FCC 'Lied to Media' Saying Net Neutrality Comment Flood Was Cyberattack

The Federal Communications Commission (FCC) has been accused of intentionally lying to the media by claiming a comment submission section of its website designed to solicit opinions on net neutrality was taken offline by a cyberattack.

In reality, critics believe it was simply overwhelmed by traffic following a segment on the topic by U.S. comedian John Oliver, host of Last Week Tonight.

A slew of heavily-redacted emails, obtained and published via the Freedom of Information Act (FoIA) by watchdog American Oversight, revealed the internal deliberations that occurred over the technical issues with the FCC system on the evening of May 7 last year. At the time, an animated Oliver had asked viewers to visit the comment section and speak out in support of net neutrality.

The news was first covered by tech site Gizmodo, which analyzed more than 1,000 emails and reported that the cyberattack story had likely been concocted and funneled to journalists who were asking for solid evidence that “multiple external distributed-denial-of-service (DDoS)” attacks—the type of digital assault that the U.S. government agency was peddling at the time—had actually occurred.

Internet activist groups, spearheaded by Fight for the Future, have long voiced the opinion that the U.S. agency was issuing misleading statements in attempt to cover up the fact its cloud-based system was unable to stay online under the weight of web traffic. In 2014, it crashed following an Oliver segment but, until last year, the FCC had not blamed the outage on an intentional, malicious, cyberattack.

Ajit Pai Federal Communications Commission Chairman Ajit Pai speaks to members of the media after a commission meeting December 14, 2017 in Washington, DC. FCC has voted to repeal its net neutrality rules at the meeting. Alex Wong/Getty Images

According to Gizmodo, the agency’s former chief information officer David Bray—who served from 2013 to 2017—had told reporters that the 2014 incident was a cyberattack which had been brushed under the carpet by former chairman Tom Wheeler, a claim that has been denied. In the emails, Bray said the “best analogy for what happened” last year was a DDoS attack against Pokémon Go in 2016. 

According to the FCC, between May 8 and May 12 it received more than 2.1 million comments.

Yet since the May 2017 outage, secrecy has surrounded the DDoS attack claims, a trend that continued with the release of the new FoIA emails. Every internal conversation about the incident by FCC employees was massively redacted, with the agency citing attorney-client communications.

On the day after Oliver’s segment, Bray issued a statement about the delays for anyone wanting to comment, claiming analysis had shown targeted DDoS attacks were to blame for the downtime.

The former agency executive asserted: “These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host."

No evidence 

But a month later, the FCC declined to release any documentation relating to its DDoS investigation, eventually admitting that it had none. This was first reported by Gizmodo's Dell Cameron. 

A former FCC security expert told Gizmodo it was agreed that the event last year “was not an attack.” On July 21, FCC chairman Ajit Pai, appointed to the role by President Donald Trump in January 2017, relayed further explanation of the disruption—via Bray—to the House of Representatives.

Within, the incident was dubbed a “non-traditional DDoS attack.” The FCC declined to provide insight into how it was bolstering the system for the future because it could “undermine our system’s security.” The FCC and FBI agreed the so-called “attack” was not a significant cyber incident, the letter said.

The net neutrality debate was a hot topic as the vote to repeal it approached. The Obama-era law forced internet service providers (ISPs) to treat all data equally and not give preferential treatment for money. The decision to roll the law back was made by the FCC in December 2017.

This week, Bray responded to the Gizmodo report via Medium. He wrote: “Whether the correct phrase is denial of service or 'bot swarm' or 'something hammering the Application Programming Interface' (API) of the commenting system —the fact is something odd was happening in May 2017.”

But Evan Greer, the deputy director of Fight for the Future, described the emails as “a smoking gun.

She wrote: “The FCC lied to reporters, and to Congress, in order to obscure the fact that they utterly failed to maintain a legitimate public comment process, as they are legally required to do, in their net neutrality repeal proceeding. Overseeing the FCC is Congress’ job.

“They need to do their job and pass the Congressional Review Act (CRA) resolution to reverse the agency’s illegitimate and unpopular decision.

“Voters from across the political spectrum overwhelmingly oppose the gutting of net neutrality,” Greer continued. “No one wants their cable company controlling what they can see and do on the internet. Inaction is unacceptable. Any member of Congress who remains silent and fails to sign the discharge petition should prepare to face the Internet’s wrath come election time.”

The FCC did not respond to a request for comment.

Emails The FCC emails released this week were highly redacted iStock