If you used an AI meeting bot on your last Zoom call, there is a real possibility you committed a felony. Not a regulatory infraction. Not a terms-of-service violation. A criminal offense that can carry jail time in over a dozen US states.
The explosive growth of AI transcription tools like Otter.ai, Fireflies.ai, and others has collided with decades-old wiretap statutes that most professionals have never thought about. As law firms Duane Morris and Goodwin both warned in early 2026, these tools are being adopted at breakneck speed “often without the knowledge of platform users,” creating massive legal exposure for individuals and the companies that employ them.
With a landmark federal hearing in the Otter.ai case scheduled for May 20, 2026, the legal reckoning is no longer theoretical. Here is what every professional needs to know about the wiretap minefield hiding inside their AI meeting tools.
The Patchwork: One-Party vs. All-Party Consent
Recording law in the United States is governed by a complex mix of federal and state statutes. At the federal level, the Electronic Communications Privacy Act (ECPA) operates on a “one-party consent” basis—meaning recording is legal as long as at least one person on the call consents and the recording is not for criminal purposes.
But individual states can and do impose far stricter requirements. According to a comprehensive 2026 analysis by RecordingLaw.com, thirteen states currently require all-party consent—meaning every single participant must agree before any recording can begin. Using an AI meeting recorder without universal consent can result in felony charges in most of these jurisdictions.
⚠️ The 13 All-Party Consent States
| State | Key Statute | Criminal Penalty |
|---|---|---|
| California | Penal Code §§ 631, 632 (CIPA) | Up to $2,500 fine + 1 year jail (first offense) |
| Connecticut | § 53a-187 et seq. | Felony |
| Delaware | 11 Del. C. § 2402 | Felony |
| Florida | § 934.03 | Third-degree felony |
| Illinois | 720 ILCS 5/14-2 | Felony |
| Maryland | Cts. & Jud. Proc. § 10-402 | Felony |
| Massachusetts | G.L. c. 272 § 99 | Felony (up to 5 years) |
| Michigan | MCL 750.539c (unsettled) | Felony |
| Montana | § 45-8-213 | Felony |
| Nevada | NRS 200.620 | Felony |
| New Hampshire | RSA 570-A:2 | Felony |
| Pennsylvania | 18 Pa.C.S. § 5703 | Third-degree felony |
| Washington | RCW 9.73.030 | Gross misdemeanor |
The Reed Smith law firm noted in their analysis that “the law traditionally focuses on the act of recording a private conversation, not the specific technology used.” In other words, the fact that an AI bot—rather than a human with a tape recorder—captured the conversation provides zero legal protection.
The Cross-State Nightmare
Virtual meetings have made the consent problem exponentially worse. When participants dial in from different states, the strictest applicable law generally governs. As legal analysts have explained, a meeting between participants in Texas (one-party consent) and California (all-party consent) requires all-party consent because California law applies to the California participant.
The Littler Mendelson law firm acknowledged this reality bluntly: trying to identify which laws apply in any given circumstance “is probably not feasible, as a practical matter.” For companies with distributed remote workforces, this means that a single Zoom call could simultaneously trigger compliance obligations under multiple wiretap statutes across several states.
This is not an edge case. In today’s remote-first economy, virtually every cross-state video call where an AI bot auto-joins could create criminal liability for the host, the company that deployed the tool, and potentially even the vendor itself.
The Otter.ai Hearing: A Watershed Moment
The stakes of the wiretap question are about to be tested in federal court. The consolidated class action In re Otter.AI Privacy Litigation (Case No. 5:25-cv-06911, N.D. Cal.) has its motion-to-dismiss hearing scheduled for May 20, 2026, before Judge Eumi K. Lee in San Jose. As UC Today reported, this ruling “will be the first federal test of whether decades-old wiretap statutes reach an AI bot sitting quietly in the corner of a video call.”
The allegations are sweeping. According to the complaint, Otter’s notetaking tools recorded private conversations without all-party consent and used those recordings to train AI models without adequate disclosure. NPR reported that some 25 million people use Otter’s tools, which have processed over one billion meetings since the company was founded in 2016. For more on the broader implications of this hearing, see our analysis of the May 20 Otter.ai hearing and the EU AI Act deadline.
Otter’s defense rests largely on the argument that it obtains consent from the meeting host. But as Jackson Lewis attorney Joseph Lazzarotti wrote, the plaintiffs treat Otter as “an unauthorized third-party eavesdropper” and he called the single-consent model “risky in states like California that require all-party consent.”
The “Capability Test”: A New Standard for AI Vendors
A separate but related ruling has already expanded the legal exposure for AI meeting tool companies. In Ambriz v. Google LLC (N.D. Cal., Feb. 2025), the court adopted what legal analysts call the “capability test.” The court found that a company’s technical capability to use intercepted data for its own purposes—such as AI model training—was sufficient to classify it as a third-party interceptor under California’s wiretap law.
As legal analysis has noted, this creates potential liability even if a company’s privacy policy states recordings are not used for training. The question under this test is capability, not actual use. Virtually every cloud-based AI transcription service has the theoretical capability to use recorded conversations for model training, product improvement, or analytics.
The Ninth Circuit’s August 2025 ruling in Popa v. Microsoft took the opposite approach, requiring proof of actual harm. This unresolved tension between the two rulings creates additional uncertainty for every AI meeting tool provider and every company that uses them.
It’s Not Just Otter: The Expanding Litigation Wave
The legal pressure extends well beyond Otter.ai. Fireflies.ai faces its own BIPA class actions in Illinois—including Cruz v. Fireflies.AI Corp. (Dec. 2025) and Fricker v. Fireflies.AI Corp. (March 2026). Additional lawsuits include Galanter v. Cresta (CIPA, June 2025) and Lisota v. Heartland Dental (federal wiretap, July 2025).
