HN
Today

A Call to Action: Stop the FCC's KYC Regime

The FCC is proposing new "Know Your Customer" (KYC) rules for all phone service, including prepaid, ostensibly to combat robocalls, but critics argue this represents mass surveillance. This move sparks significant privacy concerns on Hacker News, with many questioning its effectiveness against sophisticated criminals and highlighting potential harm to vulnerable populations. The community is mobilizing to submit public comments to the FCC, advocating for privacy over perceived security measures.

68
Score
30
Comments
#1
Highest Rank
3h
on Front Page
First Seen
Jun 12, 3:00 PM
Last Seen
Jun 12, 5:00 PM
Rank Over Time
1112

The Lowdown

Jameson Lopp's article, "A Call to Action: Stop the FCC's KYC Regime," vehemently opposes a proposed FCC rule that would mandate "Know Your Customer" (KYC) identity verification for all phone service users, including those with prepaid plans. While the FCC frames this as a solution to rampant robocalls, Lopp argues it's a dangerous expansion of government surveillance and a significant erosion of fundamental privacy rights.

  • The FCC's "Further Notice of Proposed Rulemaking" seeks stronger KYC, potentially requiring name, address, government ID, and alternate phone numbers for service. It was approved by Chairman Brendan Carr and Commissioners Gomez and Trusty.
  • Lopp contends that KYC is ineffective against determined criminals, citing its failure in the financial sector, where readily available stolen PII allows easy circumvention of checks.
  • The proposal specifically targets prepaid services, impacting "burner phones" that are vital for privacy-conscious individuals, domestic violence survivors, journalists, whistleblowers, and others needing anonymous communication.
  • Serious concerns are raised about the FCC asking if providers should consult "terrorist" or "criminal persons" lists, which could lead to false positives, abuse, and the denial of basic communication infrastructure without due process.
  • The proposal also considers long retention periods (four years post-service) for KYC data, increasing risks of breaches, misuse, and "mission creep" to broader law enforcement objectives beyond robocalls.
  • Lopp highlights that collecting sensitive PII (which he rebrands as "Kill Your Customer") actually weakens consumer security through risks like SIM swapping, rather than protecting them.
  • The article concludes with an urgent call to action, providing a link and template for public comments to the FCC, urging citizens to voice their opposition before the June 25, 2026, deadline.

Lopp asserts that privacy is not a crime, and the burden should be on the government to justify eroding civil liberties, not on citizens to fight for them. He proposes alternative, targeted solutions to robocalls that don't involve universal identity verification.

The Gossip

KYC's Questionable Efficacy

Many commenters expressed skepticism regarding the proposed KYC regime's actual ability to reduce robocalls and spam. They highlighted the prior failure of the SHAKEN/STIR protocol, noting that spammers often bypass it via outdated legacy systems. Others pointed out that KYC in the financial sector has not stopped sophisticated criminals, suggesting that bad actors would simply acquire stolen personally identifiable information (PII), effectively turning telecom providers into attractive 'honeypots' for data theft rather than effective crime deterrents. A less common counter-argument suggested that similar systems have worked in other countries, though this was met with requests for citation.

Privacy Predicaments and Perils

A predominant theme in the discussion was the extensive privacy implications and potential for abuse. Commenters voiced deep concern over telecommunications companies, given their documented history of data breaches and sales, being entrusted with even more sensitive PII. They particularly highlighted the risk of 'mission creep,' where law enforcement could exploit this data for purposes far beyond robocall prevention, and the chilling effect on vulnerable groups—such as domestic violence survivors, journalists, and activists—who rely on anonymous communication for safety and protection. The public nature of submitting comments to the FCC was also noted as a privacy paradox.

Accountability vs. Anonymity Agitations

A core tension in the comments revolved around the desire for communication anonymity versus the demand for user accountability. Some users expressed a preference for traceable phone lines, believing such a system would help combat spam, harassment, and abuse by linking calls to identifiable individuals. They even proposed options for users to block calls from anonymous numbers. However, privacy advocates countered that mandating traceability for all communication undermines fundamental rights, arguing that a complete solution that satisfies both desires perfectly might be an impossible goal.