Last week, the FCC took the very important step of proposing modernized rules for helping low-income Americans access critical communications services, without unnecessarily conditioning that access on a ten-year data-retention requirement. As CDT advocated, the FCC made the right call in declining to extend Lifeline’s three-year data-retention period by an additional seven years.
The national Lifeline program provides a critical connection to emergency and health services, educational and work opportunities, and friends, family, and community for Americans who could not otherwise afford telephone services. Access to essential voice services has been “a lifeline to the outside world” – particularly, as the Commission notes, for low-income families, elderly Americans, and individuals with disabilities.
As life migrates online, however, Lifeline must follow. The FCC’s proposal will expand the Lifeline program to cover broadband and mobile Internet access, ensuring that whole classes of Americans are not cut off from our common digital future. A Lifeline for the Internet would mean school-age children are not “digitally disconnected” after operating hours at their school, library, or local McDonald’s, and it would open up a world of opportunities for Americans who confront basic affordability as a barrier to broadband adoption.
But staying connected to modern American life should not mean putting your privacy and security on the line. Consumers can qualify for the Lifeline and Link Up programs by providing their participating telecommunications carrier with proof of income – tax returns, pay stubs, divorce decrees, and other personal documents – and all the sensitive details contained within them. Lifeline carriers currently are required to retain those records for a period of three years.
Leading up to last week’s adoption of proposed rules to modernize the Lifeline program, the FCC considered extending that retention requirement from three years to ten – an expansion that would greatly increase the risk of data breach and identity theft, with only marginal benefits in detecting older instances of fraud. Strengthening data security regulations would not eliminate the risk of a decade-long data-retention mandate for newer and potentially more vulnerable Internet users. Indeed, many of the entities whose networks have been compromised in mass-scale data breaches, including the Office of Personnel Management, were subject to data security requirements.
That’s why we’re pleased the FCC stuck to the current three-year status quo on Lifeline and Link Up data retention. The wealth of opportunities enabled by Internet access should not be coupled with unnecessary privacy risks. We hope that other agencies will follow the FCC’s lead and closely scrutinize the purposes and potential risks of current and proposed data-retention mandates.