On the same day that the repeal of net neutrality became official, two US senators demanded answers from the FCC over its dubious claims about being targeted by cyberattacks.
The FCC has said it was the victim of a cyberattack in 2017 following a segment on comedian John Oliver's HBO Show Last Week Tonight, in which Oliver asked viewers to flood the FCC's comment system with pro-neutrality comments. Emails recently obtained by Gizmodo show senior FCC officials under the current chairman, Ajit Pai, backed its assertion of a cyberattack last year with unsupported claims that the same thing happened in 2014, but that it was kept quiet by former chair Tom Wheeler.
The agency has since gone dark and refused to answer questions about the so-called cyberattacks — adding yet more fuel to speculation that the FCC fabricated the story.
Last week, Wheeler told C-SPAN there was no cyberattack in 2014. Asked why Pai's FCC would claim there was, he said: "I am the last person in the world to interpret the decision making of the Trump FCC."
On Monday, two Democratic senators demanded answers on the matter, and they have asked the FCC to explain what precisely went on by June 27th, 2018.
In a letter shared with Gizmodo, Senators Brian Schatz (D-HI) and Ron Wyden (D-OR) tell the FCC that they would like to see evidence of either cyberattack beyond "initial internal analyses," such as subsequent government or third-party security firm investigations. They also ask the FCC to clarify on what grounds they determined the comment system downtime on either date was best classified as a cyberattack, as well as ask Pai whether he is cooperating in full with the Government Accountability Office (GOA) investigation to determine exactly what happened.
The letter follows in full:
Dear Chairman Pai:
On May 9, 2017, we sent you a letter regarding alleged cyberattacks on the Federal Communication Commission's Electronic Comment Filing System during that month. There was also an ECFS issue involving the net neutrality proceeding in 2014. In our letter we asked that you keep Congress fully briefed as to your investigation.
Beyond your initial internal analyses that you reference in your June 15, 2017, response, have any subsequent FCC or third-party (e.g., vendor, contractor, or government agency) analyses or investigations verified that a cyberattack on ECFS occurred in 2017 and. if so. that the attack is best classified as a DDoS attack? If not, why was no investigation conducted? Please provide any and all reports, findings, and other relevant details of any such investigations.
In response to our May 2017 letter you provided information to us about the 2017 event. We request that you update, revise. and/or reaffirm in their entirety the responses that you previously provided, In addition, clarify whether you continue to classify the May 7-8, 2017, event as a DDoS attack and the basis for your classification.
Does the FCC classify the 2014 event as a DDoS attack or attacks? If so, please describe the nature of the attack and the basis for classifying it as a DDoS attack.
Have any FCC or third-party (e.g., vendor, contractor. or government agency) analyses or investigations concluded that a cyberattack occurred in 2014? Please provide any and all reports, findings, and other relevant details of any such investigations.
Is the FCC fully cooperating with the Government Accountability Office review and evaluation of the FCC's ECFS security and vulnerability to attack. including full access to the FCC's accounts and data from any incidents as well as cooperation from relevant current and former FCC staff?
Please answer these questions in writing by June 27, 2018. If you need to withhold any responsive information because it is confidential or classified please contact Andy Heiman and Eric Einhorn in our offices to schedule a briefing or make other appropriate arrangements regarding that information.
It's been clear for some time that the FCC's narrative on the alleged cyberattack is full of holes and outright fallacies; the agency has refused to release unredacted emails about the 2017 incident, meaning just what key personnel like Pai knew and when is being hidden from the public. Those records may prove crucial to determine whether the agency's revocation of the net neutrality rules was pushed through as the agency knowingly lied to the public.
"Some of these messages are probably correctly redacted, but avoiding potential embarrassment is not a legitimate reason for the government to conceal an email," American Oversight executive director Austin Evers told Gizmodo. "We were sceptical of the FCC's explanations about its online comment system issues last May, and it's clear that we still don't have the full story about what happened."
In his only public statement on the alleged cyberattacks since Gizmodo's reporting, Pai declined to address the matter himself or stand by his own assessment last year that "cyber-based attacks" had pummelled his agency. When asked if evidence exists supporting his past claims, he told the Washington Post: "I defer to the career experts at the agency. I'm not an IT expert myself."