Consumer Rights Wiki - User contributions [en]

Verizon demo phone MDM data wipe

2026-06-15T01:58:55Z

~2026-48:

everyone is overreacting to this

Verizon demo phone MDM data wipe

2026-06-15T01:58:11Z

~2026-48:

everyone is overreacting to this

==See also==
*[[Right to Repair]]

==References==
{{reflist}}

[[Category:Verizon]]
[[Category:Privacy]]

Verizon demo phone MDM data wipe

2026-06-15T01:57:55Z

~2026-48:

everyone is overreacting to this

==Consumer response==

Verizon offered to waive Collery's remaining device payments to end the dispute, & a representative asked whether that would be enough for him to walk away.<ref name="ars" /> He declined. He sent Verizon a formal request for his data under the CCPA, submitted a notice of dispute as a prerequisite to arbitration, & said he was weighing a small-claims case, telling Verizon it was hard to negotiate while the company refused to confirm what information had left his device or who ordered it deleted.<ref name="ars" /> The network problems that started the dispute were never fixed. ''My service is still abysmal,'' Collery said. ''I can't even get a GPS signal in front of my building.''<ref name="ars" />

==See also==
*[[Right to Repair]]

==References==
{{reflist}}

[[Category:Verizon]]
[[Category:Privacy]]

Verizon demo phone MDM data wipe

2026-06-15T01:57:41Z

~2026-48:

everyone is overreacting to this

==Verizon's response==

===Letter to the FCC===

After Collery complained to the FCC, Verizon's executive relations department sent the agency a letter dated April 2, 2026, which he shared with Ars Technica. The letter acknowledged the mistake:
<blockquote>''We acknowledge the seriousness of the error that led to Mr. Collery receiving a device subsequently identified as a 'demo phone,' which was found to have a Mobile Device Management (MDM) registration linked to Verizon. This procedural lapse has been formally submitted for internal investigation.''</blockquote><ref name="ars" />

A Verizon supervisor had earlier assured Collery that refurbished phones are ''like new'' & pass a ''150-point inspection.''<ref name="ars" /> In the same letter Verizon defended its supply chain to the FCC:
<blockquote>''The Executive Office has advised that all Certified devices originate directly from the manufacturer and are designed to meet stringent quality assurance standards.''</blockquote><ref name="ars" /> The letter said Collery had received compensation exceeding $400 before he filed the complaint, that no further credits would be issued, & that the executive office ''considers this case as resolved.''<ref name="ars" /> Verizon's only statement to Ars Technica, in the seven weeks after it was contacted, was that it was ''aware of this customer's concern'' & working to address it.<ref name="ars" /> The carrier did not say who handles its phone refurbishment or how the management profile survived its inspection process.<ref name="ars" />

===Refusal to disclose MDM records===

Collery asked Verizon for records of what personal information the MDM software had recorded & what commands had been sent to the device. A Verizon executive-relations representative answered by email on May 12, 2026:
<blockquote>''I received word back from the Legal team. In order to provide any details about the MDM, we would require a legal order.''</blockquote><ref name="ars" />

Collery replied on May 13 that the California Consumer Privacy Act requires a business to disclose the personal information it collects about a consumer when the consumer asks for it, & he warned that California's invasion-of-privacy statute provides for damages of $5,000 per violation.<ref name="ars" /> The CCPA gives a consumer the right to request that a business disclose the categories of personal information it collected, the sources & purposes, the categories of third parties that received it, & ''[t]he specific pieces of personal information it has collected about that consumer.''<ref name="ccpa-110">{{Cite web |title=California Civil Code section 1798.110 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.110 |access-date=2026-06-13}}</ref><ref name="oag-ccpa">{{Cite web |title=California Consumer Privacy Act (CCPA) |work=California Office of the Attorney General |date=2024-03-13 |url=https://oag.ca.gov/privacy/ccpa |access-date=2026-06-13}}</ref> California Penal Code section 637.2 lets a person injured by a violation of the state's invasion-of-privacy law recover the greater of $5,000 per violation or three times actual damages.<ref name="penal-637">{{Cite web |title=California Penal Code section 637.2 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=PEN&sectionNum=637.2 |access-date=2026-06-13}}</ref>

