H.R. 4886 (114^th): Closing the Pre-Paid Mobile Device Security Gap Act of 2016

With the Apple-vs.-FBI encryption fight consuming so much attention over the past month, often lost by the wayside is an issue no less important: burner phones. The cheap disposable devices, also called “pre-paid phones,” are often bought anonymously and without registration. It was burner phones, not encryption, that were primarily used to plot the coordinated terrorist attacks in Paris last November which killed 130 people.

H.R. 4886, the “Closing the Pre-Paid Mobile Device Security Gap Act,” would ban anonymous pre-paid phones in the United States Introduced last week by Rep. Jackie Speier (D-CA14), the bill would require purchasers of these devices to provide identification showing name, address, and date of birth. Speier has noted that this same info is required when purchasing a traditional contract-based cell phone.

“This bill would close one of the most significant gaps in our ability to track and prevent acts of terror, drug trafficking, and modern-day slavery. The ‘burner phone’ loophole is an egregious gap in our legal framework that allows actors like the 9/11 hijackers and the Times Square bomber to evade law enforcement while they plot to take innocent lives,” Speier said.

Others counter that phones which can’t be tracked easily are useful for people anonymously calling abuse or suicide hotlines, or journalists attempting to communicate with confidential sources. Others support them on financial equality grounds, since they’re one of the few ways for the poor to obtain cell phones without credit checks and don’t require expensive contracts.

So far most other Members of Congress have remained mute on this specific bill, since it’s only been out for a few days. The bill has been referred to the House Judiciary Committee, but no cosponsors have yet signed on.

The House in general has been somewhat torn on issues of digital privacy: Last June the House increased digital privacy in a bipartisan vote reforming the Patriot Act, but since then the tide has turned somewhat in favor of increased surveillance after terrorist attacks in Paris, Brussels, and San Bernardino. How much the tide has turned, though, would be somewhat hard to quantify without an actual vote on the issue.

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress, and was published on Mar 23, 2016.

Closing the Pre-Paid Mobile Device Security Gap Act of 2016

This bill requires authorized resellers of pre-paid mobile devices or SIM cards to require purchasers to provide their name, home address, and date of birth.

For in-person sales, an authorized reseller must require purchasers to display for verification: (1) a government-issued photographic identification card or a document acceptable under the Immigration and Nationality Act for employment authorization or establishing identity; and (2) any two of a Form W-2 Wage and Tax Statement from the Internal Revenue Service, a Form 1099 Social Security Benefit Statement or a Form 1099 from another federal agency, or a document containing personal identifying information that the Department of Justice (DOJ) finds to be acceptable. For all other sales, an authorized reseller must require purchasers to submit their: (1) credit or debit card account information, (2) Social Security number, (3) driver's license number, and (4) any personal identifying information that DOJ finds to be necessary.

Authorized resellers must make a record of their sales that includes: (1) the information obtained from purchasers to verify their identity; (2) the date of sale; (3) the manufacturer and the wireless carrier of the device or SIM card; (4) any assigned telephone number or other identifier of the subscriber or account; and (5) if applicable, the international mobile equipment identifier number, electronic serial number, mobile equipment identifier, international mobile subscriber identifier, and machine address code. Within 30 days after a sale, an authorized reseller must transmit such record to the wireless carrier for the device or SIM card.

Purchasers are subject to criminal penalties for providing false or misleading identifying information or documents. A civil penalty is established for authorized resellers or wireless carriers who fail to comply with this Act.

The bill also prohibits and establishes criminal penalties for the sale of a pre-paid mobile device or SIM card by a person who is not an authorized reseller.