FCC Chairman Ajit Pai on Monday applauded his agency’s decision to keep secret months’ worth of data logs sought by reporters trying to shed further light on suspicious activity last year involving millions of fraudulent net neutrality comments. The agency rejected two record requests filed by major publications, the New York Times and BuzzFeed, arguing that turning over the logs would violate the privacy interests of Americans who commented on its net neutrality repeal.
The decisions comes after the Federal Communications Commission consistently misled major news outlets about a purported cyberattack against its comment system in the runup to its repeal of net neutrality rules in 2017. Only this summer did Pai finally admit that this so-called attack never occurred, even though he’d claimed the opposite publicly on numerous occasions.
The full weigh of this offence ultimately landed squarely (and conveniently) on the shoulders of an ex-official who had departed the agency more than a year before.
Over seven months this year, FCC officials defend their false claims that the comment system had been targeted by malicious hackers, even though Pai was himself aware that it wasn’t true.
(The 2017 incident, in fact, wasn’t even the first time an FCC official who came to work under Pai had circulated a false cyberattack story to the press.)
Meanwhile, the chairman dodged multiple requests for information from Democratic lawmakers in the House and Senate, who, due to being in the minority in both chambers, were unable to compel any type of response. Pai later said he kept the truth quiet at the request of the commission’s inspector general.
The @FCC’s lack of transparency here is incredibly troubling. It’s been nearly a year-and-a-half since I requested the agency provide server logs related to the alleged DDoS attacks on the #netneutrality docket, and I’m still waiting. https://t.co/A9rt94Ahof
— Jerry McNerney (@RepMcNerney) December 3, 2018
On Monday, the FCC released an opinion in response to requests made by the New York Times and BuzzFeed under the Freedom of Information Act (FOIA) for access to comment system server logs, at least one of which encompasses records related to the fictitious “distributed denial-of-service attacks” invented by the agency.
(BuzzFeed’s request, filed by reporter Jeremy Singer-Vine, targets only 20 specific comments from the net neutrality docket.)
Both requests were denied upon appeal, marking a new chapter in the FCC’s ongoing efforts to keep potentially pertinent details about the 2017 incident — and others — from the public record.
When a federal agency formally rejects a FOIA request, or fails to procedurally respond in an appropriate manner, the request may then be submitted for an administrative appeal. Typically, this means more senior officials or top agency attorneys will review the request and how it was initially handled.
Once an appeal is denied, the next step for the requester is litigation; asking a judge to review the agency’s withholding of records to ensure its decision comports with the federal FOIA statute.
Asked only once at a Senate hearing today about the fake security incident that’s needled his agency for more than a year, the chairman of the Federal Communications Commission, Ajit Pai, acknowledged for the first time knowing secretly for several months that his office likely fed US lawmakers false information.
The New York Times is pursuing the matter further in the Southern District of New York, Gizmodo has learned. The FCC’s initial brief is due December 17, said a spokesperson for the paper, adding: “We look forward to challenging in court the FCC’s refusal to provide this information, which the public is entitled to have.”
The FCC staff’s decision to withhold the server logs, which would reveal, among other details, the static and dynamic IP addresses of individuals who contributed comments to the FCC, is based in part on the idea that the IP addresses themselves are covered under an exemption to FOIA intended to protect personal privacy.
That particular exemption, however, is subject to a balancing test intended to weigh the harm of revealing an individual’s private information against public interest in its disclosure.
Courts have found certain information may be worthy of disclosure even if it might otherwise be rightfully withheld under the personal privacy exemption—if that information might be used, for example, to “she[d] light on ‘an agency’s performance of its statutory duties’ or otherwise let citizens know ‘what their government is up to,’” according to case law.
More recently, the D.C. Circuit found that “public interest” may be assessed by examining “substantial record evidence of media reports from credible news agencies.”
Notably, the comment system issues at FCC have been widely reported on (see: here, here, here, here, here, here, here, here, and here), and the chairman himself has admitted before Congress that he was misled by his most senior technology official.
