On February 16th, 2023, the Federal Communications Commission (FCC), the agency responsible for regulating phone companies, voted to begin its rulemaking to support survivors of domestic abuse and other related crimes, as required by the Safe Connections Act, with the corresponding Notice of Proposed Rulemaking (NPRM) published in the Federal Register on March 13, 2023. EPIC and the National Network to End Domestic Violence (NNEDV) worked with a coalition of research, direct service, and advocacy organizations to provide comments to inform this rulemaking process.
Domestic violence and sexual assault are pervasive, life-threatening crimes affecting millions of individuals across the United States regardless of age, gender, economic status, race, religion or education level. Survivors of domestic violence have endured or continue to endure a highly traumatic experience. Despite this trauma, and on top of daily responsibilities, survivors are simultaneously figuring out multiple, vitally important concerns, such as how to keep physically safe, how to establish financial independence, how to find stable housing, how to protect their children or pets or other loved ones, and more. They often are not believed about the abuse they have experienced, even by law enforcement. Personal safety and economic security are inextricably linked for survivors of domestic violence. Survivors of color and immigrant survivors in particular face increased barriers to accessing safety and services. Additionally, while support systems should have the best interests of survivors in mind, there is no universal experience of getting away from an abuser, nor of establishing safety and stability.
Consequently, a program designed to support survivors of domestic violence should emphasize ease of access by program participants, should respect the agency of program participants, and should prioritize increasing program utilization rather than safeguarding against possible fraud. Fraud prevention measures in particular can require proofs of identification, of financial hardship, and/or of survivor status that may be difficult or re-traumatizing for a survivor to obtain or be required to provide. The FCC should not let speculations about possible misuse preemptively create barriers to survivors enrolling in this important program. Additionally, because abusers use various methods of surveillance and coercion to victimize survivors, and may have connections within law enforcement organizations (or may be law enforcement officers themselves), it is in the interests of survivor safety that programs minimize the amount of data collected and shared about survivors served.
The Commission’s NPRM, approved unanimously on February 16, considers how to implement the three provisions of the Safe Connections Act:
- separating a survivor’s phone line or an abuser’s line if on a multi-line or shared plan (such as a family plan);
- making it easier for survivors to make use of the FCC’s reduced-cost phone service program (Lifeline) or internet service program (Affordable Connectivity Program); and
- ensuring the privacy of calls and texts to hotlines, shelters, and other emergency assistance resources by removing them from monthly phone bills and other customer-facing materials.
In its NPRM the FCC also considers how it might prevent and address other methods of attempted surveillance and control, such as on-device stalkerware (e.g., paragraph 89 of the NPRM ).
This can be a critical step forward in supporting survivors of traumatic crimes like domestic violence, by making it easier for a survivor to seek assistance without fear of their efforts being discovered, and to maintain phone or internet service independently of the abuser. However, there are a few ways the effort could fall short of its admirable goals.
Self-Determination, Program Utilization, and Data Minimization
Prior to drafting the NPRM for a Commission vote, FCC staff published a Notice of Inquiry (NOI) in July 2022 to gather information about what it should include in its NPRM. EPIC, NNEDV and more than ten other survivor advocacy and direct service organizations submitted a joint comment in response to the FCC’s NOI, arguing that the Commission’s NPRM should seek to:
- maximize survivor self-determination and agency;
- maximize program utilization and access, by minimizing burdens and barriers for survivors (for example, strict eligibility requirements or subsequent screening criteria would likely inhibit survivor utilization of the FCC’s programs); and
- protect survivors by prioritizing data minimization (for example, requiring deletion or obscuring of records, or training for telecom provider staff to prevent misuse of survivor data including by illegitimate law enforcement requests).
