The U.S. Federal Trade Commission says a service marketed as AI-powered "Active Listening" never listened to anything. It was, the agency alleges, repackaged email lists bought from data brokers and resold at a markup.
What the FTC Actually Found: Email Lists, Not Voice AI
Active Listening did not capture audio from smart devices, and the underlying product was a resold email-list operation — not voice AI. According to the FTC, the service pitched by CMG Media Corporation (doing business as Cox Media Group) "did not collect or use voice data at all," and CMG "did not use AI to detect conversations." Instead, the agency alleges the offering consisted of buying consumer email lists from third-party data brokers and reselling them at a significant markup . In May 2026 the Commission voted 2-0 to issue administrative complaints and accept consent agreements with CMG and two partner firms .
Quick Answer: The FTC alleges CMG's "Active Listening" AI ad service never captured device audio — it resold third-party broker email lists at a markup. CMG, MindSift, and 1010 Digital Works agreed to pay a combined $930,000 in proposed consent orders, with $880,000 from CMG earmarked for advertiser redress.
The marketing was specific. From 2023 through mid-2024, CMG sales materials told customers that smartphones and other voice-activated devices were "always listening" for wake words and asked customers where they wanted CMG to "listen." When advertisers pushed back, CMG allegedly said the service drew on voice data from major ecosystems — naming Amazon, Samsung, Google, and OpenTable among 570 different data sources — and claimed voice-related behaviors made up 40% to 50% of the behavior volume consumed .
None of that infrastructure existed, the FTC says. Smart devices did not transmit voice data to Active Listening, and the geographic targeting failed too. The complaint cites a promise of local reach — for example, a 10-mile radius around Orlando, Florida — while the lists actually drew consumers from across the country, with only a fraction near the advertiser . CMG began selling the product to small businesses in 2023 through a white-label deal with New Hampshire-based MindSift .
The proposed monetary relief totals $930,000, split across three firms and earmarked for redress to affected CMG customers :
| Firm | Location | Proposed payment | FTC File No. |
|---|---|---|---|
| CMG Media Corporation (Cox Media Group) | Georgia | $880,000 | 242 3029 |
| MindSift LLC | New Hampshire | $25,000 | 242 3030 |
| 1010 Digital Works LLC | Wisconsin | $25,000 | 242 3033 |
| Combined | — | $930,000 | — |
The funds, the FTC says, will go toward redress for CMG customers harmed by the practices . Importantly, the FTC documents do not charge Amazon, Google, Samsung, OpenTable, or any other named platform with misconduct — the case turns entirely on what these three firms represented to advertisers .
How the Consent Claim Unraveled
The consent argument is the part of this case with the longest reach. CMG told advertisers that consumers had affirmatively opted into voice-data collection by accepting the terms of service of apps and devices they already used — and the FTC rejected that theory outright . Per the agency, mandatory click-through acceptance of buried ToS language does not amount to opt-in consent for capturing voice data from inside consumers' homes. That single holding is what makes the order relevant well beyond one discontinued ad product.
Recall the underlying pitch. CMG marketing materials from 2023 through mid-2024 told customers that smartphones and other voice-activated devices were "always listening" for wake words, and sales materials asked advertisers where they wanted CMG to "listen" . When customers pushed back, the firms said the service drew on voice data from major ecosystems — naming Amazon, Samsung, Google, and OpenTable among 570 data sources — and claimed voice-related behaviors made up 40% to 50% of the behavior volume consumed . The legal cover for all of it was the same: users supposedly consented when they tapped "Agree."
The FTC's response carries a counterfactual that developers should sit with. Even if Active Listening had functioned exactly as advertised — actually capturing and analyzing live conversations — collecting and using that voice data under those consent conditions would itself violate Section 5 of the FTC Act . In other words, the deception charge and the consent standard are independent. A working product with the same consent posture would still be unlawful.
The agency was blunt about the misrepresentation. "Not only did the product these companies marketed not do what they claimed it did, but they also misled potential customers by claiming consumers had opted into this service when it's clear they did not," the FTC stated .
