FCC's Anti-Robocall KYC Proposal Would Turn Phone Access Into an Identity Checkpoint

Bitcoin security engineer Jameson Lopp argues that an FCC rulemaking adopted April 30, 2026 — pitched as a robocall crackdown — would in practice build a telecom surveillance regime. The proposal contemplates forcing voice providers to verify customer identities (name, address, government ID) before activating service, extending those checks to prepaid SIMs and third-party vendors, retaining records for four years after a customer leaves, and screening subscribers against opaque law-enforcement watchlists. A proposed $2,500 per-call penalty for violations would push carriers toward over-collection and over-denial as the safest corporate posture.

Lopp’s core objection is that identity verification doesn’t stop determined criminals: financial-sector KYC is routinely defeated with cheap stolen identities harvested from the constant stream of data breaches, and the same dynamic would play out in telecom. Meanwhile, the people who genuinely depend on anonymous prepaid phones — domestic violence survivors, whistleblowers, journalists, protesters, and people facing physical ‘wrench attack’ threats over cryptocurrency holdings — would lose a critical safety tool. He also flags mission creep in the FCC’s own text, which floats using the rules for investigations into trafficking, espionage, and national-security matters well beyond illegal calls.

The piece calls for targeted alternatives instead: enforcement against high-volume commercial originators, spoofing infrastructure, SIM-box operations, and carriers that knowingly route illegal traffic, plus risk-based diligence limited to bulk callers. Lopp frames mandatory ID collection itself as the harm — ‘Kill Your Customer’ — since centralized PII databases create breach and impersonation risk that ultimately makes phone accounts less secure, not more.