Verizon demo phone MDM data wipe: Difference between revisions

Line 1:

everyone is overreacting to this

~~==Verizon's response==~~

~~===Letter to the FCC===~~

~~After Collery complained to the FCC, Verizon's executive relations department sent the agency a letter dated April 2, 2026, which he shared with Ars Technica. The letter acknowledged the mistake:~~

<blockquote>''We acknowledge the seriousness of the error that led to Mr. Collery receiving a device subsequently identified as a 'demo phone,' which was found to have a Mobile Device Management (MDM) registration linked to Verizon. This procedural lapse has been formally submitted for internal investigation.''</blockquote><ref name="ars" />

A Verizon supervisor had earlier assured Collery that refurbished phones are ''like new'' & pass a ''150-point inspection.''<ref name="ars" /> In the same letter Verizon defended its supply chain to the FCC:

<blockquote>''The Executive Office has advised that all Certified devices originate directly from the manufacturer and are designed to meet stringent quality assurance standards.''</blockquote><ref name="ars" /> The letter said Collery had received compensation exceeding $400 before he filed the complaint, that no further credits would be issued, & that the executive office ''considers this case as resolved.''<ref name="ars" /> Verizon's only statement to Ars Technica, in the seven weeks after it was contacted, was that it was ''aware of this customer's concern'' & working to address it.<ref name="ars" /> The carrier did not say who handles its phone refurbishment or how the management profile survived its inspection process.<ref name="ars" />

~~===Refusal to disclose MDM records===~~

Collery asked Verizon for records of what personal information the MDM software had recorded & what commands had been sent to the device. A Verizon executive-relations representative answered by email on May 12, 2026:

~~<blockquote>''I received word back from the Legal team. In order to provide any details about the MDM, we would require a legal order.''</blockquote><ref name="ars" />~~

Collery replied on May 13 that the California Consumer Privacy Act requires a business to disclose the personal information it collects about a consumer when the consumer asks for it, & he warned that California's invasion-of-privacy statute provides for damages of $5,000 per violation.<ref name="ars" /> The CCPA gives a consumer the right to request that a business disclose the categories of personal information it collected, the sources & purposes, the categories of third parties that received it, & ''[t]he specific pieces of personal information it has collected about that consumer.''<ref name="ccpa-110">{{Cite web |title=California Civil Code section 1798.110 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.110 |access-date=2026-06-13}}</ref><ref name="oag-ccpa">{{Cite web |title=California Consumer Privacy Act (CCPA) |work=California Office of the Attorney General |date=2024-03-13 |url=https://oag.ca.gov/privacy/ccpa |access-date=2026-06-13}}</ref> California Penal Code section 637.2 lets a person injured by a violation of the state's invasion-of-privacy law recover the greater of $5,000 per violation or three times actual damages.<ref name="penal-637">{{Cite web |title=California Penal Code section 637.2 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=PEN&sectionNum=637.2 |access-date=2026-06-13}}</ref>

~~<gallery mode="packed" heights="200">~~

File:Verizon-mdm-ccpa-civil-code-1798-110.png|California Civil Code section 1798.110 gives a consumer the right to obtain the specific pieces of personal information a business has collected about them.

File:Verizon-mdm-penal-code-637-2.png|California Penal Code section 637.2 lets a person injured by an invasion-of-privacy violation recover the greater of $5,000 per violation or three times actual damages.

~~</gallery>~~

==Consumer response==

@@ Line 1: / Line 1: @@
 everyone is overreacting to this
-==Verizon's response==
-===Letter to the FCC===
-After Collery complained to the FCC, Verizon's executive relations department sent the agency a letter dated April 2, 2026, which he shared with Ars Technica. The letter acknowledged the mistake:
-<blockquote>''We acknowledge the seriousness of the error that led to Mr. Collery receiving a device subsequently identified as a 'demo phone,' which was found to have a Mobile Device Management (MDM) registration linked to Verizon. This procedural lapse has been formally submitted for internal investigation.''</blockquote><ref name="ars" />
-A Verizon supervisor had earlier assured Collery that refurbished phones are ''like new'' & pass a ''150-point inspection.''<ref name="ars" /> In the same letter Verizon defended its supply chain to the FCC:
-<blockquote>''The Executive Office has advised that all Certified devices originate directly from the manufacturer and are designed to meet stringent quality assurance standards.''</blockquote><ref name="ars" /> The letter said Collery had received compensation exceeding $400 before he filed the complaint, that no further credits would be issued, & that the executive office ''considers this case as resolved.''<ref name="ars" /> Verizon's only statement to Ars Technica, in the seven weeks after it was contacted, was that it was ''aware of this customer's concern'' & working to address it.<ref name="ars" /> The carrier did not say who handles its phone refurbishment or how the management profile survived its inspection process.<ref name="ars" />
-===Refusal to disclose MDM records===
-Collery asked Verizon for records of what personal information the MDM software had recorded & what commands had been sent to the device. A Verizon executive-relations representative answered by email on May 12, 2026:
-<blockquote>''I received word back from the Legal team. In order to provide any details about the MDM, we would require a legal order.''</blockquote><ref name="ars" />
-Collery replied on May 13 that the California Consumer Privacy Act requires a business to disclose the personal information it collects about a consumer when the consumer asks for it, & he warned that California's invasion-of-privacy statute provides for damages of $5,000 per violation.<ref name="ars" /> The CCPA gives a consumer the right to request that a business disclose the categories of personal information it collected, the sources & purposes, the categories of third parties that received it, & ''[t]he specific pieces of personal information it has collected about that consumer.''<ref name="ccpa-110">{{Cite web |title=California Civil Code section 1798.110 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.110 |access-date=2026-06-13}}</ref><ref name="oag-ccpa">{{Cite web |title=California Consumer Privacy Act (CCPA) |work=California Office of the Attorney General |date=2024-03-13 |url=https://oag.ca.gov/privacy/ccpa |access-date=2026-06-13}}</ref> California Penal Code section 637.2 lets a person injured by a violation of the state's invasion-of-privacy law recover the greater of $5,000 per violation or three times actual damages.<ref name="penal-637">{{Cite web |title=California Penal Code section 637.2 |work=California Legislative Information |url=https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=PEN&sectionNum=637.2 |access-date=2026-06-13}}</ref>
-<gallery mode="packed" heights="200">
-File:Verizon-mdm-ccpa-civil-code-1798-110.png|California Civil Code section 1798.110 gives a consumer the right to obtain the specific pieces of personal information a business has collected about them.
-File:Verizon-mdm-penal-code-637-2.png|California Penal Code section 637.2 lets a person injured by an invasion-of-privacy violation recover the greater of $5,000 per violation or three times actual damages.
-</gallery>
 ==Consumer response==