The Federal Communications Commission is poised to begin forcing the country’s telecom companies to collect names, addresses and government identification numbers for every cellphone customer.
If adopted — a likely outcome given the FCC’s current Republican majority who support it — the rules would effectively outlaw burner phones, devices that aren’t specifically tied to identifying data, allowing the privacy-minded to maintain their anonymity.
The proposal is called “Know-Your-Customer Requirements,” and the FCC is framing it as a way to stop robocalls and scammers. Anyone with a phone can tell you the problem is very real: US consumers receive an average of 10 unwanted calls every week, a number that’s grown at a compounded 16% rate every year since 2023.
But privacy experts say the FCC’s solution doesn’t address the core problem. Instead, it punishes those who use burner phones, including journalists, travelers, whistleblowers and domestic abuse survivors.
“Collecting all this data is horrible for everyone’s privacy,” says Chao Jun Liu, a senior legislative associate at the Electronic Frontier Foundation, a nonprofit defending digital privacy. “You have to ask, do you trust the government to have that information at this current moment in time? A government that has proven that they are trying to centralize and weaponize your information.”
Who will be left disconnected?
While burner phones or devices are often associated with criminal activity, they’re also used by a wide variety of privacy-conscious people who don’t want to be tracked. The FCC’s proposed rules would effectively ban their use altogether and require “new and renewing” customers to provide identifying information.
“For decades, civil libertarians have looked overseas at authoritarian countries where the government requires people to register to get a mobile phone to ensure they can be tracked. We never thought that would happen here,” Jay Stanley, a senior policy analyst with the American Civil Liberties Union, told CNET in an email.
The impact won’t just be felt by the digital privacy community, either. By requiring a government-issued identification number, the Know-Your-Customer requirements could leave millions of Americans unable to get a phone at all. As of 2024, nearly 21 million voting-age US citizens don’t have a current driver’s license, with Black and Hispanic Americans disproportionately less likely to have one, according to a report from the Center for Democracy and Civic Engagement. Another 12 million people living in the US are estimated to be undocumented immigrants.
“What this rulemaking would do, if implemented as is, is disconnect people, especially the folks who are already the most marginalized,” says Liu.
Can telecoms be trusted with your data?
Digital privacy advocates argue that telecoms haven’t proven themselves to be good stewards of sensitive data. A 2019 investigation by Motherboard found that it was shockingly easy to buy real-time location data associated with cellphone numbers. These are often purchased by property managers and bail bondsmen through companies called location aggregators, but the data can also be sold on the black market. (The EFF sued AT&T over the practice, but the case was eventually dismissed.)
In 2024, a wave of cyberattacks tied to the Chinese government targeted US internet providers such as AT&T, Verizon and Lumen, gaining access to the call records of tens of millions of Americans.
“Every other year, there’s a new data breach in which 70 million, 100 million, US consumers have their data exposed,” says Liu. “These are the people that we are trusting to collect and hold and retain information.”
The FCC did not respond to CNET’s request for comment.
The rules are open for public comment until June 25, after which the FCC will have roughly a month to reply. The FCC isn’t expected to vote on the proposed rules until several months after that. You can submit your comment online through the FCC’s portal with the following information:
- Proceeding: 17-59
- Type of Filing: Comment
- Address of filer is required
You can find instructions for filing comments here, as well as some examples of comments that have been submitted so far.
“I intensely oppose any regulation which requires personal identification or paperwork for the use of mobile phones,” says a comment filed by Jessica N. Smith. “A scammer might try to steal my information, but that does not justify a process through which the federal government would definitely steal it.”
| Feature | Current state | Proposed FCC rule |
|---|---|---|
| Phone access | Users can purchase and use burner phones for anonymity. | Effectively outlaws burner phones by requiring ID for new/renewing customers. |
| Data collection | Minimal or optional collection depending on the provider and service type. | Mandates collection of name, physical address and government ID for all customers. |
| Primary goal | Varies by provider and user preference. | Framed by the FCC as a strategy to combat robocalls. |
| Privacy impact | Users can maintain anonymity. | Users must provide information or lose phone access. |
| Equity impact | Accessible to most users, including those without standard IDs. | Risks disconnecting marginalized groups, including those without driver’s licenses or undocumented immigrants. |
What privacy-minded users can do
The FCC’s proposed rules are sweeping, and there may not be much users can do to remain anonymous if they’re adopted.
“A core part of the danger of the proposed regime is there wouldn’t be much individuals can do to maintain their privacy. It’s either fork over all your information or not have a phone number,” says Liu.
While every phone used in the US would be tied to a name, physical address and government identification number, there are other steps you can take to strengthen your privacy. Here’s what privacy experts recommend:
- Encrypt your data: When you use encryption, anyone trying to access your data would need both the device and your password in order to get it. You can turn on Advanced Data Protection on iPhones by following some simple steps in your phone’s settings. Full-disk encryption options on Android phones can be found in the “Security” settings.
- Download a privacy-focused messaging app: Encrypted messaging apps such as Signal, Telegram and WhatsApp offer end-to-end encryption on all messages, but they each have their own privacy protections in place. You can read more about their policies in CNET’s comparison.
- Use a VPN: VPN services encrypt your traffic as it passes through a remote server, masking your public IP address so that apps and websites view your web traffic as originating from a different location. These can limit your exposure in the event of a cyberattack on telecom companies.
- Turn off location tracking for apps: Every iPhone allows you to opt out of cross-app tracking with one switch; you can also turn off location tracking in the same settings. Android users can turn off location tracking by going to Settings > Location and setting “Use location” to off.
- Use two separate phones: This method essentially compartmentalizes your activities by turning one phone into a pared-down version for specific work or travel uses. That way, even if it’s tied to your name, you won’t be logged into email or apps containing sensitive information.
