The spam call epidemic is real. Americans received 4.1 billion robocalls in May 2026 alone, according to YouMail's monthly index — roughly 13 calls per person. A meaningful portion are outright fraud: Medicare impersonators, fake IRS threats, Social Security scams. FCC Chairman Brendan Carr is right that originating providers have been too permissive, allowing bad actors to route illegal traffic through compliant American networks. The case for tighter origination controls is genuine.
But the FCC's proposed remedy — unanimously approved on April 30, 2026 under docket FCC-26-27A1 and published in the Federal Register on May 26 — is disproportionate to that diagnosis, and the Commission's own record undermines its core rationale. The proposal would require every originating voice provider to collect a customer's name, physical address, government-issued identification number, and an alternate telephone number before activating any phone line. Enhanced verification applies to high-volume and foreign customers: IP addresses, corporate formation documents, third-party address confirmation. Records must be retained for four years after the customer relationship ends. Reply comments are open through July 26, 2026.
A Database the FCC Can't Justify
The proposal runs into an immediate evidentiary problem: illegal robocalls are disproportionately an overseas problem that domestic ID requirements cannot reach. The Federal Trade Commission's Project PoNE — a multi-year enforcement effort targeting illegal international gateway providers — found that "a significant proportion, if not the majority, of unwanted robocalls originate from overseas." A 2023 FTC announcement identified 24 gateway providers responsible for routing traffic connected to approximately 307 separate telemarketing campaigns, the majority international in origin.
Domestic KYC requirements apply only to providers subject to FCC jurisdiction. Overseas carriers, by definition, are not. A scam operation routing calls through a SIM farm in India or Nigeria is entirely unaffected by what the FCC requires of T-Mobile's subscriber registration forms. The FCC's own proposal text acknowledges this gap — noting that the "most effective way to prevent unwanted calls from reaching American consumers is by ensuring they never enter the network" — and then proposes the opposite: a downstream collection mechanism that touches every domestic subscriber rather than enforcing at the network border.
34 Million People Cannot Comply
The privacy cost is not abstract. The EFF estimates that approximately 15 million U.S. adults lack driver's licenses, and around 34.5 million lack current identification that matches their residential address. Black and Hispanic Americans are overrepresented in that group, as are low-income individuals, people experiencing homelessness, and the formerly incarcerated. For these populations, a government-ID requirement to obtain a phone number is not a minor inconvenience — it is functional exclusion from a service the FCC has previously treated as essential infrastructure.
The population with the highest legitimate need for anonymous phone lines is also among the most vulnerable: domestic violence and human trafficking survivors who rely on prepaid phones precisely because they need to communicate without a physical address on file. The FCC's proposal explicitly prohibits P.O. boxes, mail-forwarding services, and virtual addresses as valid address entries — eliminating the substitute addressing programs that safety advocates have spent years building into carrier practices.
Telecom's Breach Record Makes This Dangerous
Building a nationwide identity database on top of telecommunications infrastructure means trusting an industry that has demonstrated it cannot protect customer data at scale. In 2024, AT&T suffered two separate breaches: one exposing data on 7.6 million current customers and 65 million former ones, and a second affecting more than 100 million accounts. Comcast disclosed a breach in 2023 affecting nearly 36 million customers. These are not edge cases — they are the industry's recent operational history.
The proposed four-year retention requirement means identity data collected today remains in carrier systems through 2030 and beyond, fully exposed to the next breach. The FCC does not require encryption of customer identity databases; it recommends it where it "provides significant additional protection." That is not a security framework adequate to the scope of what is being created.
A Better Tool Already Exists, Underused
The TRACED Act, signed in 2019 and implemented through FCC rulemaking, mandated STIR/SHAKEN call authentication across U.S. carriers. STIR/SHAKEN digitally signs calls at origination, allowing downstream providers to verify that a caller ID number matches the actual originating line. When properly deployed, it substantially reduces spoofed call fraud — the technical mechanism directly targeting the problem without creating identity registries.
The problem is deployment gaps. Large Tier 1 carriers have achieved high compliance, but smaller voice service providers — precisely the tier most exploited by illegal traffic operators — have lagged far behind. The FCC's own enforcement process has already removed more than 1,200 providers from its Robocall Mitigation Database for non-compliance. Closing that gap, combined with aggressive enforcement against international gateway providers, would directly attack the supply chain for illegal robocalls without building a 300-million-row identity database.
The Watchlist Provision
One provision in FCC-26-27A1 deserves separate attention: the Commission asks whether originating providers should be required to screen new customers against law enforcement watchlists before activating service. This is not spam enforcement. This is the FCC floating the prospect of turning telecom carriers into a distributed checkpoint infrastructure — a prior-restraint mechanism on communications access, dressed in anti-robocall language. The comment period remains open through July 26. That question alone warrants formal responses from civil liberties organizations, carrier associations, and constitutional scholars.
The spam call problem is real and serious. The FCC's proposed solution is not proportionate to it — it is a surveillance infrastructure using spam as its entry point.