Federal Communications Commission Resolves Investigation Against Voice Service Provider That Failed to Authenticate Calls

In May, we reported that the Federal Communications Commission (Commission) had adopted a Notice of Apparent Liability (NAL) against a voice service provider, Lingo Telecom, LLC (Lingo), for transmitting illegally spoofed, deep fake robocalls by failing to both properly authenticate those calls under the Commission’s STIR/SHAKEN requirements and meet the Commission’s “Know Your Customer” obligations. The NAL was based on a February 2024 cease-and-desist letter ordering Lingo to take action to stop carrying suspicious robocalling traffic. On August 21, 2024, Lingo and the Commission agreed to a Consent Decree resolving the investigation and enforcement actions against the company.

To resolve the NAL, Lingo will pay a $1 million civil penalty, which is reduced from the $2 million proposed penalty. In addition, Lingo must also implement a compliance plan that requires strict adherence to the Commission’s STIR/SHAKEN and caller ID authentication rules. Under the terms of the Consent Decree, Lingo must, among other requirements, verify the identity and line of business of each customer and upstream provider by obtaining independent corroborating records. Further, pursuant to the compliance plan, Lingo may only apply A-level attestation (the highest level) to calls where Lingo itself has provided the caller ID number to the party making the call and may only transmit traffic from upstream providers that have “robust robocall mitigation mechanisms in place and are responsive to traceback requests.”

Lingo must adhere to the provisions of the compliance plan and file periodic compliance reports with the Commission until August 2027 (36 months). Violations of the Commission’s rules or the terms of the Consent Decree during that time may be treated as new and separate violations and may also result in an extension of the compliance plan requirements beyond the initial three-year term.

Commission Finalizes AI in Robocalling NPRM, Moves Privacy Concerns to Notice of Inquiry

At its August Open Meeting, the Commission adopted a draft Notice of Proposed Rulemaking (NPRM), proposing a first-of-its-kind set of rules governing AI-generated robocalls and robotexts. As we reported last month, the NPRM seeks comment on proposed new rules that would define an “AI-generated call” as “a call that uses any technology or tool to artificially generate a voice or text using computational technology or other machine learning, including predictive algorithms, and large language models, to process natural language and produce voice or text content to communicate with a called party over an outbound telephone call.” The NPRM also seeks to establish a number of consent, identification, and disclosure requirements for calls and texts that meet that definition.

The draft NPRM also would have sought comment on the current development and availability of AI technologies that can, in real-time, detect robocalls and either alert consumers or block those calls altogether. Recognizing that such technology could raise privacy implications and concerns, the NPRM also would have sought comment regarding the steps the Commission should consider to protect both callers and called parties’ privacy. However, in the final, adopted version of the NPRM, the Commission moved these questions to a Notice of Inquiry (NOI). This change will allow the Commission more time to acquire information and receive additional comments on technologies that may not yet be fully developed or implemented before attempting to adopt rules encouraging or mandating their use. As Commissioner Rosenworcel herself noted, the NOI gives the Commission the opportunity to “continue to ask questions about how [the Commission] can harness the benefits of AI to detect scams on our networks before they ever reach us on our phones.” Commissioner Carr also expressed that given the novelty of AI at this point, it was important for the Commission to “proceed in a careful way,” which he ultimately determined this item did once it “address[ed his concerns] through changes made along the way.” However, Commissioner Simington was not able to approve and would only concur with portions of the NOI, stating, “The idea that the Commission would put its imprimatur on even the suggestion of ubiquitous third-party monitoring of telephone calls for the putative purpose of “safety” is beyond the pale.”

Comments and reply comments on the NPRM and NOI will be due 30 and 60 days, respectively, after the item’s publication in the Federal Register.