Laura Stefani works at the intersection of law, policy, and technology, providing clients with a wide range of services in the telecommunications arena. She develops creative regulatory solutions to bring new technologies to market and guides clients on U.S. communications policy initiatives, with a focus on wireless and satellite technologies. She advocates for regulated communications entities regarding licensing, market entry, spectrum use, and other regulatory issues before the Federal Communications Commission (FCC), the National Telecommunications and Information Administration (NTIA), and other federal agencies.

In a pair of Notices of Apparent Liability for Forfeiture this week, the Federal Communications Commission (FCC) has proposed a collective $8 million in fines against telecommunications company Lingo Telecom and political consultant Steven Kramer.

Robocalls, Generative AI, and Deepfakes

The FCC alleges Kramer violated the Truth in Caller ID Act. According to the FCC, two days before the New Hampshire 2024 presidential primary election, Kramer orchestrated a campaign of illegally spoofed and malicious robocalls that carried a deepfake audio recording of President Biden’s cloned voice telling prospective voters not to vote in the upcoming primary.

To transmit the calls, he worked with voice service provider Lingo Telecom, which incorrectly labeled the calls with the highest level of caller ID attestation, making it less likely that other telecommunications providers would detect the calls as potentially spoofed. For this reason, the FCC is also pursuing forfeiture against Lingo, alleging a violation of the STIR/SHAKEN rules for failing to use reasonable “Know Your Customer” protocols to verify caller ID information in connection with Kramer’s alleged illegal robocalls.Continue Reading FCC Proposes $8 Million in Fines Against Telecom Company and Political Consultant for Using Deepfake Generative Artificial Intelligence

The Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) agreed this week to cooperate and coordinate consumer protection efforts in enforcing the FCC’s reinstated “net neutrality” rules. The agencies stated in a Memorandum of Understanding that they will share legal, technical, and investigative expertise and experience in enforcing the rules.

The reinstated rules, adopted on April 25, formally reclassify internet service providers’ broadband services as “Telecommunications Services” under Title II of the Communications Act, rather than as a less-regulated Title I “Information service.” With this change in status, the FCC also reinstates specific proscriptive rules against blocking, throttling, or engaging in paid preference for certain network traffic, and re-adopts a “general conduct” standard barring unreasonable interference with consumers or providers that provide content and services.Continue Reading FCC and FTC to Cooperate in Enforcing Reinstated Net Neutrality Rules

Early this week, the Federal Communications Commission (FCC) announced it had fined the largest U.S. wireless carriers for sharing access to customers’ geolocation information without consent and without taking reasonable measures to protect against unauthorized disclosure. These Forfeiture Orders follow the issuance of Notices of Apparent Liability for Forfeiture and Admonishment by former Chairman Ajit Pai in 2020, and subsequent agency investigation by the agency’s Privacy and Data Protection Task Force.

The orders buttress FCC Chairwoman Jessica Rosenworcel’s consumer protection agenda, which includes launching the Privacy and Data Protection Task Force last year. The FCC has been increasing its regulatory oversight under the task force, which it described as “an FCC staff working group focused on coordinating across the agency on the rulemaking, enforcement, and public awareness needs in the privacy and data protection sectors, including data breaches (such as those involving telecommunications providers) and vulnerabilities involving third-party vendors that service regulated communications providers.”Continue Reading FCC Fines Major Wireless Carriers $200 Million for Sharing Customer Geolocation Data

Moving at rapid speed, the Federal Communications Commission (FCC) has just announced its unanimous adoption of a new Declaratory Ruling finding that voice calls using artificial intelligence (AI)-generated voices fall under the Telephone Consumer Protection Act (TCPA).

The ruling takes effect immediately and gives state attorneys general powerful new tools to go after voice cloning scams. Under FCC rules, telemarketers that use robocalls subject to the TCPA are required to obtain prior express written consent from the consumer unless an exemption applies. The TCPA has always prohibited the use of both prerecorded and artificial voices but advances in AI-generated voices have prompted the FCC to specifically address their use.

In recent years, scammers and other parties have begun using AI to create fake and even “cloned” artificial voices, including those of celebrities, politicians, and even a call recipient’s family member. In this election season, there has been increasing concern about the use of voice clones to engage in voter suppression schemes.Continue Reading FCC Clarifies TCPA Rules to Affirmatively Restrict Use of AI-Generated Calls

Cybersecurity and data protection is front and center on the Federal Communications Commission’s (FCC) agenda. The latest manifestation of this is the FCC’s issuance of a Notice of Proposed Rulemaking (NPRM) on August 25, 2023, which seeks comments on a proposed voluntary cybersecurity labeling program for Internet of Things (IoT) devices or products.

