The FCC’s public comment system is a bloody mess. Over the past two years, it’s become apparent that political lobbyists, usually acting on behalf of the telecom industry itself, are prepared to manipulate the agency’s rulemaking process and impersonate everyday Americans just to create the illusion of public support…
The FCC’s public comment system is a bloody mess. Over the past two years, it’s become apparent that political lobbyists, usually acting on behalf of the telecom industry itself, are prepared to manipulate the agency’s rulemaking process and impersonate everyday Americans just to create the illusion of public support where, in reality, none exists.
Last week, the FCC was forced to admit in court that its Electronic Comment Filing System (ECFS) was never designed to keep track of where comments originate. Not only is the system not designed to prevent fraud or the use of bots, it said, when incidents of identity theft are widely reported, the system is not equipped to determine who’s responsible.
In response to allegations that millions of comments submitted to the FCC about net neutrality in 2017 were fabricated–using the names and home addresses of Americans without their consent–the New York Times is actively seeking access to the FCC’s internal logs under the Freedom of Information Act. Its reporters have specifically asked the FCC to turn over records that contain every comment and the IP addresses from which they originated. But the commission is fighting back.
For starters, the FCC is denying the Times access to these records on privacy grounds: releasing the IP addresses, it says, would “constitute a clearly unwarranted invasion of personal privacy.” It further alleges that releasing the logs would compromise the security of the ECFS, which is essentially a crime scene at this point thanks to concurrent state and federal investigations.
How an Investigation of Fake FCC Comments Snared a Prominent D.C. Media Firm
The notion that the system is in any way “secure” to begin with is comical, since one doesn’t need to actually commit a computer crime to flood it with bogus comments. If one were to email the agency and ask for instructions on how to submit comments in large batches, not only will it gladly provide that information, it will load them into the system regardless of whether they’re real or not.
Comments attributed to Americans who have been saying for over a year that their identities were stolen can still be found on the FCC’s website, right next to political (and in some cases veiled anti-Semitic) remarks that they did not write.
But there’s another reason the FCC is refusing to hand over the logs. In a more technical explanation offered in a motion filed on March 14, the commission argues that producing evidence of where comments originate is a “painstaking process” that would be “highly complicated and burdensome, even if it is possible to do the correlation in the first place.”
“The retracing process would allow the FCC to identify several requests made close in time to the second the comment appears in the database, and guess which one is the actual originating request,” it said. “However, the FCC cannot directly and conclusively correlate one ECFS request with one ECFS comment.”
The process of figuring out where particular comments originate, in the FCC’s own words, is complete guesswork. The system is not designed to prevent fraud, and if fraud does occur, it is not designed to detect it, nor produce evidence of who is culpable.
It is a system that is inadvertently designed to be gamed; though, granted, it was never designed to handle millions of comments at all. (Not until net neutrality was the public at large even aware it existed.)
Americans should not have to worry about whether malicious political statements, which they did not write and do not stand by, are being published by their own government in their name, without their consent.
To a certain extent, Gizmodo can confirm that what the FCC is saying is true. Last month, we reviewed some of the logs sought after by the Times, disclosed in a separate lawsuit by a different agency. Gizmodo reported on multiple sources of fraudulent comments in two articles this year. Each required a considerable amount of time and legwork.
The FCC’s argument that it can’t release the logs on the basis of privacy is undercut by the fact that the General Services Administration, which manages the API system used by the FCC, already released them–or at least part of them. The API system is only one of three ways comments are submitted; the Times is seeking access to logs related to the other methods as well.
The API logs, which Gizmodo has reviewed–and the New York Times and Wall Street Journal both have access to now–do include at least dozens of IP addresses belonging to groups that uploaded millions of comments combined.
Comments