t-and-time-warner-trial-the-case-for-fearing-this-merger.html\" target=\"_blank\" rel=\"noopener\">fighting the Justice Department<\/a> in a bid to merge. Two of the four-largest mobile telecom and broadband providers &#8212; <strong>T-Mobile<\/strong> and <strong>Sprint<\/strong> &#8212; have announced plans for a $26 billion merger.<\/p>\n<p>The FCC privacy rules from 2016 that were overturned by Congress sought to give consumers more choice about how their data was to be used, stored and shared. But consumers now have less &#8220;choice&#8221; than ever about how their mobile provider shares their data and with whom. Worse, the mobile and broadband providers themselves are failing to secure their own customers&#8217; data.<\/p>\n<p>This month, it emerged that the major mobile providers have been giving commercial third-parties the ability to instantly look up the precise location of any mobile subscriber in real time. KrebsOnSecurity broke the news that one of these third parties &#8212; <strong>LocationSmart<\/strong> &#8212; <a href=\"https:\/\/krebsonsecurity.com\/2018\/05\/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site\/\" target=\"_blank\" rel=\"noopener\">leaked this ability for years to anyone via a buggy component on its Web site<\/a>.<\/p>\n<div id=\"attachment_43840\" style=\"width: 598px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-43840\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2018\/05\/lsmartdemo.png\" alt=\"\" width=\"588\" height=\"462\" \/><\/p>\n<p class=\"wp-caption-text\">LocationSmart&#8217;s demo page featured a buggy component which allowed anyone to look up anyone else&#8217;s mobile device location, in real time, and without consent.<\/p>\n<\/div>\n<p>We also learned that another California company &#8212; <strong>Securus Technologies<\/strong> &#8212; was selling real-time location lookups to a number of state and local law enforcement agencies, and that accounts for dozens of those law enforcement officers were obtained by hackers.\u00a0 Securus, it turned out, was ultimately getting its data from LocationSmart.<\/p>\n<p>This week, researchers discovered that <a href=\"https:\/\/www.zdnet.com\/article\/tmobile-bug-let-anyone-see-any-customers-account-details\/\" target=\"_blank\" rel=\"noopener\">a bug in T-Mobile&#8217;s Web site<\/a> let anyone access the personal account details of any customer with just their cell phone number, including full name, address, account number and some cases tax ID numbers.<\/p>\n<p>Not to be outdone, Comcast was revealed to have exposed sensitive information on customers through <a href=\"https:\/\/www.zdnet.com\/article\/comcast-bug-leaks-xfinity-home-addresses-wireless-passwords\/?eminfo=%7b%22EMAIL%22%3a%22VLzRxZi4rMVdgSngCyb3GeQhYo7NmfVjwQUDPlrOtHw%3d%22%2c%22BRAND%22%3a%22FO%22%2c%22CONTENT%22%3a%22Newsletter%22%2c%22UID%22%3a%22FO_DTA_09F95225-D548-4858-B2A9-9F65162EB451%22%2c%22SUBID%22%3a%2282537088%22%2c%22JOBID%22%3a%22750449%22%2c%22NEWSLETTER%22%3a%22DATA_SHEET%22%2c%22ZIP%22%3a%22%22%2c%22COUNTRY%22%3a%22%22%7d\" target=\"_blank\" rel=\"noopener\">a buggy component of its Web site<\/a> that could be tricked into displaying the home address where the company&#8217;s wireless router is located, as well as the router&#8217;s Wi-Fi name and password.<\/p>\n<p>It&#8217;s not clear how FCC Chairman Pai intends to &#8220;reinstate a rational and effective system for protecting consumer privacy,&#8221; as he pledged after voting last year to overturn the 2015 privacy rules. The FCC reportedly has taken at least tentative steps to open an inquiry into the LocationSmart debacle, although <strong>Sen. Ron Wyden<\/strong> (D-Ore.) has called on Chairman Pai to recuse himself on the inquiry because Pai once represented Securus as an attorney. (Wyden also had <a href=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2018\/05\/wydenstatement.png\" target=\"_blank\" rel=\"noopener\">some choice words<\/a> for the wireless companies).<\/p>\n<p>The major wireless carriers all say they do not share customer location data <em>without customer consent<\/em> or in response to a court order or subpoena. Consent. All of these carriers pointed me to their privacy policies. It could be the carriers believe these policies clearly explain that simply by using their wireless device customers have opted-in to having their real-time location data sold or given to third-party companies.<\/p>\n<p><strong>Michelle De Mooy<\/strong>,\u00a0director of the privacy and data project at the <a href=\"https:\/\/www.cdt.org\" target=\"_blank\" rel=\"noopener\">Center for Democracy &amp; Technology<\/a>\u00a0(CDT), said if the mobile giants are burying that disclosure in privacy policy legalese, that&#8217;s just not good enough.