FCC Proposes Know-Your-Customer Rules That Would End Burner Phones

The Federal Communications Commission has released a proposal that could eliminate one of the last remaining avenues for anonymous telecommunications in the United States. The rule would impose know-your-customer requirements on all cellular network providers, mandating they collect and retain extensive personal information before granting service access.

What the proposal requires

Under the proposed regulation released late last month, cellular providers would need to obtain and retain several pieces of identifying information from every new and renewing customer: full name, physical address, a government-issued identification number, and an alternate telephone number. This information would need to be collected before granting access to cellular services.

The FCC frames the measure as analogous to anti-money-laundering laws, positioning it as a tool to make phone networks harder for scammers to exploit. The agency is accepting public comments on the proposal until June 25.

Privacy advocates push back

Privacy advocates argue the rule threatens essential anonymity for journalists, whistleblowers, activists, and ordinary citizens seeking to avoid pervasive data collection. The proposal would directly undermine services like Phreeli, a recently launched phone carrier that allows users to register with only a ZIP code.

"We're trying to help people feel more comfortable living their normal lives, where they're not doing anything wrong, and not feel watched and exploited by giant surveillance and data mining operations," Phreeli founder Nicholas Merrill said. "I think it's not controversial to say the vast majority of people want that."

The rule would also effectively end the practice of purchasing temporary burner phones without identification—a method that, while legal, has become increasingly difficult to execute as digital anonymity erodes across multiple fronts.

Why it matters

This proposal represents a fundamental shift in telecommunications privacy policy. While anti-fraud measures have legitimate security benefits, mandatory identity verification eliminates a critical tool for source protection, domestic abuse survivors seeking safety, and individuals in sensitive situations who need temporary anonymous communication. The tension between security and privacy in this proposal mirrors broader debates about surveillance authority that continue to shape technology policy.

Other security developments

In related news, Meta removed code from its smart glasses app that would have enabled face-recognition features, though the company declined to comment on whether such functionality might return. Separately, the cybercriminal group ShinyHunters exploited a zero-day vulnerability in Oracle's PeopleSoft software to breach more than a hundred organizations, primarily in the education sector, according to warnings from Google.

Microsoft also released its largest-ever Patch Tuesday update, with more than 200 bug fixes enabled by AI-powered vulnerability discovery tools.

These details were first reported by WIRED.