<gallery mode="packed" heights="200">
File:Verizon-mdm-ccpa-civil-code-1798-110.png|California Civil Code section 1798.110 gives a consumer the right to obtain the specific pieces of personal information a business has collected about them.
File:Verizon-mdm-penal-code-637-2.png|California Penal Code section 637.2 lets a person injured by an invasion-of-privacy violation recover the greater of $5,000 per violation or three times actual damages.
</gallery>

==Consumer response==

Verizon offered to waive Collery's remaining device payments to end the dispute, & a representative asked whether that would be enough for him to walk away.<ref name="ars" /> He declined. He sent Verizon a formal request for his data under the CCPA, submitted a notice of dispute as a prerequisite to arbitration, & said he was weighing a small-claims case, telling Verizon it was hard to negotiate while the company refused to confirm what information had left his device or who ordered it deleted.<ref name="ars" /> The network problems that started the dispute were never fixed. ''My service is still abysmal,'' Collery said. ''I can't even get a GPS signal in front of my building.''<ref name="ars" />

==See also==
*[[Right to Repair]]

==References==
{{reflist}}

[[Category:Verizon]]
[[Category:Privacy]]

Verizon demo phone MDM data wipe

2026-06-15T01:57:21Z

~2026-48:

everyone is overreacting to this

==Remote factory reset & data loss==

The demo unit did not fix Collery's network problems, but it worked at first. He transferred his data to it & returned his original phone.<ref name="ars" /> After about ten days the phone began repeatedly installing security updates & restarting, & within a few more days it restarted as though it had been factory reset.<ref name="ars" /> Collery could no longer sign in to his Google or Samsung accounts; the device told him he did not have permission & to contact his IT administrator.<ref name="ars" />

His cloud backups turned out to be less complete than he had assumed, so the wipe was not recoverable. In a phone interview he described what was gone:
<blockquote>''I lost everything. Contacts, messages, videos, documents, pictures, everything from patient information to the last video I have with my grandmother before she died.''</blockquote><ref name="ars" />

Cooper Quintin, a security researcher & senior technologist at the Electronic Frontier Foundation, told Ars Technica that the restarts & reset were consistent with Verizon pushing instructions to a group of managed devices at once. He said that with a fleet of demo phones under MDM, ''you're just sending instructions to all the phones,'' & that if Verizon wipes demo units on a schedule, the timing may have been the policy taking effect.<ref name="ars" /> Verizon advised Collery to take the phone to a uBreakiFix store, but a technician there could not recover any data because of the management profile.<ref name="ars" />

==Verizon's response==

===Letter to the FCC===

After Collery complained to the FCC, Verizon's executive relations department sent the agency a letter dated April 2, 2026, which he shared with Ars Technica. The letter acknowledged the mistake:
<blockquote>''We acknowledge the seriousness of the error that led to Mr. Collery receiving a device subsequently identified as a 'demo phone,' which was found to have a Mobile Device Management (MDM) registration linked to Verizon. This procedural lapse has been formally submitted for internal investigation.''</blockquote><ref name="ars" />

A Verizon supervisor had earlier assured Collery that refurbished phones are ''like new'' & pass a ''150-point inspection.''<ref name="ars" /> In the same letter Verizon defended its supply chain to the FCC:
<blockquote>''The Executive Office has advised that all Certified devices originate directly from the manufacturer and are designed to meet stringent quality assurance standards.''</blockquote><ref name="ars" /> The letter said Collery had received compensation exceeding $400 before he filed the complaint, that no further credits would be issued, & that the executive office ''considers this case as resolved.''<ref name="ars" /> Verizon's only statement to Ars Technica, in the seven weeks after it was contacted, was that it was ''aware of this customer's concern'' & working to address it.<ref name="ars" /> The carrier did not say who handles its phone refurbishment or how the management profile survived its inspection process.<ref name="ars" />

