RON WYDEN COMMITTEES: OREGON COMMITTEE ON THE BUDGET COMMITTEE ON ENERGY AND NATURAL RESOURCES SUBCOMMITTEE ON PUBLIC LANDS AND FORESTS 221 DIRKSEN SENATE OFFICE BUILDING DC 20510 tat?g Knatz SPECIAL COMMITTEE ON AGING (202) 224?5244 SELECT COMMITTEE ON INTELLIGENCE (202) 224-71280 (TDD) WASHINGTON, DC 2 05 1 0?3703 COMMITTEE ON FINANCE August 8, 2019 Michel Combes John Legere Chief Executive Of?cer and President Chief Executive Of?cer Sprint Corp. T-Mobile US, Inc. 6200 Sprint Parkway 12920 Southeast 38th Street Overland Park, KS 66251 Bellevue, WA 98006 Randall L. Stephenson Hans Vestberg Chairman and Chief Executive Of?cer Chief Executive Of?cer Inc. Verizon Communications Inc. 208 South Akard Street 1095 Avenue of the Americas Dallas, TX 75202 New York, NY 10013 Dear Mr. Combes, Mr. Legere, Mr. Stephenson and Mr. Vestberg: I write to ask that you protect your customers? privacy and US. national security from foreign hackers and spies by limiting the time you keep records about your customers? communications, web browsing, app usage and movements. In recent years, the US. Of?ce of Personnel Management (0PM), the health care company Anthem, and the hotel chain Starwood have all been hacked. In addition to impacting the privacy of millions of Americans whose information was stolen, these breaches also threaten US. national security. Personal data can be used by foreign intelligence services to support their espionage and in?uence operations. In 2015, then-Director of National Intelligence James Clapper said that China was the ?leading suspect? in the theft of data from OPM. Your companies collectively hold deeply?sensitive information about hundreds of millions of Americans. It should come as no surprise that this data is a juicy target for foreign spies. Particularly in this modern era of massive data breaches, it is critical that companies like yours minimize the data you keep. As the Federal Trade Commission (FTC) noted in a 2015 report, ?Thieves cannot steal data that has been deleted after serving its purpose; nor can thieves steal data that was not collected in the ?rst place.? While the Federal Communications Commission (FCC) has long required carriers to keep records of toll calls for 18 months, it is apparently routine for carriers to retain records for much longer. According to media reports, for example, retains customer long distance and international call records going back to 1987. This data hoarding by telephone companies is unnecessary ?rms do not need 20 years? worth of customer records to manage their networks and these stockpiles of Americans? data create an irresistible target for hackers and foreign governments. 911 NE 11TH AVENUE 405 EAST 8TH AVE SAC ANNEX BUILDING U.S. COURTHOUSE THE JAMISON BUILDING 707 13TH ST. SE SUITE 630 SUITE 2020 105 FIR ST 310 WEST 6TH ST 131 NW HAWTHORNE AVE SUIIE285 PORTLAND, OR 97232 EUGENE, OR 97401 SUITE 201 ROOM 118 SUITE 107 SALEM, OR 97301 (503) 3264525 (541) 431?0229 LA GRANDE, OR 97850 MEDFORD, OR 97501 BEND. OR 97701 (503) 5894555 (541) 962?7691 (541) 858?5122 (541) 330?9142 PRINTED ON RECYCLED PAPER Accordingly, I urge you to take prompt action to protect your customers? privacy and safety, as well as US. national security, by signi?cantly limiting your retention of customer data. Consistent with the best practices recommended by the FTC and leading privacy experts, absent a legal requirement to retain speci?c records, you should delete records of your customers? historical location, their web browsing, app usage and their communications as soon as those records are no longer needed to reasonably manage your networks and provide service. Depending on the speci?c type of record and the legitimate business purpose they serve, a reasonable retention period could be a few weeks, or even just a couple days. Retention periods of several years should not be the norm. Please respond to this letter by September 4, 2019 detailing the steps you will take to protect your customers? privacy and US. national security by minimizing your retention of customer data. Thank you for your prompt attention to this important matter. If you have any questions about this request, please contact Chris Soghoian in my of?ce. Sincerely, up. Ron Wyden United States Senator