On Nov. 16, the Federal Trade Commission (FTC) held an open meeting to discuss the FTC’s new “Voice Cloning Challenge” and present public comments on business practices of cloud computing providers in response to the FTC’s request for information (RFI) announced on March 22, 2023.

Presented via recording by Sen. Amy Klobuchar (D-Minn.) and Rep. Jan Schakowsky (D-Ill.), the Voice Cloning Challenge beckons innovators to develop solutions capable of discerning between authentic and cloned voices, whereas the Cloud Computing RFI provided a forum for industry perspectives on competition, security, and the intricate interplay between cloud service providers and the emergent field of generative artificial intelligence (AI). This dual exploration highlights the FTC’s continued focus on the complex legal framework binding consumer protection, technological progress and regulatory imperatives in an era of rapid digital evolution — a desire the FTC has been vocal about in joint-agency announcements and comments to the U.S. Copyright Office.

The FTC Voice Cloning Challenge

Issued pursuant to the America Competes Act, the FTC Voice Cloning Challenge seeks to promote the development of technologies that can detect and prevent voice cloning attacks. The challenge is in response to the growing concern about harm due to voice cloning and the need for solutions. For example, voice cloning poses a direct threat to consumers, who may fall victim to deceptive practices such as identity theft and financial fraud. Privacy laws may be implicated when individuals’ voices are cloned without their knowledge or consent.

In light of this, the FTC has indicated that challenge entries should address at least one of the following intervention points:

  • Prevention or authentication: Entries must provide a way to limit the use or application of voice cloning software by unauthorized users;
  • Real-time detection or monitoring: Entries must provide a way to detect cloned voices or the use of voice cloning technology; or
  • Post-use evaluation: Entries must provide a way to check if an audio clip contains cloned voices.

The FTC has previously used this tool to develop solutions in other areas. We saw this with the robocall contest in 2012 and the Internet of Things Home Device Security contest in 2017. The outcome of the Voice Cloning Challenge could play a significant role in shaping the FTC’s approach to voice cloning technology.

Presentation on Public Comments on Business Practices of Cloud Computing Providers

In the same meeting, the FTC also presented public comments that it had received in response to the Cloud Computing RFI. On March 22, 2023, the FTC solicited public comments on business practices related to cloud computing providers that may affect competition and data security. The FTC emphasized issues of competition, data portability and consumer choice within the context of cloud services. During the open meeting, responses to this RFI were categorized in four buckets: competition, single points of failure, security and the impact of cloud services on emerging technologies like generative AI.

Competition. Regarding competition, the FTC noticed three themes emerge in the received comments:

  • Software Licensing Practices: Some submissions argued that certain software licensing practices could hinder the interoperability of software across different cloud environments, potentially limiting consumer choice.
  • Egress Fees: Concerns were raised about fees associated with transferring data out of cloud environments, with commenters fearing that such fees could discourage the use of multiple cloud providers or switching between providers.
  • Minimum Spend Contracts: Submissions argued that certain contractual structures might lead to lock-in and consolidation of cloud spending with a single provider, potentially raising anticompetitive concerns.

Single Points of Failure. As for the comments related to single points of failure, the FTC saw two common concerns among commenters:

  • Reliance on a Few Providers: Comments highlighted concerns about the widespread reliance on a small number of cloud providers, emphasizing the potential risks associated with concentration in the industry.
  • Widespread Impact: Submissions argued that outages or service degradation in a single provider could have a cascading impact on the economy, emphasizing the need for resilient systems.

Security. With respect to security, three key issues were reflected in the responses:

  • Relative Security: Certain RFI submissions noted that cloud services can offer a higher baseline level of security compared to on-premises options, potentially benefiting consumers.
  • Defaults: Concerns were raised about the adequacy of default security configurations, suggesting potential areas for improvement.
  • “Shared Responsibility” Model: Some submissions highlighted challenges with the “shared responsibility” model, pointing to potential situations where neither the cloud provider nor the customer implements necessary safeguards.

Generative AI and Cloud. Finally, concerning generative AI and cloud computing, responses revealed three topics of concern:

  • Reliance on Cloud Providers: Submissions underscored the heavy reliance of generative AI companies on cloud providers for computational resources.
  • Hardware Needs: Commenters emphasized the importance of specific hardware, such as GPUs, for generative AI, which are in high demand.
  • Cloud Credits: Concerns were raised that cloud credits, as a form of investment, could lead to vendor lock-in for generative AI companies.

Initial reactions to the presentation suggested concerns over potential anticompetitive behavior in the cloud computing industry. The FTC staff noted that comments were received early this year and that ongoing public reporting suggests that these concerns may persist, emphasizing the need for continued scrutiny.

The insights gleaned from the FTC Voice Cloning Challenge and the Cloud Computing RFI may contribute to shaping regulatory frameworks that safeguard consumers while fostering innovation.