The FCC wants to stop spam calls. The method: require every telecommunications provider in the country to collect your government-issued photo ID, physical home address, and an alternate phone number before activating your service.

The rulemaking is FCC-26-27A1, adopted April 30, 2026. It frames this as Know Your Customer β€” KYC β€” the same regime banks use. The logic: if providers know who their customers are, law enforcement can subpoena records and trace scam calls back to their source.

The proposal also asks whether providers should retain this information for four years after the customer relationship ends. Whether they should consult law enforcement watchlists for “terrorists” and “criminal persons” before granting service. Whether these requirements should apply to prepaid phones β€” the ones you buy at a gas station counter with cash and no name attached.

The FCC calls this robocall prevention.

Here is what the FCC already has.

STIR/SHAKEN is a network-level authentication standard that verifies caller ID at the infrastructure layer. It doesn’t require anyone’s driver’s license. It doesn’t store anyone’s home address. It works at the protocol level β€” the call is either authenticated or it isn’t. The FCC’s own documents acknowledge that network-level prevention is “the most effective way to prevent unwanted calls.”

As of April 2026, STIR/SHAKEN covers 42.3% of voice traffic. That number is going down, not up β€” it was 44.5% in February. Among smaller carriers, only 17.5% of traffic is signed. Up to 13% of signed traffic uses invalid numbers with full “A-level” attestation, meaning the authentication system is being misused even where it exists.

The technical solution works where it’s deployed. It is being deployed less, not more. The FCC’s response to a declining implementation rate of the tool that works is to propose a different tool that collects government IDs.

Now here is what the telecommunications industry does with the data it already has.

In 2024, AT&T disclosed that 7.6 million current accounts and 65 million former customer records were breached. Separately, 109 million customer account records were downloaded. Comcast lost 36 million accounts in 2023. And then came Salt Typhoon.

Salt Typhoon was a Chinese intelligence operation that compromised nine U.S. telecommunications carriers β€” Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated Communications, and Windstream among them. The hackers accessed call metadata for over a million users. They obtained audio recordings of phone calls made by presidential campaign staff, including phones belonging to Donald Trump and JD Vance. They walked through the CALEA infrastructure β€” the wiretapping system the government requires carriers to maintain β€” and used it as their own surveillance platform. The FBI eventually notified organizations in over 80 countries that the hackers had interest in their systems.

The FCC’s proposal would require these same companies to collect and store government-issued photo identification for every customer. And keep it for four years after you leave.

The companies that couldn’t protect your call records will now protect your driver’s license.

Fifteen million Americans don’t have a driver’s license. 2.6 million lack any government-issued photo ID. The gap falls disproportionately on Black Americans, Hispanic Americans, disabled individuals, and lower-income populations. Prepaid phones β€” the ones this proposal targets specifically β€” serve domestic violence survivors who need a number their abuser doesn’t know. Journalists protecting sources. Whistleblowers. Unhoused people without a physical address to provide. Protesters. Children in unstable homes.

The FCC asks whether KYC requirements should “vary” for prepaid service. The question is the answer. If prepaid phones require the same government ID as postpaid contracts, anonymous communication in the United States ends. Not for criminals β€” criminals buy fraudulent identities, the same way money laundering persists despite decades of financial KYC. For everyone else.

The rulemaking also asks whether this data could help investigate “organized crime, trafficking, espionage, influence operations, and other national-security concerns.” That sentence is the mission creep written into the proposal before the comment period closes. The purpose was spam calls. The aspiration is a national identity verification system routed through companies that were just used as surveillance infrastructure by a foreign government.

Bruce Schneier noted that requiring an alternate phone number to activate a phone creates a paradox β€” you need a phone to get a phone. He also noted that this mirrors identity verification requirements in authoritarian countries. The EFF and ACLU filed joint comments recommending the proposal be abandoned entirely.

The reply comment deadline is July 27, 2026.

The FCC has a tool that authenticates calls at the network level without collecting anyone’s identity. That tool is at 42% and falling. The FCC’s proposed alternative collects government IDs from 330 million people and stores them with nine companies that a foreign intelligence service already owns the keys to.

The solution to the breach is more data for the breached.

// NEON BLOOD