The proposed orders also define their terms expansively, which matters for anyone trying to scope compliance. "Voice Data" is not limited to recorded snippets; the orders reach :
- audio files of a person's voice;
- voice communications;
- audio communications; and
- transcripts derived from any of the above.
That last item — transcripts — closes an obvious workaround. A vendor cannot argue it never stored raw audio if it retained text generated from a person's speech. For builders shipping anything that touches a microphone or a speech-to-text pipeline, the practical lesson is that the consent question attaches to the spoken content itself, regardless of the format it ends up in, and a ToS checkbox is not the place to obtain it.
Procedural Status: Proposed Order, Not Final Judgment
The CMG case is not a closed verdict — it is a set of proposed administrative consent orders that the public can still weigh in on. The FTC published its Federal Register notices on May 28, 2026, opening a comment window that closes June 29, 2026, after which the Commission decides whether to finalize or withdraw the orders . Until then, nothing has been litigated to judgment, and the operative language can still move.
Procedurally, the Commission voted 2–0 to issue the administrative complaints and accept the consent agreements . A consent agreement is a negotiated settlement, not a finding of liability after trial. CMG neither admitted nor denied the allegations, except as to jurisdictional facts — standard language that lets a company resolve a matter without conceding the underlying conduct. For developers reading this as precedent, that distinction matters: the regulatory standard the FTC articulates carries weight, but it has not been tested against a contested defense in court.
The teeth come after finalization. Once an order is final, each future violation can trigger a civil penalty of up to $53,088 per violation, and the CMG order runs for 20 years . That is the mechanism that converts a one-time $930,000 settlement into a long-running compliance obligation: the monetary relief resolves the past conduct, while the injunctive terms govern behavior for two decades and make repeat conduct expensive on a per-incident basis.
Several details remain genuinely open. Because the orders are not yet final, the exact wording could change in response to public comments before the Commission signs off . The FTC has also not disclosed how many CMG customers will be eligible for redress or the size of any individual refund, even though the $880,000 from CMG is earmarked for that purpose . Treat the current state as a strong signal of where the agency is heading, not as a settled rulebook.
The Public Timeline: From 404 Media to FTC Complaint
The Active Listening story broke roughly twenty months before the FTC acted. On August 26, 2024, the outlet 404 Media published a CMG pitch deck that pitched ad targeting based on conversations picked up near device microphones, naming Facebook, Google, Amazon, and Bing as supposed partners . Shortly after the report, Google removed CMG from its advertising Partners Program once asked about the deck . That early coverage framed the product as surveillance-by-microphone — the same framing the FTC would later reject for a different reason.
CMG responded publicly on September 27, 2024. The company said its businesses had never listened to conversations, called the referenced materials outdated marketing for a discontinued product, and stated the product never listened to customers . Notably, that same statement still described third-party aggregated, anonymized, and encrypted advertising data — "including voice and other data" allegedly collected under app terms and resold through data markets . In other words, the 2024 denial conceded a voice-data supply chain while disputing the microphone angle.
The May 2026 FTC complaint goes considerably further than those press denials. The agency alleges that no voice data was used at any point: smart devices did not transmit voice to Active Listening, the service collected no voice data, and CMG used no AI to detect conversations . The product, per the complaint, was bought consumer email lists resold at a markup .
"Not only did the product these companies marketed not do what they claimed it did, but they also misled potential customers by claiming consumers had opted into this service when it's clear they did not," — Federal Trade Commission (source: FTC press release).
One detail developers tracking platform liability should note: the FTC charges no platform with misconduct. Google, Amazon, Meta, Samsung, and OpenTable appear in CMG's sales materials, but none is named as a respondent . The case is squarely about what CMG, MindSift, and 1010 Digital Works represented to small-business advertisers — not about how any device maker actually handles voice.
