House Representative Jackie Speier (D-San Francisco/San Mateo) has put forward a bill that will require retailers to ask for identification from anyone buying a prepaid cellphone.
The bill, called Closing the Pre-Paid Mobile Device Security Gap Act of 2016, is designed to “close one of the most significant gaps in our ability to track and prevent acts of terror, drug trafficking, and modern-day slavery,” according to Speier.
The bill will require anyone purchasing a “pre-paid mobile device or SIM card” to provide
1. The full name of the purchaser.
2. The complete home address of the purchaser.
3. The date of birth of the purchaser.
Retailers would require a Federal or State ID, a W–2 Wage and Tax Statement, a Form 1099 from the Social Security Administration or other government agency, or any other document so deemed eligible by the Attorney General. Retailers would then be required to keep a record of this information, along with information about the phone.
The bill, introduced on March 23rd, has some good intentions - some basic restrictions on the availability of pre-paid mobile phones addresses some legitimate concerns from the law enforcement community.
But, it leads with the assumption that pre-paid mobile phones are bought exclusively by criminals. Certainly, television shows such as The Wire and Breaking Bad have used their fair share of cheap cell phones, which are used once before they’re crunched under the heel of someone hell bent on committing crime.
But, these phones are cheaper, and that makes them attractive to large parts of the population: the elderly, poor, or people who just want don’t want to shell out a couple of hundred bucks for a high-end cell phone with an expensive contract. Journalists use such phones in the course of their work, to say nothing of people who have legitimate reasons for not wanting to be tracked, like abuse victims. This bill would leave a paper trail that will undoubtably put some of these people at risk, either from individuals attempting to track someone down, or from an opportunistic hacker who can use the personal data for their own gain.
That’s what makes this bill especially worrisome: it requires retailers to retain quite a bit of personal information - somewhere - for at least 18 months, while not mandating any sort of privacy or security requirements to make sure that that information is safe. As written, its requirements are vague, and it’s a privacy disaster waiting to happen.
Speier cites the fact that burner phones were used in terrorist attacks such as 9/11, Paris and Times Square, but ignores the fact that these are an incredible minority of instances.