AT&T and Verizon say that the FCC overstepped its authority and fined them unfairly.
In response to the Federal Communications Commission’s (FCC) steep fines for sharing user location data with third-party businesses without consent, AT&T, T-Mobile, and Verizon have all chosen to challenge the penalties.
The charges arose from a claim that carriers failed to take adequate action to prevent third parties from abusing private location information. This came to light after Mississippi sheriff Cory Hutcheson tracked people’s phones without a court warrant at least 11 times between 2014 and 2017 using a firm named Securus.
Verizon and AT&T have both submitted briefings outlining their objections to the FCC’s penalties. Both carriers made similar claims, saying that users of their location-based service (LBS) services had to pass a stringent screening process and could only share approximate whereabouts based on cell-tower triangulations with customers’ permission.
According to them, the FCC was made aware of Securus’s service abuse in 2017 but didn’t become aware of it until a year later, when a report appeared in The New York Times.
Shortly after the story was published, both carriers made the decision to discontinue their LBS programs; however, the process was phased in to allow customers time to locate a substitute.
In addition to promptly cutting off Securus’s access, AT&T began looking into its location-based services (“LBS”) program, which allowed businesses like Life Alert and AAA to offer vital and occasionally life-saving services. After an orderly wind-down that prevented AT&T customers who depended on LBS services from suffering any harm, AT&T finally shut down the program.
Verizon was fined about $47 million by the FCC in 2024, five years after the entire incident, and it paid the payment in May. AT&T was hit with a $57 million fine.
Carriers were not liable for the sheriff’s and Securus’s acts because they had place prior to the statute of limitations. For this reason, the FCC fined them for failing to terminate its LBS programs in a timely manner.
They are challenging the penalty, claiming that the FCC went beyond its bounds and broke both the Constitution and the Communications Act.
The FCC should be instructed to take whatever necessary actions to guarantee that the $46,901,250 that Verizon paid is returned to the FCC, and the Court should revoke the Forfeiture Order.
The protection of customer proprietary network information (CPNI) was central to the FCC’s argument, but the businesses contend that the device-location data provided by the LBS program does not qualify as CPNI.
Device-location data was used by Verizon’s LBS program, and this data is not CPNI. First, data is only considered CPNI if it “is made available to the carrier by the customer solely by virtue of the carrier-customer relationship.” However, whenever Verizon offers wireless services to consumers, including those who don’t purchase any common-carrier services at all, it has the right to collect device-location data. Second, the CPNI definition of “location” refers to call-location data rather than device-location data.
Verizon claims that because it failed to shield a few consumers from unsanctioned requests, the FCC shouldn’t impose harsh penalties.
The comparatively low volume of unlawful requests, if anything, indicates that the program’s precautions were both fair and successful. By coming to a different conclusion, the FCC unjustly and effectively imposed a strict liability threshold without giving enough notice.
Additionally, both businesses assert that their fines exceed the $2 million maximum permitted. Finally, the carriers argue that they should have been given the opportunity for a jury trial rather than being forced to pay a fine.
AT&T has denied allegations that Securus ever obtained any customer’s location data illegally.
According to the record, Securus only violated its prisoner-use-case guarantee in relation to 0.2% of AT&T lookup queries. Furthermore, the Commission has never demonstrated that those lookups were illegal rather than in conflict with Securus’s contractual duties.
T-Mobile has not yet submitted a briefing, according to Ars Technica. The business had before promised to contest the $80 million fine.
FCC Commissioner Brendan Carr had previously resisted the fines and is anticipated to take over as the commission’s chairman following the inauguration of President-elect Donald Trump.