<\/p>\n<p>&#8220;Even if they say, &#8216;Our privacy policy says we can do this,&#8217; it violates peoples&#8217; reasonable expectations of when and why their location data is being collected and how that&#8217;s going to be used. It&#8217;s not okay to simply point to your privacy policies and expect that to be enough.&#8221;<\/p>\n<p><span id=\"more-43910\"><\/span><\/p>\n<h4>CHECKING THE FTC&#8217;S RECORD<\/h4>\n<p>When the FCC&#8217;s repeal of the net neutrality rules <a href=\"http:\/\/money.cnn.com\/2018\/05\/10\/technology\/net-neutrality-end-date\/index.html\" target=\"_blank\" rel=\"noopener\">takes effect on June 11, 2018<\/a>, broadband providers will once again be regulated by the\u00a0<strong>Federal Trade Commission<\/strong> (FTC). That power was briefly shared with FCC when the agency under the Obama administration passed its net neutrality rules with the assumption that it could regulate broadband providers like telecommunications companies.<\/p>\n<p>When it comes to investigating companies for privacy and security violations, the FTC&#8217;s primary weapon is <a href=\"https:\/\/www.ftc.gov\/enforcement\/statutes\/federal-trade-commission-act\" target=\"_blank\" rel=\"noopener\">The FTC Act<\/a>, which\u00a0&#8220;prohibits unfair and deceptive acts or practices in or affecting commerce.&#8221; According to the FTC Act, a &#8220;misrepresentation or omission is deceptive if it is material and is likely to mislead consumers acting reasonably under the circumstances.&#8221; It also finds that an act or practice &#8220;is unfair if it causes, or is likely to cause, substantial injury that is not reasonably avoidable by consumers, and not outweighed by countervailing benefits to consumers or competition.&#8221;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-43998\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2018\/05\/ftc.png\" alt=\"\" width=\"596\" height=\"337\" \/><\/p>\n<p><em>It&#8217;s difficult to think of a bigger violation of those principles than the current practice by the major mobile providers of sharing real-time location data on customers with third parties, without any opportunity for customers to opt-in or opt-out of such sharing.<\/em><\/p>\n<p>But it&#8217;s unclear whether the FTC would take take any action against such activity, or indeed if it has any precedent to do so. The agency had the ability to go after mobile broadband providers for privacy and security violations between 2002 and 2015, and so KrebsOnSecurity asked the commission to share how many times during that period that it took enforcement actions against broadband providers.<\/p>\n<p>The list I got back from them wasn&#8217;t exactly privacy or security focused. The FTC cited <a href=\"https:\/\/www.ftc.gov\/news-events\/press-releases\/2003\/09\/aol-and-compuserve-settle-ftc-charges-unfair-practices\" target=\"_blank\" rel=\"noopener\">a case in 2003<\/a> in which it sued <strong>AOL<\/strong> and <strong>CompuServe<\/strong> over unfair billing practices. In 2009, <a href=\"http:\/\/voices.washingtonpost.com\/securityfix\/2009\/06\/ftc_sues_shuts_down_n_calif_we.html\" target=\"_blank\" rel=\"noopener\">it helped to take down 3FN<\/a>, a small, shady ISP that was based in the United States but run by Russians and hosting a stupendous amount of malware, scams and illegal content (i.e. child pornography).<\/p>\n<p>In 2014, the FTC <a href=\"https:\/\/www.ftc.gov\/news-events\/press-releases\/2014\/10\/ftc-says-att-has-misled-millions-consumers-unlimited-data\" target=\"_blank\" rel=\"noopener\">alleged<\/a> that <strong>AT&amp;T Mobility<\/strong> deceptively advertised \u201cunlimited\u201d data\u00a0while throttling mobile customers who used certain amounts of data (this case is still pending but <a href=\"https:\/\/www.theverge.com\/2018\/2\/27\/17057236\/federal-judges-att-ftc-lawsuit-speed-throttling-fcc\" target=\"_blank\" rel=\"noopener\">a recent appeals court decision<\/a> cleared the way for the FTC to continue its lawsuit).<\/p>\n<p>In 2015, <strong>TracFone<\/strong>, the largest prepaid mobile provider in the United States, agreed to <a href=\"https:\/\/www.ftc.gov\/news-events\/press-releases\/2015\/01\/prepaid-mobile-provider-tracfone-pay-40-million-settle-ftc\" target=\"_blank\" rel=\"noopener\">pay $40 million<\/a> to the FTC\u00a0for consumer refunds to settle charges that it deceived millions of consumers with regard to its \u201cunlimited\u201d data service.<\/p>\n<p>The FTC also cited <a href=\"https:\/\/www.ftc.gov\/system\/files\/documents\/closing_letters\/verizon-communications-inc.