The FCC’s proposed robocall rule, revealed Could 26 below CG Docket Nos. 17-59 and 02-278, asks whether or not originating voice service suppliers ought to gather and retain buyer names, bodily addresses, government-issued identification numbers, alternate phone numbers, and supporting verification data earlier than granting service.
The company proposes a four-year retention window as soon as the client relationship ends, a $2,500 per-call base forfeiture for KYC violations, and feedback shut on June 25.
The FCC frames the proposal round the issue that unlawful robocalls value People billions of {dollars} in fraud and wasted time, and the company argues that originating suppliers are greatest positioned to cease unlawful calls earlier than they enter the community.
For crypto holders, the proposal raises a second-order safety consequence the company’s robocall framework leaves unaddressed.
Telephone numbers already sit on the heart of alternate onboarding, e-mail and crypto account restoration, SMS two-factor authentication, fintech apps, and customer-support verification.
The extra identification knowledge telecom carriers bundle with telephone accounts, the extra beneficial these accounts change into to attackers, and the extra damaging a service breach or profitable impersonation try turns into for anybody holding property that transfer immediately and irreversibly.
The telephone quantity as a safety legal responsibility
The DOJ’s September 2025 civil forfeiture motion towards over $5 million in Bitcoin illustrates how the telephone layer already converts into crypto loss.
Prosecutors described SIM-swap assaults as an account takeover methodology by which attackers acquire management of a sufferer’s telephone quantity, intercept authentication codes, and use them to authenticate because the sufferer throughout e-mail, alternate, and fintech accounts.
5 US victims misplaced Bitcoin by means of that sequence. The FBI’s IC3 recorded 1,611 SIM-swap complaints in 2021 alone, with adjusted losses exceeding $68 million, up from 320 complaints and roughly $12 million in losses throughout the previous three years mixed.
The FCC proposal would elevate the worth of the telephone account at its heart.
The SEC’s personal X account demonstrated that phone-number compromise can attain past particular person wallets.
In January 2024, an unauthorized social gathering gained management of the telephone quantity related to the SEC’s X account in an obvious SIM swap, reset the account password, and posted a false announcement claiming approval of a spot Bitcoin ETF earlier than the SEC corrected it.
Expanded carrier-side KYC data create richer impersonation materials for anybody making an attempt the identical assault towards higher-value targets.
What the FCC is constructing
Carriers would gather names, bodily addresses, government-issued ID numbers, alternate telephone numbers, and probably copies of government-issued identification.
For top-volume prospects, the FCC additionally asks concerning the meant use of service and IP addresses. That knowledge bundle would stay within the service’s methods for 4 years after a buyer’s cancellation date.
The FCC itself asks within the proposal what privateness dangers could come up from expanded personally identifiable data assortment and whether or not present trade protections would suffice, or whether or not the company would wish to mandate heightened safety measures, an acknowledgment that the collected knowledge creates its personal publicity.
A service document that hyperlinks a telephone quantity to a bodily deal with, a authorities ID quantity, an alternate contact, and a service historical past turns into a goal for attackers who wish to social-engineer a service’s help desk, file a fraudulent port request, or cross-reference telecom knowledge towards alternate KYC data.
Bitcoin safety researcher Jameson Lopp has argued {that a} KYC-free telephone service can function a private safety measure for folks suspected of holding massive Bitcoin positions, as a result of linking telephone accounts to identification trails raises publicity to extortion, swatting, and wrench assaults.
Lopp’s public repository of bodily assaults towards crypto holders describes itself as a recognized however incomplete checklist of real-world “meatspace” assaults, supporting the purpose that bodily concentrating on is a documented threat class.
Two outcomes for crypto holders
The FCC proposal leaves open whether or not KYC necessities apply solely to high-volume business originators or prolong to new and renewing retail prospects and pay as you go SIM playing cards offered by means of third-party distributors.
The proposal explicitly asks about pay as you go and postpaid remedy and whether or not necessities ought to differ throughout buyer varieties.
The bear case for crypto holders is that identification assortment throughout new and renewing prospects, pay as you go SIM playing cards, and re-verification necessities would successfully finish pseudonymous telephone entry within the US.
Provider databases would bundle telephone numbers with bodily addresses, authorities ID numbers, and 4 years of service historical past.
For anybody working below a menace mannequin that features SIM swapping, focused extortion, or bodily assault, the telephone layer would change into each extra tightly identity-linked and extra harmful to lose management of.
A service breach or vendor compromise at that scale would produce addressable goal lists, reminiscent of telephone numbers cross-referenced towards identities, addresses, and repair histories, a knowledge asset with no prior equal at service scale.
If the FCC limits expanded KYC to high-volume business originators and leaves retail and pay as you go prospects exterior the scope, the FCC addresses the robocall downside on the community layer the place it originates, and the retail telephone account stays exterior the expanded knowledge assortment.
| Closing rule consequence | Who is roofed | Privateness affect | Crypto-holder threat | Article learn |
|---|---|---|---|---|
| Slim rule | Excessive-volume business originators | Restricted enlargement of retail PII assortment | Decrease SIM-swap and doxxing spillover for abnormal customers | Robocall enforcement device with restricted crypto affect |
| Base case | New and renewing prospects, with some customer-type carveouts | Extra identification knowledge tied to telephone accounts | Larger worth for service data and restoration abuse | Privateness rule turns into a crypto-security concern |
| Broad rule | Retail customers, pay as you go SIMs, postpaid accounts, and re-verification | Sensible pseudonymous telephone entry shrinks | Bigger honeypot for SIM swaps, extortion, swatting, and bodily concentrating on | Telecom KYC turns into a brand new crypto assault floor |
| Breach state of affairs | Provider, vendor, or KYC supplier compromised | Id, telephone, deal with, and service-history knowledge uncovered | Addressable goal lists for attackers | Anti-robocall repair creates systemic holder threat |
That consequence reduces the carrier-side honeypot threat for particular person crypto holders whereas nonetheless giving the FCC the enforcement attain it’s searching for towards the fraud originators driving the robocall downside.
Whether or not these instruments additionally increase the assault floor for crypto holders activates the ultimate rule’s scope: a rule protecting abnormal telephone prospects produces a distinct menace mannequin than one confined to business originators.
