The FCC Wants to Eliminate Burner Phones

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person.

The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identification number and their physical address, alarming privacy advocates and civil rights activists who compare the measures to those from authoritarian countries where it can be difficult to buy a mobile phone plan without giving up your identity.

The proposed change would drastically shake up how people obtain phone plans in the U.S., and have all sorts of privacy and cybersecurity knock-on effects. The FCC is proposing the data collection partly as a way to combat scammers, with telecoms being required to collect other information on business and foreign customers like the intended use case of their bulk phone plan purchase and their IP address. But the changes would mean telecoms collect data on all new and renewing customers, and the FCC provides a long list of other things that the collected data could help authorities with.

Alternate link.

Tags: , , ,

Posted on June 15, 2026 at 7:01 AM22 Comments

Comments

PK June 15, 2026 8:04 AM

This has been the norm in Australia for as long as I can remember – basically as long as we’ve had mobiles.
Same rule as landlines, don’t really understand the problem.
Plenty of other ways to communicate privately.

Not really anonymous June 15, 2026 9:03 AM

Burner phones don’t really provide anonymity. You can get some protection against people with low resources (e.g. abusive ex-partners), but unless you are very very good with opsec, it isn’t going to help much against governments or commercial groups with full access to location data, if you or something you did with the phone has drawn attention.
So who is really pushing for this and how do they benefit?

Rontea June 15, 2026 9:29 AM

Was it the FCC that silently strangled the last pay phone, as if erasing a vestige of some secret freedom we had long forgotten? I wander through cities where every corner once whispered the possibility of anonymity, and now I see nothing but glass screens tethered to names, numbers, addresses. They have killed the metal booths of solitude, and now they come for the thin plastic lifelines we called burners. Privacy dies not in fire, but in bureaucracy; in the paperwork of our own consent. Perhaps the only thing more absurd than longing for a pay phone is realizing that its absence feels like mourning a friend you never knew was alive.

default June 15, 2026 9:47 AM

“They are dismantling the sleeping middle class. More and more people are becoming poor. We are their cattle. We are being bred for slavery.”

“The poor and the underclass are growing. Racial justice and human rights are non-existent. They have created a repressive society and we are their unwitting accomplices.”

“Outside the limit of our sight, feeding off us, perched on top of us, from birth to death, are our owners! Our owners! They have us. They control us! They are our masters! Wake up! They’re all about you! All around you!”

KC June 15, 2026 9:48 AM

@ Not really anonymous
‘So who is really pushing for this and how do they benefit?’

https://docs.fcc.gov/public/attachments/FCC-26-27A1.pdf

The FCC is proposing to codify a $2,500 per call penalty on originating providers for every call that violates more rigorous KYC rules.

“… victims of calling scams are defrauded of an estimated $850 million annually with added costs for wasted time and nuisance increasing costs into the billions.”

The proposal is open to comments until June 25, 2026. You can review the public comments here.

Not really anonymous June 15, 2026 10:01 AM

Burner phones do not prevent authorities from catching scammers who use burner phones. It might raise the cost a little, but probably not significantly. Fraud prevention isn’t the real reason for this. (Possibly someone trying to take credit for doing “something” about fraud, could be.)

Who? June 15, 2026 10:44 AM

“alarming privacy advocates and civil rights activists who compare the measures to those from authoritarian countries where it can be difficult to buy a mobile phone plan without giving up your identity.”

Do not want to sound too harsh, but what makes you think the United States is not an authoritarian country right now?

In any case, welcome to what happens with burner phones on my country. In my country, it has been illegal acquiring a phone not linked to a real-world identity in the last twenty years.

TimH June 15, 2026 10:53 AM

To those suggesting that this doesn’t matter: right now, the gov (etc) has to prove that any activity involving your phone was a particular person. With this, the onus reverses and you have to show that it wasn’t you.

