END the FCC Data Retention Mandate!
The FCC requires the telephone companies to keep your telephone records for 18 months for future criminal investigations.
This violates your privacy and should end!
- The retention of phone records implicates the privacy and freedom of association rights of millions of Americans.
- The retention of phone records increases the risk of data breaches like the OPM breach in 2015.
- Modern bundled phone billing makes the 1986 rule unnecessary.
- The U.S. data retention requirement is at odds with international law and fundamental rights.
How You Can Help
On August 4, 2015, a coalition of civil society organizations, legal scholars, technology experts, and EPIC filed a petition with the FCC asking the Commission to repeal a regulation that requires telephone companies to retain the detailed call records of their customers. The coalition explained that the regulation was unduly burdensome and ineffectual and posed an ongoing threat to the privacy and security of American consumers. On May 17, 2017, the FCC published a Public Notice seeking comment on the petition. Comments are due June 16, 2016.
- EPIC Advises FCC to Protect Privacy of Lifeline Subscribers: In comments on an FCC proposed rule, EPIC said that the agency should not track the Internet use of Lifeline subscribers. Lifeline is a federal program that provides broadband service to economically disadvantaged Americans. The FCC is proposing that Lifeline subscribers install apps to track their data usage and that companies retain detailed records about Internet use by Lifeline subscribers. EPIC said: "Americans should not be required to sacrifice their privacy to access the Internet." EPIC led a campaign and petition opposing the FCC's requirement that telephone carriers retain detailed records of American telephone customers. (Jan. 28, 2020)
- Top European Court to Review National Data Retention Laws: Today, the Court of Justice for the European Union will hear challenges to the data retention laws of the UK, Belgium, and France. The Court previously invalidated European and national data retention laws that required companies to retain communications data for law enforcement purposes. The Court said the laws were a "particularly serious" interference with the right to privacy. The new challenges, brought by civil society organizations, contend that European national laws fail to comply with the earlier rulings. EPIC recently urged the FCC to repeal a similar regulation that requires the retention of US telephone records, following an earlier petition to the agency. When the FCC docketed the EPIC petition for public comment, every comment received supported an end to the data retention regulation. (Sep. 9, 2019)
- EPIC Again Urges FCC to Repeal Data Retention Regulation + (May. 13, 2019)
- Irish Court Finds Data Retention Law Violates Human Rights + (Dec. 11, 2018)
- EPIC Urges FCC To End The Data Retention Mandate + (Aug. 2, 2018)
- EPIC Urges Congress to Focus on FCC and Privacy + (Jul. 27, 2017)
- EPIC Urges Swift Action on FCC Data Retention Mandate + (Jun. 20, 2017)
- EPIC Launches Campaign to End FCC Data Retention Mandate + (Jun. 13, 2017)
- FCC Responds to EPIC's Petition, Seeks Public Comment on Data Retention Mandate + (Jun. 7, 2017)
- EPIC, Coalition Urge FCC to Act on Petition to End Call Data Retention + (Apr. 23, 2017)
- FCC Adopts Modest Privacy Rules for Broadband Services + (Oct. 27, 2016)
- Coalition Urges White House to Recognize EU Opinion; End NSA Telephone Records Program + (Apr. 16, 2014)
- European High Court Strikes Down Data Retention Law + (Apr. 8, 2014)
- House Committee Approves Controversial Measure to Require Data Retention for All Internet Users + (Aug. 1, 2011)
More top news
FCC regulations require telephone companies to retain private call records for 18 months:
Each carrier that offers or bills toll telephone service shall retain for a period of 18 months such records as are necessary to provide the following billing information about telephone toll calls: the name, address, and telephone number of the caller, telephone number called, date, time and length of the call. Each carrier shall retain this information for toll calls that it bills whether it is billing its own toll service customers for toll calls or billing customers for another carrier.
47 C.F.R § 42.6 (“Retention of Telephone Toll Records”).
The rule was created in 1963 to help telephone providers calculate the bills of their customers and to allow customers to dispute bills. When it was enacted, the rule required carriers to retain data for six months.
In 1985, the FCC initiated a rulemaking to remove this record-keeping requirement. In response to the FCC's proposal, the Department of Justice petitioned the Commission to extend the retention period to 18 months, claiming that "telephone toll records are often essential to the successful investigation and prosecution of today's sophisticated criminal conspiracies." Telecommunications providers objected to the DOJ’s proposal, but the FCC ultimately chose to extended the retention requirement to 18 months.Today, as the DOJ has acknowledged, "the efficacy of the Commission's current Section 42.6 requirement to meet law enforcement needs has been significantly eroded." Carriers have "moved away from classic billing models, in which charges are itemized," instead using "non-measured, bundled, and flat-rate service plans." The change in billing practices has led some carriers to claim "that call records under such new plans are not covered by Section 42.6 because they are not 'toll records.'" The original justification of the bill—to allow customers to calculate and dispute their bills—is no longer relevant. The rule imposes unnecessary restrictions on businesses that seek to minimize the collection of their customers' personal information
On August 4, 2015, an EPIC-led coalition of 29 civil society organizations and 34 legal scholars and technology experts filed a petition with the FCC asking the Commission to repeal the regulation that requires telephone companies to retain the detailed call records of their customers. The coalition explained that "the rule requiring mass retention of phone records exposes consumers to data breaches, stifles innovation, reduces market competition, and threatens fundamental privacy rights."
According to the coalition petition, "the 18-month data retention rule serves no purpose." Although the retention rule is no longer relevant to customer billing and its usefulness as a law enforcement tool has diminished, the petition explained, the mass retention of telecommunications records implicates substantial privacy and associational freedom interests. Telephone call records "not only show who consumers call and when, but can also reveal intimate details about consumers' daily lives. These records reveal close contacts and associates, and confidential relationships between individuals and their attorneys, doctors, or elected representatives." And because the toll records retained under the rule "are not specifically tailored or limited to a particular investigation," the rule requires carriers to retain sensitive data on millions of Americans who are under no suspicion of wrongdoing.
The petition also explained that mandatory retention of sensitive phone records increases the likelihood and impact of large-scale data breaches. For example, in 2015, the Office of Personnel Management discovered that the personal data of 21.5 million current and former Federal government employees and contractors had been stolen. The petition also observed that the FCC itself had brought data breach actions against companies that had failed to protect personal information. For example, the agency proposed "a $10 million fine against two telecommunications carriers for failing to protect the personal information of up to 305,000 consumers."
On April 24, 2017, after more than twenty months of inaction from the FCC on the petition, EPIC and a coalition of 37 leading civil society organizations submitted a letter to the FCC urging the Commission to act. The coalition letter noted that at least two large data breaches had affected telephone records since the petition had been filed. In November 2015, 70 million prisoner call records were exposed in a data breach. In another breach announcement, a former Verizon employee was accused in September 2016 of selling private call records.
On May 17, 2017, the FCC responded to EPIC's petition with a Public Notice seeking comment. Comments are due on June 16, 2017. Reply comments are due July 3, 2017.
- Coalition Petition for Rulemaking (August 4, 2015)
- Coalition letter asking the FCC to act on the August 4, 2015, petition (April 24, 2017)
- FCC Public Notice seeking comment on the Petition for Rulemaking. WC Docket No. 17-130 (May 17, 2017)
- Privacy Groups Urge FCC To End Call Data Retention Rule, Law360, April 24, 2017
- Ex-Verizon worker accused of selling customer phone records, Associated Press, September 26, 2016
- Not So Securus: Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege, The Intercept, November 11, 2015
- Stop forcing companies to save user data, groups urge in FCC petition, The Hill, August 4, 2017
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.