Mobile carriers make $24B/year selling your secrets

The largest carriers in the world partner with companies like SAP to package up data on your movements, social graph and wake/sleep patterns and sell it to marketing firms.

Sometimes, the carriers are the data-brokers: Verizon's acquisitions of AOL and Millennial Media means that the company now warehouses mobile phone usage data, ad network data, and has its own analytics firm in-house.

The data from carriers is merged with data from other sources, tying cellular-derived activities to shopping, credit scores, home ownership and other databases. The carriers also disclose home addresses and other private information to brokers, who use it to confirm their own records about who lives where, and with whom.

The companies in the "Telcom Data as a Service" supply chains refuse to disclose who gives them their information and whom they sell it on to, though their customers are primarily US and Asian, because EU privacy regs make dealing in this data in bulk into a legally risky affair.

The sector claims that the data it deals in is de-identified and can't be re-identified, but the science on re-identification suggests that there's no way to be sure this is true.

The drive to spy on customers comes as the mobile carriers are seeing their profits diminishing in other areas. Mobile phone penetration is near 100%, so there's not a lot of new customers to sign up. Internet-based alternatives to long-time rip-off/money-spinners like SMS are eroding those lines of business. Selling customers — instead of selling to customers — is the next step for the telcoms sector (forget "if you're not paying for the product, you're the product" — in the case of the telcoms, "Because you're paying for the product, you're the product").

All of this data will leak someday. When it does, it will make Ashley Madison and OPM look like the tremors that they were, not the earthquakes we mistook them for.

As a privacy advocate, I wish that this wasn't happening. But given that it is, I'm doing everything I can to be ready to offer an explanation and an alternative to the surveillance business-model for the people who'll show up shell-shocked and furious when the leaks come.

"The practices that carriers have gotten into, the sheer volume of data and the promiscuity with which they're revealing their customers' data creates enormous risk for their businesses," said Peter Eckersley, chief computer scientist at the Electronic Frontier Foundation, a privacy watchdog. Mr. Eckersley and others suggest that anonymization techniques are faulty in many cases because even information associated with a hashed or encrypted identification code can be linked back to a home address and potentially reidentified by hackers.

Unlike other types of location tracking, such as beacon technologies that work only with mobile apps that people have agreed to let track them, many services employing telco data require no explicit opt-ins by consumers. Companies like SAP instead rely on carriers' terms and conditions with their subscribers, calling acceptance of the terms equivalent to opting in. Verizon's privacy policy, for example, says that information collected on its customers may "be aggregated or anonymized for business and marketing uses by us or by third parties."

Ultimately, for mobile operators, these relationships could reap substantial income from the data generated by subscribers who already account for their primary revenue streams. The telcos do not break out revenue derived from their data-related sales in their quarterly earnings reports, so just how much money they're making from these deals is not known.

The $24 Billion Data Business That Telcos Don't Want to Talk About
[Kate Kaye/Advertisingage]

(via /.)