The decision about rolling back Obama-era net neutrality rules cleared the Federal Communications Commission ten months ago but the fallout from the process continues. Most notable is the blizzard of comments that piled up in the Electronic Comment Filing System (ECFS). But in a twist a just-released report from the FCC’s Office of Inspector General concludes that a supposed cyberattack on the ECFS never occurred. FCC chair Ajit Pai says it shows the agency’s former chief information officer David Bray released “inaccurate information” about the incident contending “bot swarms” slowed traffic on the agency website. The document shows on May 8, 2017 Bray told senior members of Pai’s team that he was “99.9% confident” that “external folks” were deliberately trying to tie-up the FCC’s server to prevent the public from filing comments or to “create a spectacle” related to the net neutrality proceeding.
Pai said in a statement that he’s “deeply disappointed” with the IG’s conclusions. “This is completely unacceptable,” Pai said, noting Bray was hired by the Obama administration and no longer works at the FCC. He goes on to say that the IG report found that some staffers working under Bray either disagreed with the information that he was presenting or had questions about the supposed distributed denial-of-service (or DDoS) attack, but didn’t feel comfortable communicating their concerns to Pai or his office which repeatedly said it was a cyberattack that shutdown the website. “On the other hand, I’m pleased that this report debunks the conspiracy theory that my office or I had any knowledge that the information provided by the former CIO was inaccurate and was allowing that inaccurate information to be disseminated for political purposes” Pai said. The FCC earlier reviewed the incident last summer and concluded no crime had occurred.
Critics of the rollback of net neutrality protections have accused the FCC all along of creating a fake cyberattack to discount what they believed was an outpouring of response to the proposal after “Last Week Tonight” host John Oliver urged viewers during a widely publicized commentary on his HBO show to file comments. That included the creation of the GoFCCYourself.com link that gave viewers an easier-to-use interface to file comments. The IG report states that Oliver's staff reached out to the FCC to give it advanced warning before the show went to air, but that Pai's office didn’t alert Bray to expect the resulting influx of comments.
“The Inspector General report tells us what we knew all along: the FCC’s claim that it was the victim of a DDoS attack during the net neutrality proceeding is bogus,” commissioner Jessica Rosenworcel said. “What happened instead is obvious—millions of Americans overwhelmed our online system because they wanted to tell us how important internet openness is to them and how distressed they were to see the FCC roll back their rights.”
Free Press deputy director Jessica González accused Pai of throwing Bray “under the bus” and blaming the previous chairman for hiring him. But she pointed out that Bray worked for Pai at the time of the incident, questioning his control over the agency. “As Pai is busy passing the buck, little attention has been paid to the hundreds of thousands of people who were unable to comment in the net neutrality proceeding because the chairman and his staff failed to perform the due diligence necessary for the FCC’s filing system to function during heavy traffic,” González said.
Bray exited the FCC last September and has since joined the People-Centered Internet coalition as the coalition’s executive director. In a statement People-Centered Internet said Bray had not yet seen the report and that the FCC’s IG’s office never reached out to Bray during its investigation to ask what he had seen, observed, or concluded.
‘Flawed Comment System’
For several Pai and his office has been cooperating with the IG’s independent investigation and he said they’ve remained mum while the review was underway as not to jeopardize its outcome. But now that the investigation has been completed, Pai said the analysis has demonstrated that “a flawed comment system” he’s inherited needs to be addressed.
“First and foremost, this report highlights the need for the FCC to revamp ECFS. While our information technology staff worked hard to keep the system up and running in the weeks and months following this incident, it has become abundantly clear that ECFS needs to be updated,” Pai said. That task will become easier after Congress last week approved a request made by the agency to shift some budget dollars to that task. Pai said the report also showed that culture in the IT team where staff was hesitant to express disagreement with management also needs to be addressed. “Thankfully, I believe that this situation has improved over the course of the last year,” he said, but pledged they’ll make it clear that those working on IT at the Commission are encouraged to speak up if they believe that inaccurate information is being provided to the agency leadership. “Looking ahead, the most important question is what can be done to prevent this from happening again,” he said.
Flood Of Filings
Even if the FCC wasn’t hit by a cyberattack, outside groups have analyzed the comments filed during the net neutrality debate and concluded they were filled with fake filings and misrepresentations.
More than 22-million comments were filed in 2017 during the proceeding but an analysis by the Pew Research Center determined 94% of the comments were submitted multiple times. That means just 6% were unique comments, which Pew said there was “clear evidence of organized campaigns to flood the comments with repeated messages.” The most-submitted topped 2.8-million identical filings. Pew also seven most-popular comments accounted for 38% of all submissions. And 57% of the comments used temporary or duplicate email addresses.
Many submissions also seemed to include false or misleading personal information, most commonly a fake name for the comment’s author. There was also evidence that computer bots were at work. Pew says on nine different occasions more than 75,000 comments were submitted at the very same second—often including identical or highly similar comments. Three of these nine instances featured variations of a popular pro-net-neutrality message, while the others promoted several different anti-net-neutrality statements.