The FCC also withheld the logs under another exemption that can be applied to records compiled for law enforcement purposes. The reasoning provided by the FCC, which seems fairly dubious, is that the comment system has “a rational nexus to the Commission’s law enforcement functions,” and that releasing the logs might encourage attacks not only only against the comment system itself, but “more sensitive Commission systems that are directly relied on by the Commission in carrying out its law enforcement and national security functions.”
In effect, the FCC is arguing that releasing the logs might somehow tip off malicious hackers with a way to infiltrate sensitive FCC systems.
Further, the agency’s rejection notice states that the information deemed sensitive is not segregable, meaning it cannot simply redact portions of the logs and safeguard the privacy and law enforcement interests it has asserted exist.
Beyond the FCC’s false statements to Congress and the public, however, are other considerations that might compel a judge to order the server logs be turned over. The New York Times may or may not be specifically investigating the fake cyber attack — though the server logs do overlap with that incident — but the claims that half a million comments about net neutrality were submitted with Russian email addresses.
In his appeal, Times reporter Nick Confessore cited a reporting interest in determine whether “cloud-based automated bots are being used to influence an array of U.S. political activities—including the agency notice and comment process.”
Moreover, BuzzFeed’s Singer-Vine argues that the IP addresses he’s requested access to would not actually violate the privacy interest of the Americans whose names are attached to them because the agency itself has acknowledged that the comments are fraudulent.
In a March 6 op-ed for the Washington Post, FCC Commissioner Jessica Rosenworcel wrote that, “In the course of its deliberations on the future of Internet openness, the agency logged about half a million comments sent from Russian email addresses. It received nearly 8 million comments from email domains associated with FakeMailGenerator.com with almost identical wording.”
Seems legit pic.twitter.com/TgizemRNqn
— dell cameron (@dellcam) December 19, 2017
In a statement to Gizmodo last year, Rosenworcel said: “To put it simply, there is evidence in the FCC’s files that fraud has occurred, and the FCC is telling law enforcement and victims of identity theft that it is not going to help,” referring to Pai’s refusal last year to cooperate with state investigators probing the fraudulent comments, some of which bore the names of U.S. officials, including former President Barack Obama.
An investigation carried out by Federal Communication Commission’s own inspector general officially refutes controversial claims that a cyber attack was responsible for disrupting the FCC’s comment system in May 2017, at the height of the agency’s efforts to kill off net neutrality.
In an unusual step, Pai blasted his colleague, Rosenworcel, in a statement attached to the FCC decision. (In doing so, he also acknowledged the system he’s ultimately in charge of was plagued by Russian bots.) “In the nearly half-decade preceding this Administration, there arose many, many chances to join what should have been a bipartisan effort to promote openness and transparency at the FCC,” Pai said. “And yet, my dissenting colleague said—nothing.”
Rosenworcel’s rebuke opens with a pointed question: “What is the Federal Communications Commission hiding?” She continued: “While millions of Americans sought to inform the FCC process by filing comments and sharing their deeply-held opinions about internet openness, millions of other filings in the net neutrality docket appear to be the product of fraud. As many as nine and a half million people had their identities stolen and used to file fake comments, which is a crime under both federal and state laws.”
FOIA enthusiasts have come to recognise the FCC as one of the most frequent violators of the statute. Earlier this year, for example, the agency denied Gizmodo’s request for information about a video it produced for a dinner hosted by telecom industry leaders and attended by Pai.
Releasing information about the video, a skit in which Pai joked about colluding with Verizon to repeal net neutrality rules, would “harm” the agency, it said, citing—improperly — a FOIA exemption intended to protect the deliberative process that takes place while “government decisions and policies are formulated.”
Under FOIA, there are no exemptions intended to protect federal agenices or senior officials from public embarrassment. But since taking control of the agency in early 2017, that’s exactly how the FCC has behaved. Hopefully, the judge handling the New York Times case won’t help Pai and his cronies continue to abuse the law.