Can the FCC help trace the bomb threats called into Jewish community centers?

“You still have to worry about the fact that you’re collecting private information from other people.”

Jewish Community Center in Tarrytown, N.Y. JCC’s across the country have received anonymous bomb threats, forcing the centers to evacuate. CREDIT: AP Photo/Seth Wenig
Jewish Community Center in Tarrytown, N.Y. JCC’s across the country have received anonymous bomb threats, forcing the centers to evacuate. CREDIT: AP Photo/Seth Wenig

Jewish day schools and community centers in nearly a dozen states have received a deluge of bomb threats so far this year, forcing evacuations on an almost weekly basis. As the number of incidents and locations climbed past 100 and 90 this week respectively, members of Congress are beginning to take action.

Senate Minority Leader Charles Schumer (D-NY) asked the Federal Communication Commission on Wednesday to grant Jewish community centers nationwide a waiver to existing telecommunications privacy laws to allow them to access otherwise anonymous caller information for all incoming calls. In a letter to FCC Chairman Ajit Pai, Schumer wrote that the FCC should “do everything in your power to track these perpetrators down and prevent future attacks” and “investigate the origin of the calls.”

“The technology allows for evasion.”

The FCC issued a statement Wednesday saying it is currently considering all of its options — including a waiver — to respond to the recent bomb threats.*

There are two main kinds of anonymous calls: blocked or spoofed. Blocked calls involve an “unknown” or “blocked ID” notification showing up on a phone, meaning that the caller wants their information kept private but the telephone carrier knows their identity. Spoofed calls involve a fake number appearing on the caller ID, which is harder for telecom companies to track.

It’s possible that JCC callers are hiding their identities by using spoofing and voice-masking technology, according to a BuzzFeed report published this week. Spoof sites allow users to text or call a person from their computer.

Spoofing is also a surveillance technique used by law enforcement via stingray and similar devices, which masquerade as fake cell towers to pick up nearby cellular activity.

The Truth in Caller ID Act, which was signed into law in 2010, gave the FCC power to reveal the identity of anonymous callers when spoofing is used to commit a crime, such as in a bomb threat campaign. The Senate passed a similar bill in 2016 that would close loopholes in current legislation, preventing spoofed text messages and VoIP calls, such as Skype or Google Voice calls that allow a computer to call a registered number but display a random number for incoming calls.

In his letter, Schumer noted the FCC has granted waivers to privacy laws in the past to help track down anonymous callers, namely to the Middletown (NY) School District after it received several “swatting” threats.

But even though JCCs may also be good candidates for a waiver, considering the serious nature of the recent threats and the frequency with which they are occurring, there are still broader privacy concerns when it comes to collecting this caller data.

“While it’s clear this is exactly the kind of case waivers are created for, you still have to worry about the fact that you’re collecting private information from other people.”

Harold Feld, the senior vice president of Public Knowledge, a consumer rights group that promotes open internet, told ThinkProgress that it could establish a precedent where FCC waivers are granted at the agency’s sole discretion instead of demanding law enforcement agencies obtain a warrant.

The sheer volume of calls to the affected JCCs and day schools would also mean revealing private data of unsuspecting citizens across the country, since an FCC waiver would allow carriers to identify all incoming calls.

“While it’s clear this is exactly the kind of case waivers are created for, you still have to worry about the fact that you’re collecting private information from other people,” Feld said.

These data privacy issues could be solved with strict guidelines attached to an FCC waiver. That’s what the agency did last year for the Middletown School District under then-Chairman Tom Wheeler, who gave law enforcement agencies instruction about what information could be stored and for how long, and what data should be destroyed.

The implications of granting a waiver, however, also stretch into policymaking, where the now conservative-leaning FCC and deregulatory bent of the Trump administration could open the door for waivers to be given under murkier circumstances.

President Donald Trump declared in his first speech to a joint Congress Tuesday that he was planting authorities tasked with gutting regulations inside each government agency to undo burdensome oversight.

“We have undertaken a historic effort to massively reduce job‑crushing regulations, creating a deregulation task force inside of every government agency; imposing a new rule which mandates that for every one new regulation, two old regulations must be eliminated,” Trump said.

The “one in, two out” rule was part of Trump’s executive order signed in January that requires agencies to scrap two regulations for every new regulation that’s introduced. The move has already come under legal scrutiny; liberal advocate groups filed suit against the administration in February.

Republican FCC head Pai, who was appointed by former President Barack Obama, has a voting record that also favors fewer regulations. The FCC voted to block stricter consumer privacy protections as part of the broadband privacy rules in late February. Pai also plans to delay implementation of those rules, which were adopted in October.

With the FCC and broader administration’s combined reluctance to creating new policy, the waiver process for caller data could get “sloppy,” according to Feld of Public Knowledge.

“You don’t want this to become a way to circumvent the usual limitations on law enforcement.”

“My worry is that we’re going to start doing this by waiver and it’s going to get very sloppy,” he said. “You don’t want this to become a way to circumvent the usual limitations on law enforcement. The technology allows for evasion. You don’t want this kind of waiver process to grow to be a good way for law enforcement to avoid getting a warrant when one should be required.”

It’s clear that the immediate concern in front of the FCC is protecting JCC and other institutions affected by the bomb threat call campaign — but, as with all policy decisions, lawmakers also have to think about the future.

“It’s a good idea to start thinking about the limits while protecting legitimate privacy interests,” Feld said.

*Update: The FCC granted a temporary waiver Friday so Jewish Community Centers and telecom carriers could identify anonymous calls and protect against bomb threats.

In a statement announcing the decision, FCC Chairman Ajit Pai said:

“This agency must and will do whatever it can to combat the recent wave of bomb threats against Jewish Community Centers. I am pleased that we are taking quick action to address this issue and hope that this waiver will help Jewish Community Centers, telecommunications carriers, and law enforcement agencies track down the perpetrators of these crimes.”

The waiver limits access of call data to telecom, security, and JCC personnel. The FCC instructed that call data be destroyed after a “reasonable retention period.”