Senator Wyden sent official letters to the Federal Communications Commission (FCC) and major US mobile carriers asking why third parties, namely the police, can access the personal data of US citizens, including data about their precise location by scanning their mobile devices all without a search warrant.
The Oregon lawmaker accused mobile carriers of failing to fulfill their responsibility to keep subscribers' data from being accessed by third parties.
"I am writing to insist that AT&T take proactive steps to prevent the unrestricted disclosure and potential abuse of private customer data, including real-time location information, by at least one other company to the government," he wrote to AT&T CEO Randall Stephenson.
Securus allows for data to be exploited not only from AT&T customers, but also T-Mobile, Verizon and Sprint users, and law enforcement agents do not need a court order or other form of permission, according to NYT.
Wayden's letter lays out a number of measures carriers must undertake, including undertaking an audit of each third party the data goes to; notifying subscribers, whose geolocation is used without permission; terminate relations with third parties who abuse subscriber data and publish a list of third parties with whom subscriber data is shared.
"Americans should be able to obtain this information from wireless carriers, just as they can obtain from the consumer credit agencies a list of the private parties who have accessed their credit reports," the letter reads, according to Motherboard.
In his letter to the FCC, Wyden asked the department to "promptly investigate Securus, the wireless carriers' failure to maintain exclusive control over law enforcement access to their customers' location data, and also conduct a broad investigation into what demonstration of customer consent, if any, each wireless carrier requires from other companies before the carries provide them with customer location information and other data."
Nicholas Weaver, a senior researcher at the International Computer Science Institute at the University of California, Berkeley, told Motherboard that "this once again shows that data is like an oil spill: the contamination gets everywhere. The notion that a chain of 3+ companies, including one specifically intended for marketing, is able to resell access to everyone's real-time location with pretty high precision is disturbing, but it shouldn't be surprising."