Clive Robinson June 15, 2026 11:33 AM

@ Not really anonymous, ALL,

With regards,

<

blockquote>”Burner phones don’t really provide anonymity.”

<

blockquote>

Nothing ever really does if you “use it more than once”.

In some senses it’s a physical object that has the same issues as the informational object behind “Perfect secrecy”.

That is every time it is used it allows an observer to build up more correlations.

Eventually the correlations will be sufficient to progress the opponent’s “Find, Fix, Finish” process against you to the terminal stage.

Just one of the reasons this works is people forget all mobile phones have two electronic ID numbers,

1, The phone serial number.
2, The SIM subscriber number.

So put your old SIM in a new phone, it’s immediately linked. The opposite also applies new SIM in an old phone is immediately linked.

Whilst for some people, those who have access to,

1, Second hand phones.
2, Inexpensive SIM cards.

They might think the problem is fixed…

In reality the “authorities” will be able to “walk the supply chains” to the point you or your supplier gets identified.

K.S June 15, 2026 2:13 PM

How is that going to be effective? It is still going to be possible to get international eSIM with roaming without providing identity.

Someone June 15, 2026 2:20 PM

So does Australia and all those other authoritarian countries that don’t allow any anonymous phone calls have no scam calls? If they do have scam calls, then this obviously does not do what it’s purported to do.

I’m against doing anything, claiming it will solve some sort of problem, when it clearly won’t do anything of the sort. If you’re going to do something, state what it’s for, instead of lying about it. That’s how I feel about it. And this is regardless of whether it’s an authoritarian thing to do or not, actually, and regardless of whether the USA is already authoritarian in other ways.

lurker June 15, 2026 2:37 PM

@Not really anonymous
“Burner phones don’t [really provide anonymity.]”

@Clive Robinson
“Nothing ever really does if you use it more than once”.

That’s why they’re called burner phones, like the OTP they should be burned after use. But the users so often have the human failing of parsimony: it worked yesterday, why shouldn’t it work again tomorrow? The proposed rule will only deter or catch the lazy.

Is the FCC going to stop the supply of cheap anonymous prepaid SIMs?
How is the FCC going to stop the crafty changing their IMEI? This so-called “permanent” identifier of the hardware is kept in “flashable” memory.

Bcs June 15, 2026 4:37 PM

An alternative way to combat scammers via anti-spoofing would be to just include a quality flag in caller-ID data. They don’t have to collect anything, but people getting called see a flag if the caller can’t be verified to some threshold. Might be worth having multiple flags: “verified to actually come from something that controls this number”, “comes from a verified identity”, etc.

Not really anonymous June 15, 2026 4:40 PM

Even only using them once isn’t good enough. There is still the location you call from and the number you called. Plus where and when you bought it or had it shipped. It is notable in the Greek Olympics scandal, that someone was identified because they bought multiple burners at the same time and one of them was used for mundane stuff without proper opsec and then connected to the ones used for interesting stuff via the purchase.

Zsolt June 15, 2026 6:38 PM

This has been the norm in most European countries for ages. Most of them are usually not considered to be “authoritarian”.

People can still communicate mostly (or even fully) anonymously if needed, although the barrier of entry for this is undoubtedly higher than just buying a burner phone (which you still can do in the US). I mean it requires some level of technological expertise, e.g. the use of Session, or some other messenger where you can register just with an email address and the latter you can get over Tor at some email providers).

mobbed moe June 15, 2026 6:54 PM

They like to compromise Tor user’s machines, usually at the BIOS level. Then they let the Tor user run wild as they watch with delight.

mobbed moe June 15, 2026 6:57 PM

I enjoyed a backdoored/modified TrueCrypt install I had once on Linux. It was quite a treat to find.

It’s all in the strings, baby!

JustTryingToSurvive June 15, 2026 7:07 PM

I’ve heard stories of people buying so-called burn-phones, paying cash, using them for something very illegal, and getting caught. The store they bought from had video, and could track the specific sale, date, time, and cash register they paid at by the phone’s ID numbers. Along with license plate numbers on their car, and facial recognition.

