The Federal Communications Commission (FCC) has adopted two notices of apparent liability, proposing fines of $6 million against a political consultant who sent spoofed calls with a deepfake of President Joe Biden’s voice generated using artificial intelligence (AI), and $2 million against Lingo Telecom, the company that carried the calls and labeled them as legitimate even though the calling telephone number had been spoofed. These proposed fines highlight the FCC’s efforts to limit junk calls – and also raise questions about what steps carriers must take to verify that calls originated by third parties do not include false caller ID information.

Background

The proposed fines arose out of a phone campaign by a Republican political operative to convince Democrats not to vote in the New Hampshire Presidential primary. The operative prepared a script urging Democrats to “save” their votes for the November election and arranged for it to be recorded using an AI deepfake of Biden’s voice. He also told the vendor he hired to make the calls to use the home number of a Democratic activist in New Hampshire as the caller ID. More than 9,500 calls were made to New Hampshire voters.

Following reports of this campaign, the FCC issued an order holding that the use of AI-generated audio in a call would qualify as using an artificial voice, which would bring the call under the junk call restrictions in the Telephone Consumer Protection Act. However, neither proposed fine was based on the use of the AI voice, but instead on questions related to the false caller ID.

Proposed fine for using spoofed numbers in calls

After reviewing the actions by the political consultant, the FCC determined that he had violated the Truth in Caller ID Act, which prohibits “knowingly transmit[ting] misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value.” The FCC determined that the calls fell within this prohibition because the fake caller ID was misleading, it was intended to defraud voters by depriving them of their right vote, and it was harmful because it affected the election process and subjected the household that actually held the phone number to “a stream of pointless callbacks from confused call recipients.”

Given these facts, the FCC proposed a base fine of $1,000 per call, then doubled it in light of the nature of the violation, including the large number of calls, the operative’s intent, the use of a deepfake of Biden to convey a message that the president did not actually express, and the operative’s “misuse of AI technology […] to deceive voters and interfere with an election.” The $2,000 per call fine was then applied to 3,000 calls that the FCC was able to verify were completed, leading to a total fine of $6 million.

Proposed fine for incorrectly labeling calls as legitimate

The FCC has adopted a series of rules intended to give carriers and consumers tools to label and block junk calls. One of those rules requires companies carrying calls to label those calls as fully authenticated only if they can certify that they know where the call originated, and that the caller ID is correct. Lingo labeled the calls as fully authenticated, even though they used false caller IDs. Lingo argued that its authentication was proper because it was relying on a certification from the originating company that all calls that it sent to Lingo met the requirements for full authentication.

The FCC rejected Lingo’s argument, describing the certification as “a generic, blanket, check-the-box ‘agreement’ that shifts the entire responsibility for compliance on to the customer.” The FCC concluded that this approach did not comply with the rules on authenticating calls, and that Lingo should have taken additional steps to ensure that the caller ID information was accurate. As a result, the FCC proposed to fine Lingo $2 million, or $1,000 each for the 2,000 calls that the FCC staff verified were sent with the wrong caller ID.

Impact of FCC’s decisions

These proposed fines are among the first FCC efforts to enforce caller ID and call authentication requirements and, in particular, give carriers notice that they must take care when accepting calls from third parties that supply the caller ID.

The decisions should not affect carriers’ practices for calls from their own local customers or for calls they receive from other carriers that have provided authentication. Carriers provide the caller ID information on calls directly from their customers, and carriers are permitted to transmit authenticated calls without further investigation. It also should not affect situations in which there are legitimate reasons to provide numbers that are different from the underlying caller ID, such as using a toll-free number to facilitate callbacks from people receiving calls. However, carriers may need to reconsider how they verify the accuracy of caller ID information passed to them by third parties that is not authenticated. In particular, carriers should review any certifications they require from third parties that provide their own caller ID information to determine if they are given sufficient assurance to support full authentication of calls from those parties.

The proposed fine on the political operative does not break much new ground, as using a false caller ID with the intent to deceive called parties has long been impermissible. The size of the proposed fine, however, highlights the importance of this issue to the FCC.