\/141112verizonclosingletter.pdf\" target=\"_blank\" rel=\"noopener\">a scolding letter<\/a>\u00a0(PDF) that it sent to Verizon over issues related to the security of its customer routers. No action was taken by the FTC in that case.<\/p>\n<p>How eager the FTC will be to police privacy practices of broadband providers may come down to the priorities of the agency&#8217;s new leaders. <span class=\"pullquote pqright\">The Trump administration <a href=\"https:\/\/www.nytimes.com\/2018\/05\/16\/us\/andrew-smith-payday-lenders-consumer-protection.html\" target=\"_blank\" rel=\"noopener\">just tapped <strong>Andrew Smith<\/strong> as head of the FTC&#8217;s consumer protection office<\/a>. Smith is a lawyer who used to represent many of the companies that the agency is already investigating.<\/span><\/p>\n<p>Smith will need to recuse himself from multiple ongoing investigations his office would normally lead, including data breaches at\u00a0<a href=\"https:\/\/thinkprogress.org\/equifax-additional-consumers-74a5fb1ab75d\/\" data-ss1527102352=\"1\">Equifax<\/a>\u00a0and\u00a0<a href=\"https:\/\/thinkprogress.org\/facebooks-denials-lawsuit-threats-94804a88fc01\/\" data-ss1527102352=\"1\">Facebook<\/a>, thanks to his previous work on behalf of the companies. According to <a href=\"http:\/\/thehill.com\/policy\/technology\/388069-ftc-names-lawyer-who-represented-facebook-and-equifax-as-consumer\" target=\"_blank\" rel=\"noopener\">The Hill<\/a>,\u00a0Smith testified in October before the Senate Banking Committee on behalf of the credit reporting industry as the panel\u00a0investigated\u00a0an Equifax data breach that compromised more than\u00a0145 million people.<\/p>\n<p><strong>Gigi Sohn<\/strong>, a fellow at the <a href=\"https:\/\/www.law.georgetown.edu\/news\/press-releases\/Georgetown-Law-New-Institute-for-Technology-Law-and-Policy-Announces-Appointment-of-Gigi-Sohn.cfm\" target=\"_blank\" rel=\"noopener\">Georgetown Law Institute for Technology Law and Policy<\/a> and a former senior adviser to former <a href=\"https:\/\/en.wikipedia.org\/wiki\/Tom_Wheeler\" target=\"_blank\" rel=\"noopener\">FCC Chair Tom Wheeler<\/a> in 2015, said the FTC doesn&#8217;t have a strong record on broadband privacy enforcement.<\/p>\n<p>Sohn said the FTC\u2019s legal framework does not require affirmative opt-in consent for browsing history and app usage, and that a provider would only have to let you opt-out \u2014 something that consumers rarely do and which companies routinely make it hard to do. More importantly, she said, while the FCC\u2019s rules would have protected consumers before they were harmed, the FTC can only act\u00a0<em>after<\/em>\u00a0harm has already occurred.<\/p>\n<p>&#8220;We passed privacy rules for broadband and mobile providers that would have required them to seek customer opt-in for anything that was considered sensitive,&#8221; Sohn said of her work at the FCC under the Obama administration. &#8220;The carrier had to give you clear and consistent opportunities to opt out. It was very broad, but the definition we set for personal information was far broader than what even the FTC considered sensitive.&#8221;<\/p>\n<h4>REPEALING THE REPEAL OF NET NEUTRALITY<\/h4>\n<p>So the carriers are already reneging on their promise to customers that they won&#8217;t share location data without customer consent or a court order. But where does that leave us on net neutrality? The answer is that the major wireless carriers are already doing what was expressly prohibited under the FCC&#8217;s net neutrality rules: Favoring their own content over competitors, and letting companies gain more favorable access by paying more.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-44001\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2018\/05\/nn.png\" alt=\"\" width=\"592\" height=\"311\" \/><\/p>\n<p>Around the time of the FCC&#8217;s repeal of the net neutrality rules last year, <em>The Wall Street Journal<\/em> <a href=\"https:\/\/www.wsj.com\/articles\/mobile-wireless-market-might-be-our-post-net-neutrality-world-1512988200\" target=\"_blank\" rel=\"noopener\">prognosticated<\/a> about what might happen with the regulations out of the way. To do this, it looked at some of the offerings the mobile carriers pitched <em>before<\/em> the rules were drawn up.<\/p>\n<p>&#8220;One example of how things could work is the mobile wireless market, where some providers already have used pricing tactics to favor certain websites and services over others,&#8221; wrote <strong>John D. McKinnon<\/strong> and <strong>Ryan Knutson<\/strong> for The Journal:<\/p>\n<blockquote>\n<p>The 2015 Obama-era rules didn\u2019t explicitly prohibit these tactics, which generally allow customers to access certain websites without having it count against their monthly data cap. Wireless carriers, which often subject their users to strict data limits, were aggressive in experimenting with such plans, also known as \u201czero rating.