The comment explicitly listed self-attestation of survivor status and financial hardship as essential to advancing these principles. We also noted that the proposed six-month allowance of reduced-cost phone service provided for in the Safe Connections Act may not be sufficient for a survivor to establish financial independence and stability and urged the Commission to allow for survivors to re-certify to retain their benefits. We still strongly believe that the program, although a significant step forward, will be limited without these pieces.
Our comment on the NOI also identified opportunities to better support survivors such as streamlining connections to other resources and public benefits programs; and logistical considerations such as updating the list of hotlines/shelters that would be removed from call logs, raising awareness of the program’s existence amongst survivors, and accounting for additional barriers faced by survivors who live in rural communities, live with disabilities, or are undocumented.
An additional concern addressed in the NPRM is the use of stalkerware, or phone applications (“apps”) that abusers can use as a tool for invasive monitoring of cell phone or tablet activity. Almost all stalkerware requires physical access to the device to install. Once installed, it runs in stealth mode without any notification or identifying activity and is difficult to detect or remove. You can read more about stalkerware on NNEDV’s website here. The FCC may be able to use its authority to regulate telecom companies to require those providers to make it easier for users to protect themselves from stalkerware.
The FCC’s NPRM seems to seek to maximize self-determination and program utilization by proposing:
- a broad definition of who is eligible to initiate the phone line separation (for example, it can include someone who cares for a survivor);
- to allow survivors to elect the manner in which the phone provider may contact them or a designated representative;
- to protect survivors from unwanted marketing communications when they reach out for assistance with line separation;
- to accept documentation of domestic violence as demonstrative of financial hardship;
- to treat the temporary emergency communications support as low risk for waste, fraud, or abuse;
- alternative measures for satisfying the address requirements for its Lifeline or Affordable Connectivity Programs, in recognition of the highly sensitive nature of survivor location information;
- additional periods of support, rather than a single six month period of emergency assistance for the entire lifetime of the survivor; and
- additional measures to prevent abusers from controlling survivors, such as when abusers prevent line separation or use on-device stalkerware.
There are places in which the FCC’s NPRM falls short of maximizing self-determination and program utilization—for example, by suggesting that telecom providers may be able to impose separate steps on survivors to verify the legitimacy of the information provided in the line separation request, which would undermine the efforts the Commission is otherwise undertaking to minimize barriers and burdens to survivors. The NPRM also does not place much emphasis on supporting survivors through the transition from the six-month period of Safe Connections program-based benefits to more traditional eligibility-based enrollment. This transition time will be a critical timeframe for establishing accounts and practices with privacy and safety in mind. Additionally, while the NPRM acknowledges that an abuser may fraudulently contact a call center to attempt to obtain information about the survivor they intend to victimize, it fails to recognize the reality of an abuser misusing law enforcement methods of access to private data.
In terms of data minimization, the FCC’s Safe Connections NPRM does ask ample questions about the privacy concerns implicated by the Commission’s proposals and proposes a broad application of the requirement for confidential and secure treatment of personal information, including masking, encrypting, and deleting data at various stages. It falls short in prioritizing data minimization in proposing that service providers maintain internal records of calls and messages omitted from consumer-facing logs without any qualification.
On the whole, this seems to be a very thoughtful NPRM and we are optimistic that the FCC will continue to advance the three principles we have suggested throughout its rulemaking process: maximizing survivor self-determination, maximizing program utilization, and protecting privacy through data minimization.
Next Steps
The NPRM was published in the Federal Register on March 13, 2023. Comments are due by April 12, 2023.
Resources for survivors of domestic violence and tech-enabled abuse, and advocates:
Technology Safety & Privacy: A Toolkit for Survivors (from the National Network to End Domestic Violence’s (NNEDV’s) Safety Net Project)
Abuse Using Technology (from WomensLaw.org, an NNEDV project)
National Domestic Violence Hotline
Ending Tech-Enabled Abuse (EndTAB)
Resources from the Clinic to End Tech Abuse (CETA) at Cornell Tech
Cyber Civil Rights Initiative (CCRI) Safety Center