FTC sues VoIP provider over 'billions of illegal robocalls'
XCast knew it was breaking the law and didn't hold back, watchdog says
A VoIP provider was at the heart of billions of robocalls made over the past five years that broke a slew of US regulations, from enabling telemarketing scams to calling numbers on the National Do Not Call Registry, it is claimed.
Los-Angeles-based XCast Labs allowed robocalls from telemarketers to flow through its voice-over-IP network to folks despite multiple warnings over several years that many of the calls ran afoul of the America's Telemarketing Sales Rule (TSR), the FTC alleged in a 13-page complaint [PDF] filed May 12 in a California federal court. The watchdog asked the court to order XCast Labs to stop anny illegal practices and to pay an unspecified amount in penalties.
The complaint alleged that since at least 2018 XCast – which offers a range of services, including a call management and robocall-blocking feature – has transmitted telemarketers' robocalls to consumers around the country.
Along with enabling scams and sending robocalls to numbers on the Do Not Call Registry, XCast also allegedly delivered messages that were pre-recorded, didn't identify who the seller was, made fraudulent statements to get consumers to buy products or make donations, were made with false or deceptive caller ID numbers, and falsely claimed affiliations with groups, including at least one campaign that claimed to come from a US government agency.
"XCast Labs played a key role in helping telemarketers flood homes with unlawful robocalls, including robocalls impersonating the Social Security Administration," Samuel Levin, director of the FTC's Bureau of Consumer Protection, said in a statement. "VoIP providers like XCast Labs that bury their heads in the sand when their customers use their services to break the law can expect to hear from the FTC."
The Register asked XCast for comment and will update the story if a response comes in.
The robocall problem
Robocalls – and now robotexts – continue to plague consumers. Call blocking firm RoboKiller estimates that in April, 5.16 billion robocalls were made in the US, a drop from the 12-month high of 7.5 billion in August 2022 but still a significant (and annoying) number.
The FCC under President Biden has moved aggressively to address the issue, including looking at network operators' capabilities for blocking robocalls. The agency in December asked the courts to extract $300 million from Cox/Jones Enterprise following a massive extended warranty sales operation that sent almost 5.2 billion robocalls to wireless and residential phones over three months in 2021.
- FCC calls for mega $300 million fine for massive US robocall campaign
- FCC takes on robotexts. Good news if your dad thinks IRS gives SMS rebates
- After years of dragging its feet, FCC finally starts tackling America's robocall scourge
- Contact-tracer spoofing is already happening – and it's dangerously simple to do
Telemarketers "typically use VoIP service providers to transmit those calls," the FTC said in its complaint this month. "Multiple VoIP providers often participate in transmitting a given call from its originator (often a telemarketer) to a termination point (most often a consumer's telephone)."
In XCast's case, the company had its fingerprints on every stage of calls, it's claimed. That includes origination services – picking up the call at the beginning of the transmission from the telemarketer or company initiating the calls – and mid-stream services, or transmitting calls to and from other VoIP providers.
XCast given fair warnings
XCast was told it was facilitating illegal calls, according to the complaint. In January 2020, the FTC notified several VoIP providers – including XCast – warning them that the calls they were transmitting violated laws. XCast also was subpoenaed in 2019 for call records linked to another VoIP provider in India and was sent a demand from the FTC in 2021 for information about other customers.
State agencies also sent notices and alerts to XCast, the complaint alleges.
In addition, US Telecom's Industry Traceback Group (ITG) – a consortium of phone and broadband organizations – notified XCast multiple times since at least December 2018 about dubious calls. The notifications came via "traceback requests," which the ITG uses to get service providers' help identifying the sources of suspicious traffic transmitted over the providers' networks.
FTC: The company knew what it was doing
XCast didn't help itself in this. Not only did it ignore regulators' warnings – and continued to work with telemarketers it was warned about – but its call data records (CDRs) gave the FTC data it needed, such as the date and time of calls, the numbers the calls were coming from and going to, and the duration of calls.
The information from the CDRs showed that of calls it transmitted from three customers, almost two billion went to numbers on the Do Not Call Registry, we're told.
In addition, "XCast's CDRs are also rife with massive volumes of very short duration calls, which are a distinct feature of fraudulent robocall campaigns," the FTC alleged, adding that the average duration for almost two billion calls to numbers on the registry was about 6.5 seconds.
Given its experience as a VoIP provider, repeated warnings, and data in its own records, "XCast knew or consciously avoided knowing that providers were using XCast's services to transmit calls that violated the TSR," the FTC said in the lawsuit.
With all that, "consumers are suffering, have suffered, and will continue to suffer substantial injury as a result of Defendant's violations of the TSR" unless the courts stop the company, the regulators argued. ®