===Refusal to disclose MDM records===

Collery asked Verizon for records of what personal information the MDM software had recorded & what commands had been sent to the device. A Verizon executive-relations representative answered by email on May 12, 2026:
<blockquote>''I received word back from the Legal team. In order to provide any details about the MDM, we would require a legal order.''</blockquote><ref name="ars" />

Collery replied on May 13 that the California Consumer Privacy Act requires a business to disclose the personal information it collects about a consumer when the consumer asks for it, & he warned that California's invasion-of-privacy statute provides for damages of $5,000 per violation.<ref name="ars" /> The CCPA gives a consumer the right to request that a business disclose the categories of personal information it collected, the sources & purposes, the categories of third parties that received it, & ''[t]he specific pieces of personal information it has collected about that consumer.''<ref name="ccpa-110">{{Cite web |title=California Civil Code section 1798.110 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.110 |access-date=2026-06-13}}</ref><ref name="oag-ccpa">{{Cite web |title=California Consumer Privacy Act (CCPA) |work=California Office of the Attorney General |date=2024-03-13 |url=https://oag.ca.gov/privacy/ccpa |access-date=2026-06-13}}</ref> California Penal Code section 637.2 lets a person injured by a violation of the state's invasion-of-privacy law recover the greater of $5,000 per violation or three times actual damages.<ref name="penal-637">{{Cite web |title=California Penal Code section 637.2 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=PEN&sectionNum=637.2 |access-date=2026-06-13}}</ref>

<gallery mode="packed" heights="200">
File:Verizon-mdm-ccpa-civil-code-1798-110.png|California Civil Code section 1798.110 gives a consumer the right to obtain the specific pieces of personal information a business has collected about them.
File:Verizon-mdm-penal-code-637-2.png|California Penal Code section 637.2 lets a person injured by an invasion-of-privacy violation recover the greater of $5,000 per violation or three times actual damages.
</gallery>

==Consumer response==

Verizon offered to waive Collery's remaining device payments to end the dispute, & a representative asked whether that would be enough for him to walk away.<ref name="ars" /> He declined. He sent Verizon a formal request for his data under the CCPA, submitted a notice of dispute as a prerequisite to arbitration, & said he was weighing a small-claims case, telling Verizon it was hard to negotiate while the company refused to confirm what information had left his device or who ordered it deleted.<ref name="ars" /> The network problems that started the dispute were never fixed. ''My service is still abysmal,'' Collery said. ''I can't even get a GPS signal in front of my building.''<ref name="ars" />

==See also==
*[[Right to Repair]]

==References==
{{reflist}}

[[Category:Verizon]]
[[Category:Privacy]]

Verizon demo phone MDM data wipe

2026-06-15T01:57:01Z

~2026-48:

everyone is overreacting to this

==Background==

Collery, who lives in San Francisco & works in healthcare, says he had been a [[Verizon]] customer for 22 years.<ref name="ars">{{Cite web |last=Brodkin |first=Jon |date=2026-06-12 |title=Verizon sent man a refurbished phone with MDM, then deleted his data remotely |url=https://arstechnica.com/tech-policy/2026/06/verizon-sent-man-a-refurbished-phone-with-mdm-then-deleted-his-data-remotely/ |access-date=2026-06-13 |work=Ars Technica}}</ref> In February 2026 he called the carrier about network problems including dropped calls, & Verizon shipped him a replacement for his phone, a [[Samsung]] Galaxy Z Flip7.<ref name="ars" /> Instead of a new device or a properly reset refurbished one, the phone he received was a store demo unit that had not been wiped before shipping. It carried the same kind of software that company IT departments use to monitor & control phones issued to employees.<ref name="ars" />