Means and Instrumentalities: Why MindSift and 1010 Digital Works Are Named
MindSift and 1010 Digital Works are named because the FTC treats the suppliers of deceptive sales collateral as participants in the deception, not bystanders to it. Both partners face two-count administrative complaints: a standard deceptive-practices count, plus an added "means and instrumentalities" theory holding that they handed CMG the materials used to mislead advertisers . New Hampshire-based MindSift LLC supplied the "Active Listening" product to CMG on a white-label basis starting in 2023; Wisconsin-based 1010 Digital Works LLC sits alongside it as the third respondent .
The "means and instrumentalities" frame is specific. The FTC alleges these firms furnished the deceptive marketing materials, the sales pitches, and the scripted responses CMG salespeople used when customers questioned how the product worked — the same claims that smartphones were "always listening" for wake words, that 570 data sources fed the system, and that voice-related behaviors made up 40% to 50% of consumed behavior volume . By providing the collateral that made the misrepresentation possible, the partners are charged with supplying the instruments of the deception, regardless of who delivered the final pitch.
The practical lesson for any vendor in a white-label or reseller chain: the structure is not a liability shield. A downstream supplier that writes the deck, drafts the objection-handling script, or defines the capability claims shares the FTC's enforcement frame even when a partner brand fronts the customer relationship. The agency reached past CMG to the firms that authored the claims.
The remedies track that logic. MindSift and 1010 Digital Works each agreed to pay $25,000 toward customer redress, against CMG's $880,000 share of the combined $930,000 settlement . Beyond the payments, both partners carry parallel injunctive obligations that mirror CMG's order — bans on misrepresenting service features, voice-data collection and consent, and geographic-targeting capability . The dollar figures are small; the precedent — that authoring deceptive collateral is itself actionable — is the part ad-tech suppliers should read closely.
What This Sets as the Regulatory Bar for AI Capability Claims
The bar this case sets is that fabricated AI capability claims are policed with the FTC's existing deception authority — no AI-specific statute required. The agency brought every count under Section 5 of the FTC Act , the same general prohibition on unfair or deceptive practices that predates the modern web. For developers shipping AI features, the message is direct: a "proprietary algorithm" label carries the same liability as any other product claim, and there is no novelty defense.
Three standards emerge from the proposed orders that ad-tech and AI vendors can treat as concrete expectations:
- Substantiation. If you claim an AI detects voice patterns, analyzes conversations, or runs a proprietary model, you must be able to demonstrate it does so. The FTC alleges the "Active Listening" product collected no voice data and used no AI at all — it resold purchased email lists at a markup . Selling a broker list under an AI label is the precise gap that triggered the complaint.
- Affirmative consent for sensitive data. The FTC rejected the theory that accepting mandatory click-through terms of service constitutes opt-in consent for capturing voice data from inside consumers' homes . The agency added that even a functioning version of the product would have violated Section 5 by collecting voice data without adequate consent . Buried ToS language is not consent for voice or biometric capture.
- Targeting performance is independently actionable. Promising a 10-mile radius around Orlando, Florida while delivering lists drawn from across the country is its own deception count, separate from the AI claim .
The proposed orders codify these into explicit prohibitions, each carrying a per-violation civil penalty of up to $53,088 if finalized and later breached :
| Claim type | What the order prohibits misrepresenting | Developer implication |
|---|---|---|
| Service features | Qualities or features of advertising/marketing services | Document what your model actually does before you market it |
| Voice data | Collection, use, and whether consumers consented | Get specific, affirmative opt-in for any voice or biometric data |
| Geographic targeting | The targeting capabilities of the service | Measure and disclose real radius/match performance |
The Commission framed the consent failure as central to the deception:
"Not only did the product these companies marketed not do what they claimed it did, but they also misled potential customers by claiming consumers had opted into this service when it's clear they did not." — Federal Trade Commission (source: FTC press release, 2026-05)
The practical reading for anyone building data or AI products: substantiate capability claims with evidence, treat voice and biometric data as requiring explicit opt-in that no terms-of-service checkbox can supply, and keep targeting and performance representations accurate. None of these duties is new — the case simply confirms the existing toolkit reaches the AI label.
