Senator Wyden wrote a letter to each of the four major USA carriers, asking them questions related to their practice of selling customers' location data.
Responses from the other carriers are available here: AT&T, Sprint and T-Mobile.
"Verizon did the responsible thing and promptly announced it was cutting these companies off", Wyden said in a statement.
Verizon, AT&T, Sprint and T-Mobile have pledged to stop providing information on US phone owners' locations to data brokers, stepping back from a business practice that has drawn criticism for endangering privacy.
"Our top priority is to protect our customers' information, and, to that end, we will be ending our work with aggregators for these services as soon as practical in a way that preserves important, potential lifesaving services like emergency roadside assistance", AT&T said in a statement.
Verizon Communications Inc will stop selling its customers' phone location data to third parties after an investigation by a U.S. Senator found law enforcement agencies were able to use the data to track people without their consent. Typically, Verizon said, the data sharing helps vehicle rental companies provide roadside assistance and allows financial services companies combat fraud.
AT&T and T-Mobile, No. 2 and 3 in customers, said in letters to Wyden they only allow authorized third parties to access customer location data if the affected customers have given consent or if it is required by law - for instance, a court order.
Letters from the four cell giants were published Tuesday after Wyden demanded last month to know why millions of Americans' real-time location data was being shared with so-called aggregators, which manage data requests for customer data across the carriers.
The phone giants say it's "common" to share data, such as when motorists are stranded or as part of workforce and fleet tracking, but said that customer data should have more tightly controlled.
Both carriers will essentially cut out the intermediary for disseminating location data.
"Based on our current internal review, Sprint is beginning the process of terminating its current contracts with data aggregators to whom we provide location data", Sprint told BGR.
In reality, however, Wyden discovered back in May that Securus Technologies was harvesting location data and selling it on to the police following reports that a former Missouri sheriff had carried out unauthorized surveillance of a judge, a sheriff and state highway patrol officers using data bought from Securus.
Aggregators must obtain consent from the customer before their location data can be used, such as by sending a one-time text message or allowing a user to hit a button in an app. "I've personally evaluated this issue & have pledged that @tmobile will not sell customer location data to shady middlemen". Verizon told Wyden that not only had it suspended Securus' access to its customer location data, it had also made a decision to end its arrangements with LocationSmart and Zumigo.
As far as AT&T was concerned, everything was above board because "AT&T received confirmation that Securus had obtained consent for each request for location information, which AT&T understood were all related to the approved Inmate Calling Service". "The company does not warehouse or track a mobile user's historic identity and location information", said the company. "Nonetheless, we are reviewing these issues carefully to ensure the proper handling of all AT&T customer information". Sprint previously suspended all data sharing with LocationSmart on May 25, 2018.
But a Verizon pullout from the aggregator arrangement won't crater the market for this data, Sohn said.