After the device later reset, on-screen messages made its status explicit. One read ''This device is managed. Property of Verizon has configured this device to be fully managed.'' Others said ''Device owned by Verizon'' & ''Protected with BricTECH.''<ref name="ars" /> BricTECH is a retail security & device-management product made by Sennco Solutions, an InVue company; Sennco markets it for managing company-owned devices & securing store display phones, & states that it supports Android.<ref name="sennco-brictech">{{Cite web |title=BricTECH |work=Sennco Solutions |url=https://sennco.com/product/brictech/ |access-date=2026-06-13}}</ref> Sennco's privacy policy for the BricTECH retail app describes an automatic reset routine for demonstration devices:
<blockquote>''Sennco DPC may sanitize devices on a predetermined schedule to give the end user a standardized experience. Sanitization may include resetting specific applications data and cache, clearing contacts, clearing sms messages and clearing call logs.''</blockquote><ref name="sennco-privacy">{{Cite web |title=BricTECH RTO App Privacy Policy |work=Sennco Solutions |url=https://sennco.com/brictech-rto-app-privacy-policy/ |access-date=2026-06-13}}</ref>

<gallery mode="packed" heights="200">
File:Verizon-mdm-sennco-brictech-product-page.png|Sennco markets BricTECH Device Management for controlling company-owned phones and securing store display units, and states it supports Android with remote wiping.
File:Verizon-mdm-sennco-privacy-sanitize-clause.png|Sennco's BricTECH retail app privacy policy states the software may sanitize demo devices on a schedule, clearing contacts, SMS messages, and call logs.
</gallery>

A device enrolled in MDM as a fully managed device can be erased from a server. In Google's Android Management API, the <code>enterprises.devices.delete</code> method, one of the API's deprovisioning methods, ''immediately deletes the device record'' & sends a wipe instruction; for a company-owned device that instruction triggers a factory reset.<ref name="android-mgmt">{{Cite web |title=Deprovision a device |work=Android Management API, Google for Developers |url=https://developers.google.com/android/management/deprovision-device |access-date=2026-06-13}}</ref>

[[File:Verizon-mdm-android-management-deprovision-wipe.png|thumb|center|upright=2.4|Google's Android Management API documents that the WIPE command triggers a factory reset on a company-owned device.]]

==Remote factory reset & data loss==

The demo unit did not fix Collery's network problems, but it worked at first. He transferred his data to it & returned his original phone.<ref name="ars" /> After about ten days the phone began repeatedly installing security updates & restarting, & within a few more days it restarted as though it had been factory reset.<ref name="ars" /> Collery could no longer sign in to his Google or Samsung accounts; the device told him he did not have permission & to contact his IT administrator.<ref name="ars" />

His cloud backups turned out to be less complete than he had assumed, so the wipe was not recoverable. In a phone interview he described what was gone:
<blockquote>''I lost everything. Contacts, messages, videos, documents, pictures, everything from patient information to the last video I have with my grandmother before she died.''</blockquote><ref name="ars" />

Cooper Quintin, a security researcher & senior technologist at the Electronic Frontier Foundation, told Ars Technica that the restarts & reset were consistent with Verizon pushing instructions to a group of managed devices at once. He said that with a fleet of demo phones under MDM, ''you're just sending instructions to all the phones,'' & that if Verizon wipes demo units on a schedule, the timing may have been the policy taking effect.<ref name="ars" /> Verizon advised Collery to take the phone to a uBreakiFix store, but a technician there could not recover any data because of the management profile.<ref name="ars" />

==Verizon's response==

===Letter to the FCC===

After Collery complained to the FCC, Verizon's executive relations department sent the agency a letter dated April 2, 2026, which he shared with Ars Technica. The letter acknowledged the mistake:
<blockquote>''We acknowledge the seriousness of the error that led to Mr. Collery receiving a device subsequently identified as a 'demo phone,' which was found to have a Mobile Device Management (MDM) registration linked to Verizon. This procedural lapse has been formally submitted for internal investigation.''</blockquote><ref name="ars" />