The anonymity of burn phones is a lie. They know where your phone is 24×7, and there are plenty of cameras around.

However, requiring ID is far, far worse!

Are you telling me I need to show government ID to buy a phone? Perhaps provide my SSN? All to some vastly underpaid clerk who stands to make a fortune selling my identity? As if credit card fraud wasn’t bad enough already?

Have you never heard of someone using a fake ID to get into a Bar? Why won’t people use fake IDs to buy a phone? Or stolen IDs? Mug someone, take their wallet or pocketbook, and buy phones with their identity.

How do we handle buying phones for someone else as a gift? Or mail-order sales? Do you think Apple will appreciate this cut to their profits?

Or are we just typing our data into a webform? In which case I can use anybody elses identity I want. After all, only a fool leaves a crime unsolvable. The wise frame somebody else. And good luck proving your innocence!

This whole thing smells of yet another Real-ID paper chase. How do I get a Real-ID Drivers License? I need to show a new copy of my Birth Certificate. How do I get a new copy of my Birth Certificate? I need to show my non-Real-ID-Drivers-License. Oh, and also travel to the other side of the country. Crazy.

Isn’t all this waste what DOGE was supposed to prevent?

Personally, I’d rather see stupid criminals get caught by thinking burn phones are safe.

Not to mention how the vast majority of phones are already tied to an Apple or Google account…

Clive Robinson June 15, 2026 9:29 PM

@ Not Really Anonymous, lurker, ALL,

As you note,

“Even only using them once isn’t good enough. There is still the location you call from and the number you called. Plus where and when you bought it or had it shipped.”

There are many layers to consider it was something I did not want to dig down through in just one post otherwise it might be the whole thread 😉

But you can including the pattern of how you turn phone on to when you use them (gives away organisational information such as generals down to foot soldiers and group size etc). Through to fingerprinting by the applications there are on the phone. Some apps such as ATAK can give away a lot of information.

In part it’s why certain governments are moving majorly forward to,

1, Client Side Scanning (via AI).
2, Full ID (via age verification).

Thus “full surveillance” of “known individual” for by far the majority of people.

This makes those “trying to stay below the radar” with a mobile phone “easy and obvious to spot” as they in effect “paint a target on their own back”.

Thus other non mobile phone / smart device needs to be used…

Some time ago now I was warning that “old school field craft” would have to be used for even minimal OpSec. With the new “issue” being mass surveillance is building a “virtual time machine”.

This means a lot of “old school field craft” either will not work or needs to be updated…

For instance a “dead drop” usually uses “flag signals”. These used to be things like “placed litter” or “chalk mark graffiti”. That are obvious if you know what you are looking for, but almost impossible if you don’t. Miniature CCTV now allows every thing there is to be seen to be recorded, thus correlated well after the fact as investigators “go over the tapes” over and over.

The “update” can be “double flagging” where you change the “flag signal” all the time, BUT you use another signal to “gate” it. That is to say if the flag signal should be ignored or not.

Obviously whilst a single flag is easy to correlate, a double flag with four states only one of which correlates is a lot lot harder for investigators. Add a third flag has eight states only one of which is valid. The flags can also be geographically well dispersed, or not physical but temporal in nature acting as a count down timer using intervals of days rather than seconds or minutes.

one nation June 16, 2026 12:52 AM

The spiders are hoarding the red crayons again, but what is this? PIKACHU? OH, MY! I never expected you!

