Federal Communications Commission Takes Further Action Against Provider Facilitating Illegal Tax Robocalls

Following up on its previous enforcement actions, the Federal Communications Commission’s (Commission) Enforcement Bureau (Bureau) issued an Initial Determination Order (Order) against Veriwave Telco (Telco). The Order found that the company failed to respond to the Bureau’s April 4, 2024 Notification of Suspected Illegal Traffic and has not complied with the Commission’s robocalling rules. The Order directed Veriwave to respond to the Bureau by July 22, 2024, and noted that failure to do so would result in the Bureau issuing a Final Determination Order requiring all providers immediately downstream from Veriwave to block all call traffic from the company.

As we reported in April, the Bureau, as part of its “Spring Cleaning Initiative,” found that Veriwave was the originating provider for a significant number of illegal robocalls placed between November 2023 and January 2024 that were part of a scam calling campaign offering to enroll individuals in a fake “National Tax Relief Program” which ultimately sought to trick consumers into providing personal information such as their date of birth and Social Security numbers. The Internal Revenue Service and Federal Trade Commission aided the Bureau’s investigation of Veriwave.

This is the first Initial Determination Order issued from the Spring Cleaning Initiative. To date, the Bureau has not indicated whether Veriwave has responded to the Order.

Commission to Initiate New Proceedings on Robocall Mitigation Database Procedures and AI in Robocalling at August Open Meeting

The Commission has released two robocall-related draft Notices of Proposed Rulemaking (NPRM) that it will consider at its August 7 Open Meeting. Thefirst NPRM (RMD NPRM) proposes and seeks comment on several procedural measures to promote increased diligence and accountability when filers submit their required information and certifications in the Robocall Mitigation Database (RMD). In addition, the Commission would propose a filing fee of $100 for submissions to the RMD but would seek comment on whether that fee should apply to each submission or only the initial certification. The RMD NPRM would also propose other technical solutions to help validate submissions and promote accuracy in real-time, like software that would validate data in a provider’s submission against other publicly available databases and flag discrepancies in a provider’s information before submission. Lastly, the Commission would seek to impose new penalties for providing false or inaccurate information to the Commission in the RMD, such as new forfeitures or permissive blocking.

If adopted, comments and reply comments will be due on the RMD NPRM 30 and 60 days, respectively, after publication in the Federal Register.

The second NPRM (AI NPRM) seeks comment on steps the Commission can and should take to protect consumers from robocalls and texts that use AI technology, like deepfakes, computer-generated images, or artificially created voices, to harm consumers as well as proposals for uses of AI that may help voice service providers continue to combat illegal calling campaigns.

Specifically, the AI NPRM would propose new rules establishing consent and disclosure requirements for “AI-generated calls.” The Commission would propose to define an “AI-generated call” as “a call that uses any technology or tool to artificially generate a voice or text using computational technology or other machine learning, including predictive algorithms and large language models, to process natural language and produce voice or text content to communicate with a called party over an outbound telephone call.” The Commission would also seek information on the development and availability of technologies — either at the device or network level — that can detect incoming calls that are potentially fraudulent, use AI-generated voice based on real-time analysis of the call content and then alert consumers or block such calls — or both. Noting the possible privacy and cybersecurity implications of such technologies, the Commission would seek comment on whether it should consider establishing a regulatory framework of privacy protections for callers and consumers and what those requirements should be.

If adopted, comments and reply comments would be due on the AI NPRM 30 and 45 days, respectively, after publication in the Federal Register.