A Verizon supervisor had earlier assured Collery that refurbished phones are ''like new'' & pass a ''150-point inspection.''<ref name="ars" /> In the same letter Verizon defended its supply chain to the FCC:
<blockquote>''The Executive Office has advised that all Certified devices originate directly from the manufacturer and are designed to meet stringent quality assurance standards.''</blockquote><ref name="ars" /> The letter said Collery had received compensation exceeding $400 before he filed the complaint, that no further credits would be issued, & that the executive office ''considers this case as resolved.''<ref name="ars" /> Verizon's only statement to Ars Technica, in the seven weeks after it was contacted, was that it was ''aware of this customer's concern'' & working to address it.<ref name="ars" /> The carrier did not say who handles its phone refurbishment or how the management profile survived its inspection process.<ref name="ars" />

===Refusal to disclose MDM records===

Collery asked Verizon for records of what personal information the MDM software had recorded & what commands had been sent to the device. A Verizon executive-relations representative answered by email on May 12, 2026:
<blockquote>''I received word back from the Legal team. In order to provide any details about the MDM, we would require a legal order.''</blockquote><ref name="ars" />

Collery replied on May 13 that the California Consumer Privacy Act requires a business to disclose the personal information it collects about a consumer when the consumer asks for it, & he warned that California's invasion-of-privacy statute provides for damages of $5,000 per violation.<ref name="ars" /> The CCPA gives a consumer the right to request that a business disclose the categories of personal information it collected, the sources & purposes, the categories of third parties that received it, & ''[t]he specific pieces of personal information it has collected about that consumer.''<ref name="ccpa-110">{{Cite web |title=California Civil Code section 1798.110 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.110 |access-date=2026-06-13}}</ref><ref name="oag-ccpa">{{Cite web |title=California Consumer Privacy Act (CCPA) |work=California Office of the Attorney General |date=2024-03-13 |url=https://oag.ca.gov/privacy/ccpa |access-date=2026-06-13}}</ref> California Penal Code section 637.2 lets a person injured by a violation of the state's invasion-of-privacy law recover the greater of $5,000 per violation or three times actual damages.<ref name="penal-637">{{Cite web |title=California Penal Code section 637.2 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=PEN&sectionNum=637.2 |access-date=2026-06-13}}</ref>

<gallery mode="packed" heights="200">
File:Verizon-mdm-ccpa-civil-code-1798-110.png|California Civil Code section 1798.110 gives a consumer the right to obtain the specific pieces of personal information a business has collected about them.
File:Verizon-mdm-penal-code-637-2.png|California Penal Code section 637.2 lets a person injured by an invasion-of-privacy violation recover the greater of $5,000 per violation or three times actual damages.
</gallery>

==Consumer response==

Verizon offered to waive Collery's remaining device payments to end the dispute, & a representative asked whether that would be enough for him to walk away.<ref name="ars" /> He declined. He sent Verizon a formal request for his data under the CCPA, submitted a notice of dispute as a prerequisite to arbitration, & said he was weighing a small-claims case, telling Verizon it was hard to negotiate while the company refused to confirm what information had left his device or who ordered it deleted.<ref name="ars" /> The network problems that started the dispute were never fixed. ''My service is still abysmal,'' Collery said. ''I can't even get a GPS signal in front of my building.''<ref name="ars" />

==See also==
*[[Right to Repair]]

==References==
{{reflist}}

[[Category:Verizon]]
[[Category:Privacy]]

Verizon demo phone MDM data wipe

2026-06-15T01:56:13Z

~2026-48:

{{#seo:
|description=Verizon sent a customer an unwiped store demo phone with active device management that remotely erased his data, then demanded a legal order to explain.
}}
{{IncidentCargo
|Company=Verizon
|StartDate=2026-02
|EndDate=
|Status=Active
|ProductLine=
|Product=
|ArticleType=Service
|Type=Privacy,Data Security
|Description=Verizon sent a customer a demo phone with active MDM that remotely wiped his data; the carrier demanded a legal order to disclose what it did
}}

everyone is overreacting to this

==Background==

Collery, who lives in San Francisco & works in healthcare, says he had been a [[Verizon]] customer for 22 years.<ref name="ars">{{Cite web |last=Brodkin |first=Jon |date=2026-06-12 |title=Verizon sent man a refurbished phone with MDM, then deleted his data remotely |url=https://arstechnica.com/tech-policy/2026/06/verizon-sent-man-a-refurbished-phone-with-mdm-then-deleted-his-data-remotely/ |access-date=2026-06-13 |work=Ars Technica}}</ref> In February 2026 he called the carrier about network problems including dropped calls, & Verizon shipped him a replacement for his phone, a [[Samsung]] Galaxy Z Flip7.<ref name="ars" /> Instead of a new device or a properly reset refurbished one, the phone he received was a store demo unit that had not been wiped before shipping. It carried the same kind of software that company IT departments use to monitor & control phones issued to employees.<ref name="ars" />