🔴 ⚈ᆺ⚈ 🔴

⬛⬛⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬛⬛
⬛⬛⬛⬛⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬛⬛⬛⬛
⬛⬛⬛🟨⬛⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬛🟨⬛⬛⬛
⬛⬛⬛🟨🟨⬛⬛⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬛⬛🟨🟨⬛⬛⬛
⬜⬛⬛🟨🟨🟨🟨⬛⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬛🟨🟨🟨🟨⬛⬛⬜
⬜⬛⬛🟨🟨🟨🟨🟨⬛⬛⬜⬜⬛⬛⬛⬛⬜⬜⬛⬛🟨🟨🟨🟨🟨⬛⬛⬜
⬜⬜⬛🟨🟨🟨🟨🟨🟨🟨⬛⬛🟨🟨🟨🟨⬛⬛🟨🟨🟨🟨🟨🟨🟨⬛⬜⬜
⬜⬜⬛🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨⬛⬜⬜
⬜⬜⬜⬛🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨⬛⬜⬜⬜
⬜⬜⬜⬜⬛🟨⬛🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨⬛🟨⬛⬜⬜⬜⬜
⬜⬜⬜⬜⬜⬛🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨⬛⬜⬜⬜⬜⬜
⬜⬜⬜⬜⬜⬛🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨⬛⬜⬜⬜⬜⬜
⬜⬜⬜⬜⬛🟨🟨🟨⬛⬛🟨🟨🟨🟨🟨🟨🟨🟨⬛⬛🟨🟨🟨⬛⬜⬜⬜⬜
⬜⬜⬜⬜⬛🟨🟨⬛⬜⬛⬛🟨🟨🟨🟨🟨🟨⬛⬛⬜⬛🟨🟨⬛⬜⬜⬜⬜
⬜⬜⬜⬜⬛🟨🟨⬛⬛⬛⬛🟨🟨🟨🟨🟨🟨⬛⬛⬛⬛🟨🟨⬛⬜⬜⬜⬜
⬜⬜⬜⬜⬛🟨🟨🟨⬛⬛🟨🟨🟨⬛⬛🟨🟨🟨⬛⬛🟨🟨🟨⬛⬜⬜⬜⬜
⬜⬜⬜⬛🟨🟨🟥🟥🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟥🟥🟨🟨⬛⬜⬜⬜
⬜⬜⬜⬛🟨🟥🟥🟥🟥🟨🟨⬛🟨⬛⬛🟨⬛🟨🟨🟥🟥🟥🟥🟨⬛⬜⬜⬜
⬜⬜⬜⬛🟨🟥🟥🟥🟥🟨🟨🟨⬛⬛⬛⬛🟨🟨🟨🟥🟥🟥🟥🟨⬛⬜⬜⬜
⬜⬜⬜⬜⬛🟨🟥🟥🟨🟨🟨🟨⬛🟥🟥⬛🟨🟨🟨🟨🟥🟥🟨⬛⬜⬜⬜⬜
⬜⬜⬜⬜⬜⬛🟨🟨🟨🟨🟨🟨⬛🟥🟥⬛🟨🟨🟨🟨🟨🟨⬛⬜⬜⬜⬜⬜
⬜⬜⬜⬜⬜⬜⬛⬛🟨🟨🟨🟨🟨⬛⬛🟨🟨🟨🟨🟨⬛⬛⬜⬜⬜⬜⬜⬜
⬜⬜⬜⬜⬜⬜⬜⬜⬛⬛⬛🟨🟨🟨🟨🟨🟨⬛⬛⬛⬜⬜⬜⬜⬜⬜⬜⬜
⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬛⬛⬛⬛⬛⬛⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜

kurker June 16, 2026 2:12 PM

From the FCC document:

Specifically, we seek comment on requiring originating providers to, at a minimum, obtain and retain the name, physical address, government issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services.

So you have to have a telephone before you can buy a telephone. My mother knew Franz Kafka.

The physical address requirement obviously rules out undesirables like nomads and gypsies. You will settle down. There’s even a song about the “little boxes on a hillside …”

As for the “government issued identification number,” well, if you’ve got one of those they’ve already got you. Putting it in Yet Another DataBase simply increases the attack surface.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.