The Federal Communications Commission will launch its first-ever privacy and data protection task force to crack down on SIM swapping and address broader data privacy concerns, Chairwoman Jessica Rosenworcel announced on Wednesday.
The creation of the task force comes as the agency confronts a number of data protection issues facing customers of U.S. telecoms, such as the sharing of sensitive consumer data, the collection of geolocation data and repeat data breaches at major carriers. Rosenworcel said that the new task force will lead the agency’s recently proposed efforts to modernize its 15-year-old data breach rule.
The task force — which will be led by Loyaan Egal, the agency’s enforcement chief — will also coordinate the FCC’s rulemaking efforts aimed at preventing SIM swapping and creating standards for carriers to authenticate a customer before transferring a number to a new device or a new carrier.
“This kind of fraud demonstrates how powerful these forces are and how privacy is so important for communications and digital age trust,” Rosenworcel said about SIM-swapping, a kind of attack in which cybercriminals use a victim’s personal information to steal their phone number and swap it into a scammer-controlled device.
During her remarks on Tuesday at the Center for Democracy and Technology, a Washington think tank, Rosenworcel said she has serious concerns about how mobile carriers collect and share users’ private data, such as geolocation data. Queries from the FCC found last year that ten of the top 15 mobile carriers in the United States collect geolocation data and provide consumers no way to opt-out.
Rosenworcel said that the agency is carrying out a follow-up investigation about how to address the collection of geolocation data that has now been delegated to the new task force.
Rosenworcel also noted concerns about carriers selling sensitive user data and called on her fellow FCC commissioners to finalize $200 million in proposed fines brought in 2020 against AT&T, Sprint, T-Mobile and Verizon for sharing customer location data without their consent, penalties that won’t come into effect until the agency votes to approve them.
During her speech, Rosenworcel hinted at an upcoming “enforcement action against two companies that have put the security of communications customers at risk.”
“I can’t say more right now, but I can say this right out of the gate: We are showing that this task force means business,” said Rosenworcel.