Lingo Telecom to Pay $1 Million in FCC Settlement Over Deepfake Robocalls
On August 21, 2024, the Federal Communications Commission (FCC) announced a $1 million settlement with Lingo Telecom. The settlement was the result of Lingo’s failure to properly validate caller ID information, which allowed a Democratic consultant to use a deepfake voice of President Joe Biden in robocalls aimed at discouraging voter participation in the New Hampshire primary. These robocalls, distributed in January 2024, employed generative AI to impersonate the President, raising serious concerns among regulators and the public about the potential for misuse of telecommunications networks.
Lingo Telecom’s Defense
Lingo Telecom’s defense was built around its internal policies and procedures. The company provided evidence that it had completed nearly 4,000 calls to New Hampshire voters on January 21, 2024, and had assigned these calls an “A” attestation. According to Lingo’s policy:
- A-level attestations were assigned when the company directly allocated Direct Inward Dialing (DID) numbers to customers, as was the case with Life Corporation, the customer behind the robocalls.
- Customer Certification: Lingo allowed customers, like Life Corporation, who purchased Session Initiated Protocol (SIP) trunks, to receive A-level attestations for traffic associated with non-Lingo provisioned numbers, provided the customer certified that it would identify its customers and had a verified association with the telephone numbers used for the calls.
- Past KYC Research: Lingo also considered its past Know-Your-Customer (KYC) research and a 16-year history of traffic patterns with Life Corporation, concluding that the customer could legitimately use the telephone numbers that appeared as the calling party for the New Hampshire calls.
However, Lingo did not take additional steps to independently verify whether Life Corporation’s customers had the legitimate right to use the telephone numbers displayed as the calling party for the robocalls.
FCC’s Response and Rationale
The FCC determined that Lingo’s defense was insufficient. According to the FCC, Lingo failed to meet the specific requirements for issuing “A” attestations under the FCC’s STIR/SHAKEN protocol. These requirements dictate that an “A” attestation can only be assigned if:
- Call Origination: The carrier originates the call on its IP-based network.
- Direct Business Relationship: The carrier has a direct, authenticated business relationship with the customer and can authoritatively identify them.
- Number Verification: The carrier has a verified association with the telephone number used for the call.
Lingo’s policy of relying on customer certifications without conducting independent verification did not meet these standards. Despite imposing the $1 million settlement, the FCC did not provide detailed guidance on what additional steps Lingo or other service providers should have taken to ensure compliance. This omission leaves other telecom providers in a challenging position, uncertain about the extent of their obligations to avoid similar penalties.
Implications for Telecom Providers
This case underscores the critical need for telecommunications providers to not only adhere to existing protocols like STIR/SHAKEN but also to go beyond standard procedures in validating caller identities, especially in high-risk scenarios. The settlement highlights several key implications:
- Proactive Compliance: Providers must consider implementing more rigorous KYC measures and exploring advanced technologies to monitor and validate traffic. Given the FCC’s lack of specific guidance, taking a proactive approach to compliance is essential.
- Regulatory Vigilance: The FCC’s enforcement action signals that providers are expected to be vigilant and thorough in their efforts to prevent misuse of their networks, even when explicit regulatory instructions are not provided.
- Industry Impact: This settlement may lead to increased scrutiny of telecom providers’ practices, particularly in how they validate and monitor caller identities. Providers should carefully review their compliance programs and consider additional steps necessary to meet FCC expectations.
As noted in the previous advisory on the outlook of the FCC’s regulation on AI usage in robocall, this settlement and its broader implications fit within the FCC’s objective of addressing the concern over misleading consumers by imitating the voices of celebrities, political figures, and even family members.
Conclusion
The evolving regulatory landscape presents significant challenges for telecom providers, especially those involved in high-risk communications. The settlement serves as a reminder that the FCC expects providers to be vigilant and thorough in their efforts to prevent misuse of their networks. Providers should carefully review their compliance programs and consider what additional steps may be necessary to meet FCC expectations, even in the absence of explicit guidance.
If your company is seeking guidance and tools to establish best practices for Know Your Customer (KYC) protocols, we recommend consulting with one of the members of our firm’s Robocall Mitigation Response Team to ensure compliance with the FCC’s evolving regulations and expectations. Additionally, we suggest downloading the “Know Your Customer (KYC) Principles & Best Practices” guide developed by the Cloud Communications Alliance (CCA) in collaboration with Numeracle. This resource provides valuable insights and practical steps to help your company implement effective KYC practices. You can access the guide here.
NEED HELP WITH ROBOCALL MITIGATION, COMPLIANCE AND LITIGATION SUPPORT/DEFENSE AGAINST BUSINESS & LEGAL CHALLENGES?
The CommLaw Group Can Help!
Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., STIR/SHAKEN, TRACED Act, FCC & FTC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Upstream Provider and the private sector ecosystem), as well as the increased risk of business disputes, consumer protection enforcement by state attorneys general, and even civil litigation, and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
Jonathan S. Marashlian – Tel: 703-714-1313 / E-mail: jsm@CommLawGroup.com
Michael Donahue — Tel: 703-714-1319 / E-mail: mpd@CommLawGroup.com
Rob Jackson – Tel: 703-714-1316 / E-mail: rhj@CommLawGroup.com
Ron Quirk – Tel: 703-714-1305 / E-mail: req@CommLawGroup.com
Diana James – Tel: 703-663-6757 / E-mail: daj@CommLawGroup.com