I got an email from Verizon yesterday telling me they are retiring VoiceID. The feature let you authenticate to your account by saying “at Verizon, my voice is my password.” Starting May 28, all enrolled voiceprints will be deleted.
As it happens, I sometimes demonstrate AI voice cloning when I speak on deepfakes and related issues. Twice now, employees from the Pennsylvania Bar Association and the Pennsylvania Bar Institute have given me a short recording of their voices, which I then ran through a cloning tool to make them say something entirely different. For the PBA employee, the cloned voice left a voicemail for the executive director asking him to send me $1,000. For the PBI employee, I used a familiar fact pattern: a cloned voice telling a lawyer to change wiring instructions during a real estate closing. In both cases, the person whose voice was cloned was stunned by how much the clone sounded like them.
While deepfakes are both interesting and frightening, as lawyers we know that following the money frequently leads to the real story. In September 2024, plaintiffs filed a class action in the Northern District of Illinois, Parker v. Verizon Communications Inc., alleging Verizon collected and stored customer voiceprints without the written notice and consent required by the Illinois Biometric Information Privacy Act. Verizon fought to move the case to arbitration, and that fight has generated substantial litigation of its own. Eventually, plaintiffs pivoted from a single class action to mass arbitration, filing individual claims in volume.
When a company sunsets a biometric feature, the security explanation is rarely the whole story. Biometric privacy lawsuits have become common in jurisdictions with statutes like BIPA, and the litigation exposure is often part of the reason a company retires the feature.
Be careful with your own biometrics. You cannot reset your voice, face, or fingerprint the way you reset a password. Once they are out, they are out.