Telcos know more about you than Facebook or Google. We should be much more worried about how they have been using or selling that information.
There is a company call Cignifi in the US that helps banks and credit rating agencies calculate credit scores for consumers using mobile phone usage data. This service is particularly useful in places like Brazil, where they work with telcos to score borrowers lacking financial history or banking records.
On their product page it says:
“Cignifi credit risk and fraud scores are derived using the most cutting edge machine learning algorithms utilizing dynamic behavioral data, including calling patterns, data transactions and internet usage.”
That last bit encapsulates everything you do on your smartphone: calls, transactions, surfing… details more intimate than most of us would allow any one person to know.
Is this practice of harvesting and commercializing your personal telco data limited to a few companies or countries?
The industry has a name for it, Telecom data as a Service, or TDaaS.
Research and Markets produced a report in November 2017 that estimated the TDaaS market to be worth EUR 258 billion (USD 300 billion) by 2021. It also discussed how telcos all over the world are monetizing the personal data that their customers generate.
Mobile phone data became invaluable as a result of smartphones and high speed data connectivity. It led to mobile phones becoming the communication, entertainment and transaction tool of choice for most of us. For many, it is also our wallet, our memories and our closet of secrets.
As far back as 2015, mega enterprise computing companies like SAP had already realized the huge potential of this market and how to profit off it.
“SAP’s Consumer Insight 365 ingests regularly updated data representing as many as 300 cellphone events per day for each of the 20 million to 25 million mobile subscribers. SAP won’t disclose the carriers providing this data.”
Just how extensive is this data that SAP sells to businesses? The article gave some examples.
“The service also combines data from telcos with other information, telling businesses whether shoppers are checking out competitor prices on their phones or just emailing friends. It can tell them the age ranges and genders of people who visited a store location between 10 a.m. and noon, and link location and demographic data with shoppers’ web browsing history.”
Is this legal?
But surely big companies like SAP are utilizing these personal data from telcos legally? Well, that depends on how you look at it.
AdAge’s article seems to suggest a grey area…
“…many services employing telco data require no explicit opt-ins by consumers. Companies like SAP instead rely on carriers’ terms and conditions with their subscribers, calling acceptance of the terms equivalent to opting in.”
This SAP product was only sold in North America and Asia Pacific, because “it cannot get the data it needs from telcos representing consumers in the EU, where data protections are stricter than in the U.S. and elsewhere”.
“The practices that carriers have gotten into, the sheer volume of data and the promiscuity with which they’re revealing their customers’ data creates enormous risk for their businesses.”
Has it led to abuse?
But that article was published back in 2015. Surely after Facebook and Cambridge Analytica, public outcry and government pressure would have already led to telcos respecting the subscribers’ privacy?
At first glance it may seem so. After all, CNN reported in June 2018 that the four largest telcos in the US would stop selling their customers’ location data after a Senator raised the issue to the Federal Communication Commission.
Then in January 2019 a journalist from Motherboard broke a story about how he approached a bounty hunter to track down the location of a mobile phone number. He was promptly given “a screenshot of Google Maps with the phone’s current location to within a few hundred meters”.
The journalist investigated and realized US telcos such as AT&T, Sprint and T-Mobile were still selling their subscribers’ location data to an alternative credit data company called Microbilt, who then sold its service to the likes of bounty hunters and bail-bond officers. Thereafter it was available to whoever was willing to pay.
The witch in the forest
In Lord of the Rings, sorcerers could be good or bad, depending on how they wielded their power. The same holds true for telcos.
There is an initiative call ‘Big Data for Social Good’ which comprises of mobile phone operators from across the world. It helps governments and NGO’s deal with epidemics and emergencies using mobile phone data. Mobile location data has also been used successfully to help cities deal with traffic congestion by tracking movement patterns. Nonetheless, these examples of good also tell us how powerful mobile data can be.
That power is set to increase.
With IoT products fast becoming part of our daily lives, it will increase the data pool that telcos have by many times more— since these products often rely on a mobile data signal or home internet service your telco provides.
The witch-hunt on privacy has thus far focused on the obvious candidates in big tech, but telcos may be the ones hiding in the forest.
The way I see it, the only way to prevent abuse is by spreading public awareness of how important it is to regulate TDaaS. If everyone knows where the witch is in the forest and watch her, she would have no choice but to either behave herself, or do good with her spells.