END the FCC Data Retention Mandate!
The FCC requires the telephone companies to keep your telephone records for 18 months for future criminal investigations.
This violates your privacy and should end!
- The retention of phone records implicates the privacy and freedom of association rights of millions of Americans.
- The retention of phone records increases the risk of data breaches like the OPM breach in 2015.
- Modern bundled phone billing makes the 1986 rule unnecessary.
- The U.S. data retention requirement is at odds with international law and fundamental rights.
How You Can Help
On August 4, 2015, a coalition of civil society organizations, legal scholars, technology experts, and EPIC filed a petition with the FCC asking the Commission to repeal a regulation that requires telephone companies to retain the detailed call records of their customers. The coalition explained that the regulation was unduly burdensome and ineffectual and posed an ongoing threat to the privacy and security of American consumers. On May 17, 2017, the FCC published a Public Notice seeking comment on the petition. Comments are due June 16, 2016.
- EPIC Urges Congress to Focus on FCC and Privacy: EPIC has sent a statement to the House Commerce Committee for a hearing on the Federal Communications Commission. EPIC urged the Committee to affirm the FCC's role in protecting online privacy. EPIC also asked the Committee to press the nominees to repeal a FCC regulation that requires the retention of telephone customer records for 18 months. EPIC filed a petition urging the repeal of this mandate more than two years ago and the FCC recently docketed the petition for public comment. Every comment received by the FCC favored the EPIC petition to end the data retention mandate. EPIC has submitted multiple comments to the FCC for strong online privacy protections. (Jul. 27, 2017)
- EPIC Urges Swift Action on FCC Data Retention Mandate: In a statement to the Senate Committee on Appropriationst, EPIC asked Congress to obtain assurances from the FCC Chair to repeal the FCC regulation that requires telephone companies to keep customer's phone records for 18 months. EPIC warned that the regulation "places at risk the privacy of users of network services." Two years ago, EPIC, joined by consumer privacy organizations, technical experts, and legal scholars, submitted a formal petition to the FCC, calling for the repeal of the data retention ruie. The FCC recently docketed the petition and accepted public comments on the matter. All of the commentators favored the EPIC petition to end the mandate. The next step will be for the FCC to begin a Rulemaking to Repeal 47 C.F.R.§42.6 ("Retention of Telephone Records"). (Jun. 20, 2017)
- EPIC Launches Campaign to End FCC Data Retention Mandate + (Jun. 13, 2017)
- FCC Responds to EPIC's Petition, Seeks Public Comment on Data Retention Mandate + (Jun. 7, 2017)
- EPIC, Coalition Urge FCC to Act on Petition to End Call Data Retention + (Apr. 23, 2017)
- FCC Adopts Modest Privacy Rules for Broadband Services + (Oct. 27, 2016)
- Coalition Urges White House to Recognize EU Opinion; End NSA Telephone Records Program + (Apr. 16, 2014)
- European High Court Strikes Down Data Retention Law + (Apr. 8, 2014)
- House Committee Approves Controversial Measure to Require Data Retention for All Internet Users + (Aug. 1, 2011)
More top news
FCC regulations require telephone companies to retain private call records for 18 months:
Each carrier that offers or bills toll telephone service shall retain for a period of 18 months such records as are necessary to provide the following billing information about telephone toll calls: the name, address, and telephone number of the caller, telephone number called, date, time and length of the call. Each carrier shall retain this information for toll calls that it bills whether it is billing its own toll service customers for toll calls or billing customers for another carrier.
47 C.F.R § 42.6 (“Retention of Telephone Toll Records”).
The rule was created in 1963 to help telephone providers calculate the bills of their customers and to allow customers to dispute bills. When it was enacted, the rule required carriers to retain data for six months.
In 1985, the FCC initiated a rulemaking to remove this record-keeping requirement. In response to the FCC's proposal, the Department of Justice petitioned the Commission to extend the retention period to 18 months, claiming that "telephone toll records are often essential to the successful investigation and prosecution of today's sophisticated criminal conspiracies." Telecommunications providers objected to the DOJ’s proposal, but the FCC ultimately chose to extended the retention requirement to 18 months.Today, as the DOJ has acknowledged, "the efficacy of the Commission's current Section 42.6 requirement to meet law enforcement needs has been significantly eroded." Carriers have "moved away from classic billing models, in which charges are itemized," instead using "non-measured, bundled, and flat-rate service plans." The change in billing practices has led some carriers to claim "that call records under such new plans are not covered by Section 42.6 because they are not 'toll records.'" The original justification of the bill—to allow customers to calculate and dispute their bills—is no longer relevant. The rule imposes unnecessary restrictions on businesses that seek to minimize the collection of their customers' personal information
On August 4, 2015, an EPIC-led coalition of 29 civil society organizations and 34 legal scholars and technology experts filed a petition with the FCC asking the Commission to repeal the regulation that requires telephone companies to retain the detailed call records of their customers. The coalition explained that "the rule requiring mass retention of phone records exposes consumers to data breaches, stifles innovation, reduces market competition, and threatens fundamental privacy rights."
According to the coalition petition, "the 18-month data retention rule serves no purpose." Although the retention rule is no longer relevant to customer billing and its usefulness as a law enforcement tool has diminished, the petition explained, the mass retention of telecommunications records implicates substantial privacy and associational freedom interests. Telephone call records "not only show who consumers call and when, but can also reveal intimate details about consumers' daily lives. These records reveal close contacts and associates, and confidential relationships between individuals and their attorneys, doctors, or elected representatives." And because the toll records retained under the rule "are not specifically tailored or limited to a particular investigation," the rule requires carriers to retain sensitive data on millions of Americans who are under no suspicion of wrongdoing.
The petition also explained that mandatory retention of sensitive phone records increases the likelihood and impact of large-scale data breaches. For example, in 2015, the Office of Personnel Management discovered that the personal data of 21.5 million current and former Federal government employees and contractors had been stolen. The petition also observed that the FCC itself had brought data breach actions against companies that had failed to protect personal information. For example, the agency proposed "a $10 million fine against two telecommunications carriers for failing to protect the personal information of up to 305,000 consumers."
On April 24, 2017, after more than twenty months of inaction from the FCC on the petition, EPIC and a coalition of 37 leading civil society organizations submitted a letter to the FCC urging the Commission to act. The coalition letter noted that at least two large data breaches had affected telephone records since the petition had been filed. In November 2015, 70 million prisoner call records were exposed in a data breach. In another breach announcement, a former Verizon employee was accused in September 2016 of selling private call records.
On May 17, 2017, the FCC responded to EPIC's petition with a Public Notice seeking comment. Comments are due on June 16, 2017. Reply comments are due July 3, 2017.
- Coalition Petition for Rulemaking (August 4, 2015)
- Coalition letter asking the FCC to act on the August 4, 2015, petition (April 24, 2017)
- FCC Public Notice seeking comment on the Petition for Rulemaking. WC Docket No. 17-130 (May 17, 2017)
- Privacy Groups Urge FCC To End Call Data Retention Rule, Law360, April 24, 2017
- Ex-Verizon worker accused of selling customer phone records, Associated Press, September 26, 2016
- Not So Securus: Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege, The Intercept, November 11, 2015
- Stop forcing companies to save user data, groups urge in FCC petition, The Hill, August 4, 2017
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
Privacy in the Modern Age