Practical Checklist for Ad-Tech and AI Vendors
The CMG case translates into four concrete controls any data or AI vendor can run before a regulator — or a customer — asks the hard question. The FTC grounded its action in Section 5 deception authority, not a new AI statute , which means the bar applies today to anything you ship. Treat the list below as the minimum due diligence the $930,000 combined settlement now makes explicit .
- Audit capability claims against what the system literally does. If your copy says "AI," "voice," or "real-time signal processing," write down the actual data flow first. CMG marketed a proprietary AI algorithm analyzing conversations from smart devices; the FTC alleges the product used no voice data and no AI at all, and was resold third-party email lists . Document the mechanism before a customer questions it.
- Separate sensitive-data consent from general terms of service. For audio, location, or biometric data, confirm opt-in is specific, distinct from a click-through ToS, and recorded. The FTC held that mandatory click-through terms do not amount to opt-in consent for capturing voice data, and that collecting it without adequate consent would violate Section 5 even if the service worked as advertised .
- If you white-label or resell, you own the pitch deck. The "means and instrumentalities" theory reached MindSift and 1010 Digital Works for furnishing deceptive marketing materials, sales pitches, and customer responses — each paid $25,000 . Reselling a partner's AI product does not outsource accuracy.
- Back geographic and targeting claims with empirical QA. Verify actual coverage distribution rather than relying on vendor assurances. The FTC alleges a promised 10-mile radius around Orlando, Florida produced lists drawn from across the country, with only a fraction near the advertiser .
None of this is exotic compliance work — it is verification you should already be able to produce on demand. The orders run 20 years and expose each company to civil penalties of up to $53,088 per future violation , so the cost of skipping it compounds. The takeaway is simple: if you can't show what your AI does, who consented, and where the targeting actually landed, you don't have a product claim — you have a liability waiting for a complaint.
Frequently asked questions
Did Cox Media Group's Active Listening product actually use AI?
No, according to the FTC. The agency alleges the service did not collect or use any voice data, did not capture audio from smart devices, and did not use AI to detect or analyze conversations . What the companies actually sold, the complaint says, was consumer email lists purchased from third-party data brokers and resold at a significant markup . The "proprietary AI algorithm" pitched to advertisers, per the FTC, did not exist as described.
Is the $930K FTC settlement already final?
No. As of June 2026 these are proposed administrative consent orders, not final litigated judgments . The Federal Register notices were published May 28, 2026, and public comments are due June 29, 2026 . After that window, the Commission decides whether to finalize or withdraw the orders. The combined $930,000 splits into $880,000 from CMG and $25,000 each from MindSift and 1010 Digital Works .
Why can't a company point to app Terms of Service to establish consent for voice data collection?
The FTC's position is that passively accepting mandatory click-through terms of service does not amount to affirmative opt-in consent for capturing sensitive data such as voice from inside consumers' homes . The agency added that even if the service had functioned as advertised, collecting and using voice data without adequate consent would itself violate Section 5 of the FTC Act . The proposed order turns this into an explicit prohibition on misrepresenting whether consumers consented to voice-data collection, use, or disclosure.
Are Google, Amazon, or Meta implicated in this case?
No. The FTC's complaints focus entirely on CMG, MindSift, and 1010 Digital Works — the firms that made the advertising claims . Platforms like Amazon, Samsung, Google, and OpenTable appear only as examples cited in CMG's own sales materials, not as charged parties. The FTC documents do not accuse any named platform of misconduct; the case is about what the three firms represented to advertisers.
What does 'means and instrumentalities' liability mean for AI vendors in a supply chain?
It means a supplier can be charged for a downstream partner's deception if it furnished the tools used to deceive. The FTC added this theory against MindSift and 1010 Digital Works, alleging they provided the "means and instrumentalities" for CMG's deception by supplying deceptive marketing materials, sales pitches, and responses to customer questions . For AI vendors, the practical lesson is that handing a reseller a misleading pitch deck or sales script can draw FTC liability even if you never sold to the end customer.