Even tools that have avoided litigation aren’t free from consequences. Read AI, for example, has been banned from Zoom and Teams integration at the University of Washington, Chapman University, and UC Riverside. IT departments and legal teams across industries are proactively blocking these tools before lawsuits materialize.
For a deeper look at how organizations are responding to these risks, read our article on organizations banning cloud AI notetakers and the privilege waiver risks.
The Legislative Avalanche
State legislatures are not standing still. According to tracking data, as of April 2026, 1,561 AI-related bills have been introduced across 45 states, with 73 new AI laws adopted across 27 states in 2025 alone. Several directly affect AI meeting recording:
- New York S5077: Would shift New York from one-party to all-party consent, making it the 14th all-party consent state
- Illinois HB 3773: Prohibits AI-driven employment discrimination, effective 2026
- California SB 942: AI Transparency Act requiring detection tools and watermarks, effective August 2026
- Texas RAIGA (HB 149): Imposes AI transparency and disclosure requirements
The trend is unmistakably toward more regulation, not less. And internationally, the EU AI Act’s August 2026 enforcement deadline adds yet another layer. Under GDPR Article 5, consent must be freely given, specific, and unambiguous from each individual—a standard far more demanding than US call recording rules. A model that relies on one meeting participant to authorize recording on behalf of all others would likely fail to satisfy EU regulations.
The Employer Liability Trap
Perhaps the most overlooked dimension of the wiretap problem is employer liability. Employers that deploy, license, or merely encourage AI notetakers in business meetings may find themselves implicated in wiretap claims—even if the tool vendor is the named defendant.
Illinois courts have already established that multiple entities can be responsible for the same biometric collection when they enable, authorize, or benefit from the technology’s use. As the Goodwin law firm emphasized, organizations face “consequential risks to privacy, confidentiality, privilege, intellectual property, and other sources of legal or operational risk” from these tools.
The liability exposure is compounded by the fact that many AI meeting tools auto-join meetings based on calendar integration. If an employee forgets to toggle a setting, their bot might automatically join a meeting they are not even attending, silently recording colleagues and clients in all-party consent states.
Review Otter.ai’s privacy policy or Fireflies’ privacy policy and you’ll find that both place responsibility for obtaining consent squarely on the account holder—not on themselves. This means when the lawsuits come, the vendor points at the employer, and the employer is left holding the bag.
Why On-Device Processing Eliminates Wiretap Exposure
Every wiretap claim in the AI meeting space shares a common element: a third-party vendor intercepting, transmitting, storing, or processing the conversation on external servers. Remove the third party from the equation, and the entire category of wiretap liability disappears.
On-device transcription—where audio is captured and processed entirely on your local hardware—fundamentally changes the legal calculus:
- No third-party interception: No external server ever touches your audio. There is no “eavesdropper” to trigger wiretap statutes.
- No data transmission: Audio never leaves your device, so there is no “interception in transit” that could violate ECPA or state wiretap laws.
- No AI training exposure: The “capability test” from Ambriz is irrelevant when no vendor has access to your recordings.
- No cross-border data transfer: GDPR concerns about international data flows vanish when processing stays local.
- No discoverable cloud repository: No vendor-side database exists that could be subpoenaed in litigation.
Apple has built its entire AI strategy around this principle. As AppleInsider reported, Apple’s 2026 AI push continues to emphasize that “Apple will not be compromising on privacy for the sake of better artificial intelligence.” The Apple Foundation Models run both on-device and in Private Cloud Compute, with data never stored or made accessible to Apple.
This is exactly the architecture Basil AI uses. By leveraging Apple’s on-device Speech Recognition framework, Basil processes all audio locally on your iPhone or Mac. No bot joins your call. No audio is transmitted to any server. No third party ever touches your conversation.
✅ Key Takeaway
You still have a legal obligation to obtain consent from all meeting participants in all-party consent states—even with on-device tools. The critical difference is that on-device transcription eliminates the third-party interception element that powers virtually every wiretap lawsuit against AI meeting tools. Your recording stays between you and your participants, not between you, your participants, and a cloud vendor training AI models with your conversations.
What You Should Do Right Now
Whether you are an individual professional, an IT administrator, or a legal compliance officer, the wiretap landscape demands immediate action:
- Audit your meeting tool stack. Identify every AI transcription tool in use across your organization. Determine whether each tool auto-joins meetings, where it sends audio data, and whether it obtains consent from all participants—not just the host.
- Map your participants’ locations. If even one regular meeting participant is in an all-party consent state, your entire meeting recording practice must comply with that state’s standard.
- Adopt universal consent as default. As the Boston Bar Association advised, the safest approach is to obtain consent from all meeting attendees before turning on any AI transcription tool, regardless of jurisdiction.
- Review vendor terms of service. Determine whether your AI meeting tool vendor claims the right to use recordings for AI training, and whether they place consent responsibility on you.
- Consider on-device alternatives. Tools that process audio locally eliminate the third-party interception element that powers the current litigation wave. Basil AI transcribes 100% on-device with zero cloud upload.
The May 20 Otter.ai hearing could reshape the legal landscape overnight. But the underlying state wiretap laws have been on the books for decades. The only thing that has changed is that AI meeting bots have made it trivially easy to violate them at scale—and the plaintiffs’ bar has noticed.
Record Meetings Without the Legal Minefield
Basil AI transcribes 100% on-device. No bots. No cloud servers. No third-party interception. Your conversations stay on your device—exactly where they belong.