After the device later reset, on-screen messages made its status explicit. One read ''This device is managed. Property of Verizon has configured this device to be fully managed.'' Others said ''Device owned by Verizon'' & ''Protected with BricTECH.''<ref name="ars" /> BricTECH is a retail security & device-management product made by Sennco Solutions, an InVue company; Sennco markets it for managing company-owned devices & securing store display phones, & states that it supports Android.<ref name="sennco-brictech">{{Cite web |title=BricTECH |work=Sennco Solutions |url=https://sennco.com/product/brictech/ |access-date=2026-06-13}}</ref> Sennco's privacy policy for the BricTECH retail app describes an automatic reset routine for demonstration devices:
<blockquote>''Sennco DPC may sanitize devices on a predetermined schedule to give the end user a standardized experience. Sanitization may include resetting specific applications data and cache, clearing contacts, clearing sms messages and clearing call logs.''</blockquote><ref name="sennco-privacy">{{Cite web |title=BricTECH RTO App Privacy Policy |work=Sennco Solutions |url=https://sennco.com/brictech-rto-app-privacy-policy/ |access-date=2026-06-13}}</ref>

<gallery mode="packed" heights="200">
File:Verizon-mdm-sennco-brictech-product-page.png|Sennco markets BricTECH Device Management for controlling company-owned phones and securing store display units, and states it supports Android with remote wiping.
File:Verizon-mdm-sennco-privacy-sanitize-clause.png|Sennco's BricTECH retail app privacy policy states the software may sanitize demo devices on a schedule, clearing contacts, SMS messages, and call logs.
</gallery>

A device enrolled in MDM as a fully managed device can be erased from a server. In Google's Android Management API, the <code>enterprises.devices.delete</code> method, one of the API's deprovisioning methods, ''immediately deletes the device record'' & sends a wipe instruction; for a company-owned device that instruction triggers a factory reset.<ref name="android-mgmt">{{Cite web |title=Deprovision a device |work=Android Management API, Google for Developers |url=https://developers.google.com/android/management/deprovision-device |access-date=2026-06-13}}</ref>

[[File:Verizon-mdm-android-management-deprovision-wipe.png|thumb|center|upright=2.4|Google's Android Management API documents that the WIPE command triggers a factory reset on a company-owned device.]]

==Remote factory reset & data loss==

The demo unit did not fix Collery's network problems, but it worked at first. He transferred his data to it & returned his original phone.<ref name="ars" /> After about ten days the phone began repeatedly installing security updates & restarting, & within a few more days it restarted as though it had been factory reset.<ref name="ars" /> Collery could no longer sign in to his Google or Samsung accounts; the device told him he did not have permission & to contact his IT administrator.<ref name="ars" />

His cloud backups turned out to be less complete than he had assumed, so the wipe was not recoverable. In a phone interview he described what was gone:
<blockquote>''I lost everything. Contacts, messages, videos, documents, pictures, everything from patient information to the last video I have with my grandmother before she died.''</blockquote><ref name="ars" />

Cooper Quintin, a security researcher & senior technologist at the Electronic Frontier Foundation, told Ars Technica that the restarts & reset were consistent with Verizon pushing instructions to a group of managed devices at once. He said that with a fleet of demo phones under MDM, ''you're just sending instructions to all the phones,'' & that if Verizon wipes demo units on a schedule, the timing may have been the policy taking effect.<ref name="ars" /> Verizon advised Collery to take the phone to a uBreakiFix store, but a technician there could not recover any data because of the management profile.<ref name="ars" />

