Is Rogers Selling your Location Data?
There’s a rule of thumb about clickbait headlines that says if the headline is asking a question, the answer is no. Except in this case, the answer is yes. Yes, Rogers is definitely selling your location data. They are selling your location data even if you are not a Rogers customer; the fact that they run Canada’s largest cellphone network, and one of Canada’s largest ISPs gives them access to pretty much anyone’s location, regardless of whether or not you do business with them.
Who are they selling it to? We already know that Rogers (and every other Canadian telecom) will give your location to law enforcement. Michael Geist reported that
three [Canadian] telecom providers alone disclosed information from 785,000 customer accounts in 2011. Moreover, virtually all providers sought compensation for complying with the requests.
It’s not clear how many of those requests include location data, but I wouldn’t bet against the answer being “most of them”. We already know that Rogers is selling your location to law enforcement.
But that’s not what I’m talking about. Law enforcement’s ability to track your location is a scandal in its own right, but these days, it’s old news. At least law enforcement has the (dubious) justification that it helps them catch “bad guys”. But Rogers isn’t just selling to law enforcement. In fact, they are selling your location data to me.
Now, just to be clear, I have not actually purchased any location data. But I could if I wanted to. The data is definitely for sale, and it’s not for any lack of effort on Rogers’ part that I haven’t made a purchase.
I run a small business. That means I’m on more spam lists than I care to admit, and I receive calls on an almost weekly basis promising to put my website in the top 10 results on Google. Most of these are obvious scams, but recently I received a call from a more professional-sounding organization called Rogers Outrank. For some reason, I agreed to a half-hour sales call to talk about what Rogers could do to promote my business.
I won’t bore you with the details of the sales pitch. Suffice to say that they made the usual promises to put me on the front page of Google’s search results (something Google might be interested in, since their advertising partners are not supposed to guarantee natural search results), and they provided extensive tools to generate sales calls from those results.
One of those tools caught my attention. You can see why in this screenshot from their sales presentation:
This is a map of inbound calls for the campaign. The red pin is supposed to be the location of my business. The blue pins represent people who have called the number associated with the sales campaign. You can drill down and get more detailed information about each caller, including address.
Where does this information come from? My friendly Rogers salesperson had the answer:
So the map is really cool because it lets you see where your leads are going to be calling you from, so if they use a landline, or from a desktop computer, they track the IP address to let us know where that person is calling from, and if it’s a mobile, it’s tracking GPS.
The salesperson assured me I would get this information regardless of who their service provider was:
Same idea, whether they are with Bell, Telus, Koodo — whatever other providers they are — we make sure that when anyone with any sort of brand is looking for your service, our goal is just make sure they are finding you, regardless of whether they are a Rogers client or not.
Let me say this loud and clear: This is creepy. Rogers is selling me the location data of anyone who calls my number, specifically so I can make decisions about how to sell them my services. As a salesperson, that’s really useful, but it’s not an option I should have. As a citizen and a private individual, I don’t want my whereabouts to be available to someone who is selling me something. I don’t want that information to be available to anyone, and Rogers shouldn’t be selling it — especially when I have no business relationship with them.
Now, a few provisos:
- It’s a salesperson, so the technical explanation of where the information comes from may not be accurate. For mobile information in particular, I think it’s more likely that the location data comes from tracking SIM cards via cell tower triangulation than directly accessing the cell phone’s GPS.
- Likewise, the salesperson doesn’t say outright that I can get addresses for people who don’t use Rogers … he simply implies that “their goal” is to provide me with useful information. But, the map is pretty telling, and I made a point of asking how reliable the information on the map was. He was pretty clear that I could expect to get reliable location data for all my incoming calls.
- They aren’t selling location data as a separate product. Technically, Rogers is selling a marketing service, which includes location data as part of the service. I can’t buy the location data separately.
- Locations are for inbound calls only. That means I can’t just ask Rogers to track a given phone number; I only get locations for people who I have somehow convinced to call me. But, Rogers’ product is marketing. Their service is specifically designed to convince people to call me.
So, is this legal? I have no idea; I’m not a lawyer. I’d love to hear someone like Michael Geist chime in. My guess: Probably, it’s technically, arguably legal. Rogers has plenty of cash to spend on lawyers. The fact that they are only selling data from incoming calls probably comes with some sort of implied consent. I have no idea how they would get around the fact that non-customers’ data is being sold (and thus, there can be no contractually-waived rights), but lawyers are smart. I’m sure they’d figure something out.
Is it ethical? Hell no. Selling my location, without my knowledge and consent is wrong. I pay my phone company because communicating by phone is a useful, almost essential service. I understand that that privilege entails letting my phone company know where I am, and, by extension, any other phone company whose customers I talk to. I understand that it’s not really possible to build a phone system if you don’t know the location of the phones you are calling. I entrust the companies that run the phone system with my location because it is impossible to build the system without that information.
Selling my location to external parties — making my location public knowledge — is a violation of that trust. Rogers is taking advantage of me. They are taking advantage of you, and everyone else who uses the Canadian phone system. My location does not need to be public knowledge for the phone system to function. It is being made public purely because it is profitable for Rogers to do so.
I wish I could say I knew what to do about this. It’s easy to say “don’t use a phone”, but it’s hardly a practical solution. It’s possible a lawsuit could help stop this particular practice, but that only solves this specific issue; it doesn’t solve the structural issue of abusing private data for profit. It’s possible an industry regulator — the privacy commissioner? — might be able to do something if I complain loudly and often enough.
Honestly, I think the most effective tool is probably public shaming, which is why I wrote this blog post. My hope is that other people — you — will read this, and agree Rogers is doing wrong. And I hope that you will share this post with other people, so those people know what Rogers is doing. Rogers is selling our location data. Their public image should reflect the reality of what they are doing.
Is Rogers Selling your Location Data? by Devonavar is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
This is going to be big if it gain attention from privacy defenders. For a long time we know these things happened, however, we had little evidences that these activities exist. Thank you for choosing the side of respecting our privacy and security, instead of siding and turning away your eyes with “them”.
The battle for privacy has yet over, but this is one of the most important steps, where the citizen themselves take their place to fight the odd, one by one.
JUST FYI
Rogers OutRank is NOT a scam.
Sounds like another shitty person with a vendetta against rogers for god knows what reason.
@NormalCitizens
Read the article. Where does it say Rogers OutRank is a scam?
@Concerned Citizen
“Most of these are obvious scams, but recently I received a call from a more professional-sounding organization called Rogers Outrank. For some reason, I agreed to a half-hour sales call…”
This reads to me like OP is implying that OutRank is just a more professional sounding scam. It’s not explicitly stated, but definitely (and carefully) implied.
I meant exactly what I said: I get lots of scam calls offering to put me on the front page of Google. Rogers called me with exactly that pitch, and then convinced me they were legitimate enough to spend half an hour talking to. I wouldn’t have taken their call at all if I thought they were a complete scam. It’s clear that there is a legitimate company here.
But, let’s talk about scams. Guaranteeing a spot on the front page of Google’s organic search results *is* scammy. Nobody can promise this, because Google explicitly forbids it. And they actively downrank sites that are caught gaming the system.
Maybe Rogers *can* put my site at the top of the search results. Maybe they can do this reliably enough that they can sell it as a guarantee. Even if they can, they are still scamming Google, and they will get penalized if and when Google catches on. So will all the sites they are promoting.
Promising something you know you can’t deliver is a scam.