Companies that volunteer to join the proposed program would have their qualifying products bear a new “U.S. Cyber Trust Mark,” which the agency believes would help consumers identify trustworthy products and make informed purchasing decisions, incentivizing better cybersecurity standards. There are a couple of aspects of the NPRM that are worth highlighting.Continue Reading What’s in a Label? FCC Begins Rulemaking Procedure for Cybersecurity Labeling on IoT Devices

Last week, the Federal Communication Commission’s (FCC) issued a Notice of Apparent Liability for Forfeiture proposing a $20 million forfeiture, essentially a fine, against two telecommunications service providers for failing to properly authenticate customers’ identity before providing online access to Customer Proprietary Network Information (CPNI). CPNI includes sensitive data, such as called phone numbers, the length and time of calls, and service features. FCC rules mandate that companies handling such information use “reasonable measures” to guard access to CPNI.

Because it would be easy for third parties to impersonate customers and gain access to their CPNI, FCC rules prohibit the use of readily available biographical information or account information. “Readily available biographical information” includes “information drawn from the customer’s life history and includes such things as the customer’s social security number . . . mother’s maiden name; home address; or date of birth.” Account information is “information that is specifically connected to the customer’s service relationship with the carrier, including such things as an account number or any component thereof, the telephone number associated with the account, or the bill’s amount.” FCC rules thus requires service providers to authenticate customer identity without the use of the above information and then require a password.Continue Reading FCC Proposes $20 Million Forfeiture Against Telecommunications Service Providers for Failing to Protect User Data

As we recently previewed, the Federal Communications Commission (FCC) published its Proposed Rule that would codify its updated guidance on the Telephone Consumer Protection Act (TCPA). The TCPA regulates calls and text messages sent using automated technology and is frequently litigated. Below are the major proposed rule changes on which the FCC seeks comment.Continue Reading FCC Releases Proposed Rule for Codifying Updates to the TCPA

The Federal Communications Commission (FCC) has issued a Notice of Proposed Rulemaking intending to strengthen consumers’ ability to revoke consent to receive both robocalls and robotexts, in addition to strengthening callers’/texters’ obligations to honor such requests in a timely manner.

The Telephone Consumer Protection Act (TCPA) restricts callers from making robocalls and robotexts unless they have received the prior express consent of the called party, subject to a couple of exemptions. The FCC’s proposed action would broaden a consumer’s ability to revoke consent in “any reasonable way.” For example, simply using words such as “stop,” “revoke,” “end,” or “opt out” in response to a call or text would create a presumption, absent contrary evidence, that the consumer has revoked consent.Continue Reading FCC Proposes Codifying New TCPA Consent Rules in Notice of Proposed Rulemaking

As part of a broader campaign to go after “robocall” violations, the Federal Communications Commission (FCC) has announced a $5,134,500 fine against a company and its owners for making 1,141 robocalls in 2020 that violated the Telephone Consumer Protection Act (TCPA). The company told recipients of the robocalls that if they voted by mail, their personal information would “be part of a public database that will be used by police departments to track down old warrants and be used by credit card companies to collect outstanding debts.” The case is a strong reminder that political calling campaigns are also subject to the TCPA.

Both the TCPA and the FCC’s rules prohibit prerecorded voice calls to wireless telephone numbers without the recipients’ prior express consent, and this is true regardless of the caller’s intent. These restrictions apply equally to both telemarketing and informational calls, including all non-commercial and political calls. The only exception is for calls that are made for an emergency purpose.Continue Reading FCC Levies $5 Million Fine for Political Calling Campaign That Violated the TCPA

In what could be a seminal case of the Internet age, the U.S. Supreme Court this week heard arguments in Gonzalez v. Google, its first case concerning the hotly debated Section 230 of the Communications Decency Act. The case’s potential ramifications might be gleaned from the 70-plus amicus briefs filed by major companies, states, elected officials, and organizations.

Section 230 provides immunity to Internet platforms from liability arising out of third-party content posted to the platform’s websites.  The statute prevents a “provider or user of an interactive computer service” from being treated as “the publisher or speaker of any information provided by another information content provider.” In this case, the Gonzalez family sued YouTube for making targeted recommendations of recruitment videos created by the terrorist organization ISIS. The Gonzalez’s daughter died in an ISIS terrorist attack, and they claim that Section 230 should not shield YouTube from civil liability when its algorithms recommended harmful content such as these videos.Continue Reading For the First Time, Supreme Court Considers Section 230 Immunity for Third-Party Content on Internet Platforms Such as Google and YouTube