==Verizon's response==

===Letter to the FCC===

After Collery complained to the FCC, Verizon's executive relations department sent the agency a letter dated April 2, 2026, which he shared with Ars Technica. The letter acknowledged the mistake:
<blockquote>''We acknowledge the seriousness of the error that led to Mr. Collery receiving a device subsequently identified as a 'demo phone,' which was found to have a Mobile Device Management (MDM) registration linked to Verizon. This procedural lapse has been formally submitted for internal investigation.''</blockquote><ref name="ars" />

A Verizon supervisor had earlier assured Collery that refurbished phones are ''like new'' & pass a ''150-point inspection.''<ref name="ars" /> In the same letter Verizon defended its supply chain to the FCC:
<blockquote>''The Executive Office has advised that all Certified devices originate directly from the manufacturer and are designed to meet stringent quality assurance standards.''</blockquote><ref name="ars" /> The letter said Collery had received compensation exceeding $400 before he filed the complaint, that no further credits would be issued, & that the executive office ''considers this case as resolved.''<ref name="ars" /> Verizon's only statement to Ars Technica, in the seven weeks after it was contacted, was that it was ''aware of this customer's concern'' & working to address it.<ref name="ars" /> The carrier did not say who handles its phone refurbishment or how the management profile survived its inspection process.<ref name="ars" />

===Refusal to disclose MDM records===

Collery asked Verizon for records of what personal information the MDM software had recorded & what commands had been sent to the device. A Verizon executive-relations representative answered by email on May 12, 2026:
<blockquote>''I received word back from the Legal team. In order to provide any details about the MDM, we would require a legal order.''</blockquote><ref name="ars" />

Collery replied on May 13 that the California Consumer Privacy Act requires a business to disclose the personal information it collects about a consumer when the consumer asks for it, & he warned that California's invasion-of-privacy statute provides for damages of $5,000 per violation.<ref name="ars" /> The CCPA gives a consumer the right to request that a business disclose the categories of personal information it collected, the sources & purposes, the categories of third parties that received it, & ''[t]he specific pieces of personal information it has collected about that consumer.''<ref name="ccpa-110">{{Cite web |title=California Civil Code section 1798.110 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.110 |access-date=2026-06-13}}</ref><ref name="oag-ccpa">{{Cite web |title=California Consumer Privacy Act (CCPA) |work=California Office of the Attorney General |date=2024-03-13 |url=https://oag.ca.gov/privacy/ccpa |access-date=2026-06-13}}</ref> California Penal Code section 637.2 lets a person injured by a violation of the state's invasion-of-privacy law recover the greater of $5,000 per violation or three times actual damages.<ref name="penal-637">{{Cite web |title=California Penal Code section 637.2 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=PEN&sectionNum=637.2 |access-date=2026-06-13}}</ref>

<gallery mode="packed" heights="200">
File:Verizon-mdm-ccpa-civil-code-1798-110.png|California Civil Code section 1798.110 gives a consumer the right to obtain the specific pieces of personal information a business has collected about them.
File:Verizon-mdm-penal-code-637-2.png|California Penal Code section 637.2 lets a person injured by an invasion-of-privacy violation recover the greater of $5,000 per violation or three times actual damages.
</gallery>

==Consumer response==

Verizon offered to waive Collery's remaining device payments to end the dispute, & a representative asked whether that would be enough for him to walk away.<ref name="ars" /> He declined. He sent Verizon a formal request for his data under the CCPA, submitted a notice of dispute as a prerequisite to arbitration, & said he was weighing a small-claims case, telling Verizon it was hard to negotiate while the company refused to confirm what information had left his device or who ordered it deleted.<ref name="ars" /> The network problems that started the dispute were never fixed. ''My service is still abysmal,'' Collery said. ''I can't even get a GPS signal in front of my building.''<ref name="ars" />

==See also==
*[[Right to Repair]]

==References==
{{reflist}}

[[Category:Verizon]]
[[Category:Privacy]]