\u201d<\/p>\n<p>Deals began emerging several years ago for inexpensive plans that offer unlimited high-speed access to popular services such as Facebook or Twitter, but limited or even restricted access to the rest of the internet.<\/p>\n<p>T-Mobile US Inc. in late 2013 announced that its GoSmart Mobile brand had \u201cbecome the first wireless provider\u2026to offer free access to Facebook and Facebook Messenger for all of its wireless customers, even those without monthly data service.\u201d The GoSmart Mobile plans started at $25 a month for \u201cunlimited talk\u201d with no other data service. T-Mobile has since transferred the GoSmart brand to another wireless firm.<\/p>\n<p>In 2014, Virgin Mobile USA, a unit of Sprint Corp. , offered a wireless plan that cost $12, but users were only allowed to access one website: either Facebook, Twitter, Instagram or Pinterest. If they wanted all four, it was $10 more a month. Another $5 and they could access any online music streaming service.<\/p>\n<p>Big internet providers also used zero-rating plans to favor their own content. AT&amp;T Inc. gave paying customers unlimited usage of its own online video service DirecTV Now, while other video sites counted against monthly data caps. Verizon Communications Inc. did the same for its mobile video app, called go90.&#8221;<\/p>\n<\/blockquote>\n<p>AT&amp;T Mobility offers a zero-rating plan called &#8220;<a href=\"https:\/\/webcache.googleusercontent.com\/search?q=cache:pu2YAUU9_gEJ:https:\/\/www.att.com\/gen\/press-room%3Fpid%3D25183%26cdvn%3Dnews%26newsarticleid%3D37366+&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us\" target=\"_blank\" rel=\"noopener\">Sponsored Data<\/a>&#8221; that allows content providers to pay up front to have streaming of that content allowed without counting against the provider&#8217;s monthly data caps.<\/p>\n<p>Sohn said the FCC under the Obama administration initiated an investigation into AT&amp;T&#8217;s Sponsored Data plan and Verizon for its go90 service, but that the inquiry was abandoned by the current FCC leadership.<\/p>\n<p>There are some prospects for a Congressional repeal of this administration&#8217;s gutting of the FCC&#8217;s net neutrality rules.\u00a0On May 16, the Senate approved a resolution nullifying the FCC&#8217;s rollback of the net neutrality rules. But the measure faces an uphill battle in the House.<\/p>\n<p>&#8220;Right now we&#8217;re probably 30 to 40 members short of being able to bring a vote in the House,&#8221; Sohn said. &#8220;About 20 Democrats haven&#8217;t gotten on board, and we have no Republicans so far. But I think that&#8217;s going to change. If Congress repeals the net neutrality repeal, the next step would be to craft stronger rules [either at the FCC or Congress]. We have until the end of this Congress to get it done.&#8221;<\/p>\n<p>The CDT&#8217;s De Mooy\u00a0gives the effort to repeal the repeal of net neutrality rules slim chances of passage this year. But she said the prospects for revisiting net neutrality and consumer privacy in the next Congress look good, particularly if Democrats pick up additional seats in the House.<\/p>\n<p>&#8220;It seems to be something the Democrats are taking up more now,&#8221; Demooy said. &#8220;So much depends on what happens in November. But that&#8217;s true of so many tech policy issues.&#8221;<\/p>\n<h4>SHOCK AND YAWN<\/h4>\n<p>When I first saw a <a href=\"https:\/\/www.hcii.cmu.edu\/people\/robert-xiao\" target=\"_blank\" rel=\"noopener\">Carnegie Mellon University researcher<\/a> show me last week that he could look up <a href=\"https:\/\/krebsonsecurity.com\/2018\/05\/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site\/\" target=\"_blank\" rel=\"noopener\">the near-exact location of any mobile number<\/a> in the United States, I sincerely believed the public would be amazed and horrified at the idea that mobile providers are sharing this real-time data with third party companies, and at the fact that those third parties in turn weren&#8217;t doing anything to prevent the abuse of their own systems.<\/p>\n<p>Instead, after a brief round of coverage in several publications, the story fell out of the news cycle. A <a href=\"https:\/\/slate.com\/technology\/2018\/05\/the-locationsmart-scandal-is-bigger-than-cambridge-analytica-heres-why-no-one-is-talking-about-it.html\" target=\"_blank\" rel=\"noopener\">story this week in Slate.com<\/a> lamented how little coverage the mainstream press has given to the LocationSmart scandal, and marvels at how much more shocked people were over the Cambridge Analytic scandal with Facebook.