The Supreme Court Upends the TCPA; and Alla Reznick Talks Cybersecurity and Personal Responsibility
When the landscape shifts, personal discipline conquers risk.
The Supreme Court Tossed TCPA Certainty; How to Keep Yours
As a law, the TCPA is allergic to certainty. That’s been true for as long as I’ve testified and advised in these cases.
For a decade I’ve advised defendants, endured depositions, and churned out hundreds of pages of expert opinions. Yet every TCPA case still manages to surprise me.
First, it was whether the TCPA even applies to platforms. Then came the autodialer days, when either everything was a dialer or nothing was a dialer. Duguid v. Facebook should have put that to rest, but it didn’t. Today consent drives most cases: what it means, how you obtain it, and under what circumstances revocation applies.
This year two Supreme Court rulings have compounded this uncertainty:
Chevron Deference Erosion: The FCC lost its status as the government’s definitive telecommunications expert. Courts are no longer obligated to follow FCC interpretations of ambiguous telecom laws. Judges can now independently decide how FCC rules align (or don’t) with individual cases. Just because there is ambiguity doesn’t mean the Commission’s interpretations are binding. More on this later.
McLaughlin v. McKesson Ruling: The Supreme Court also recently overturned the application of the Hobbs Act, which required district courts to strictly adhere to FCC TCPA interpretations. Now, district courts have the freedom to diverge from FCC guidance when facts demand it.
The FCC provided a rulebook for TCPA enforcement; the courts have now decided it’s merely a reference guide.
But first, let’s revisit my recent take on RCS and TCPA.
Sidebar: A Refinement of An Argument
Two weeks ago, I explored provisions of the RAY BAUM’s Act with a generous dose of creative interpretation, suggesting broader implications for TCPA liability than the text explicitly supports.
To clarify, the RAY BAUM’s Act directly addresses Caller ID spoofing under section 227(e), distinct from the broader TCPA landscape governed by section 227(b). The FCC has emphasized, in its reliably measured way, that the definition of “”text message” in 227(e) explicitly applies to anti-spoofing rules and does not alter its established stance that SMS (and by extension, potentially RCS) remain “calls” under TCPA 227(b).
Congress intentionally placed this definition within the spoofing-focused section (227[e]), rather than the general definitional section (227[a]), strongly suggesting no intended change to existing TCPA treatment.
While my original viewpoint—that RCS could stand distinct from SMS in regulatory liability—still holds operational merit, the conservative interpretation cannot be ignored.
Operationally, nothing changes. Carrier vigilance around RCS remains exceptionally high, something the industry should welcome to clamp down on unwanted messaging.
Thanks to the sources who walked me through this nuance. Normally, I’d invite them to clarify directly via my One Expert, One Topic series. But, like good restaurant critics, they prefer anonymity.
Now, back to the topic at hand.
What Does It Mean for Text Messaging?
Does this increased uncertainty make TCPA litigation less predictable? Definitely. But remember: Volatility and risk aren’t the same thing.
Could your brand or platform face increased litigation? Possibly. But this has always been a risk in a country where anyone can sue everyone.
The real danger in TCPA suits isn’t just getting sued—it’s class certification. This risk skyrockets if your facts are messy or you can’t swiftly dismiss a case or compel arbitration.
Here the old adage applies: Messy facts lead to messy cases.
If your opt-in audit trail isn’t rock solid or the distinction between initiator and transmitter isn’t airtight (talk to your lawyer about this), you’re likely to face costly, protracted litigation.
Death by Discovery
If your legal defense strategy relies heavily on “the FCC says we’re good,” your footing just got shakier. Without Chevron or Hobbs Act protections, judges have more freedom to order extensive discovery, bring in more experts, and increase your litigation costs.
Savvy plaintiffs’ counsel will exploit this to persuade judges to broaden cases, authorize intrusive discovery, and invite expert opinions on previously settled technical points.
These attorneys would point out the rulings to show that the FCC’s interpretations are no longer binding or don’t apply to the facts at hand. If the facts look messy, the judge is more likely to oblige their requests.
All these headaches can usually be avoided with disciplined operational hygiene.
Finally
What the Supreme Court did was take away the FCC EpiPen to the TCPA’s certainty allergy. So what can you do?
Well, first, talk to your lawyer. Yes, this advice sounds expensive and obvious. Do it anyway. Have your lawyer assess your risks clearly and honestly.
Second, ensure pristine opt-in hygiene. How you gather, document, and respect opt-ins matters more than ever. Get this locked down.
Third, audit your messaging strategy. Watch out for “campaign drift,” where messages gradually stray into territories customers never explicitly approved. (Remember DentalPlans.com’s renewal reminders? Courts saw those as marketing, triggering TCPA liability. Don’t be like that.)
Fourth, get involved in reform. The TCPA was designed for fax machines in 1991. Now it’s a Rube Goldberg machine trying to handle tech that didn’t exist back then. Help modernize it.
And finally, maintain operational discipline. When regulatory certainty evaporates, disciplined consistency becomes your strongest shield. Control what you can control. Rigorously.
Verizon’s Alla Reznick Talks Cybersecurity and Personal Responsibility
“Did you already leave the building?” is a real phishing text. Use your LLM of choice, ask the LLM to use that as a starter conversation for a phishing scam and watch how quickly it gives you a road map. The ease with which the LLM shows you the path should scare you.
Just like AI simplifies the good use cases, it equally magnifies the bad. This is why Alla Reznick’s take on Cybersecurity and Personal Responsibility is so timely. It focuses on what we can do to ensure we don’t compromise the security of our own data.
From understanding “dwell time” (how long a threat stays undetected) to the “rule of nine” (taking a beat before clicking on links), she provides practical tips on how to not let the bad guys in. If anything, Alla reminds us that vigilance is shared responsibility.
Thank you for reading, and have a great week!
TJ