<\/p>\n<p>&#8220;Privacy abuses and slip-ups by major tech companies have become so numerous, and the prospect of containing them seems so hopeless, that the public and much of the media have become nearly numb to them,&#8221; writes <strong>Will Oremus<\/strong> for Slate. &#8220;My data was hacked? So it goes. It may have been used in unauthorized ways by unspecified parties?\u00a0<em>C\u2019est la vie<\/em>.&#8221;<\/p>\n<p class=\"slate-paragraph\" data-editable=\"text\" data-uri=\"slate.com\/components\/slate-paragraph\/instances\/cjhgf3x65001u3i5tau9ey998@published\" data-word-count=\"37\">Oremus argues that what the LocationSmart scandal lacks is not import, nor the potential for serious harm, &#8220;but a link to some divisive political issue or societal outrage sufficient enough to generate visceral anger from people who aren\u2019t privacy wonks.&#8221;<\/p>\n<p>If you&#8217;ve read this far (bless you), don&#8217;t let breach fatigue and incessant media exposure of how little privacy we have harden into resignation. Yes, the prospects of any public debate about consumer privacy protections in the United States at the legislative level seem dim in a high-stakes mid-term election year. But supporters of net neutrality ideals can start getting involved by tweeting, calling and emailing <a href=\"https:\/\/www.battleforthenet.com\/scoreboard\/#house\" target=\"_blank\" rel=\"noopener\">the House lawmakers listed in red at BattleForTheNet.com<\/a>.<\/p>\n<p>While you&#8217;re at it, tell your lawmakers what you think about mobile providers giving or selling third-parties real-time access to customer location information, and let them know that this is no longer okay.<\/p>\n<p>This is the second article in a two-part series. The first is here: <a href=\"https:\/\/krebsonsecurity.com\/2018\/05\/mobile-giants-please-dont-share-the-where\/\" target=\"_blank\" rel=\"noopener\">Mobile Giants, Please Don&#8217;t Share the Where.<\/a><\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2018\/05\/why-is-your-location-data-no-longer-private\/\" target=\"bwo\" >https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2017\/09\/capitol.png\"\/><\/p>\n<p><strong>Credit to Author: BrianKrebs| Date: Sat, 26 May 2018 16:18:48 +0000<\/strong><\/p>\n<p>The past month has seen one blockbuster revelation after another about how our mobile phone and broadband providers have been leaking highly sensitive customer information, including real-time location data and customer account details. In the wake of these consumer privacy debacles, many are left wondering who&#8217;s responsible for policing these industries? How exactly did we get to this point? What prospects are there for changes to address this national privacy crisis at the legislative and regulatory levels? These are some of the questions we&#8217;ll explore in this article.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[16740,13655,5588,18527,11272,2211,14182,18528,13260,13261,11864,18529,148,3589,13530,18530,12781,10664,10665,18531,18532,18533,18534,1670,18455,18535,14296,18459,18536,8445,14528,18537,17650,13197,17061,18538,7638,18539,18540,2212,18541],"class_list":["post-12403","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-a-little-sunshine","tag-ajit-pai","tag-amazon","tag-andrew-smith","tag-aol","tag-apple","tag-att","tag-att-mobility","tag-cdt","tag-center-for-democracy-technology","tag-comcast","tag-compuserve","tag-donald-trump","tag-facebook","tag-fcc","tag-fcc-privacy-rules","tag-federal-communications-commission","tag-federal-trade-commission","tag-ftc","tag-ftc-act","tag-georgetown-law-institute-for-technology-law-and-policy","tag-gigi-sohn","tag-go90","tag-google","tag-locationsmart","tag-michelle-de-mooy","tag-net-neutrality","tag-securus-technologies","tag-sen-bill-nelson","tag-sen-ron-wyden","tag-slate","tag-sponsored-data","tag-sprint","tag-t-mobile","tag-the-coming-storm","tag-the-hill","tag-the-new-york-times","tag-tom-wheeler","tag-tracfone","tag-verizon","tag-will-oremus"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12403","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12403"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12403\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12403"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12403"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12403"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}