• United States



Senators urge FCC to investigate ID theft in fake net neutrality comments

May 22, 20184 mins
Internet SecuritySecurity

In bipartisan letter, senators tell the FCC that 'We the People' deserve to know who misused Americans’ identities and submitted the millions of fake net neutrality comments.

net neutrality computer internet broadband regulation goverment
Credit: IDG News Service

Two senators, a Democrat and a Republican, have joined forces and opened fire on the FCC regarding the stolen identities of 2 million Americans that were used to file fake comments on the FCC’s net neutrality rule. “We the People” deserve to know who misused Americans’ identities and submitted the millions of fake comments, they contend.

Both senators, Jeff Merkley (D-Ore.) and Pat Toomey (R-Pa.), said their identities were stolen to file fake comments on the FCC’s net neutrality proposal, as were the identities of as many as 2 million Americans. In a bipartisan letter on Monday, the senators called on the FCC to investigate and to take steps to ensure this sort of clusterflub doesn’t happen again.

They wrote:

Late last year, the identities of as many as two million Americans were stolen and used to file fake comments during the Federal Communications Commission’s (FCC’s) comment period for the net neutrality rule. We were among those whose identities were misused to express viewpoints we do not hold. We are writing to express our concerns about these fake comments and the need to identify and address fraudulent behavior in the rulemaking process.

But they didn’t stop there; they asked the FCC to publicly disclose the total number of fake comments that were filed. Additionally, they asked the FCC how it is working with the Justice Department to identify who did submit the fake comments and how the FCC can track down who misused over 2 million Americans’ identities?

The first three words in our Constitution are, “We the People.” The federal rulemaking process is an essential part of our democracy and allows Americans the opportunity to express their opinions on how government agencies decide important regulatory issues. As such, we are concerned about the aforementioned fraudulent activity. We need to prevent the deliberate misuse of Americans’ personal information and ensure that the FCC is working to protect against current and future vulnerabilities in its system.

Were laws broken? Was a foreign government involved?

Senators Merkley and Toomey also asked if the FCC is working with state attorney generals to determine if laws were broken when the identities were stolen. The New York Attorney General already investigated; after the team’s record requests were ignored nine times, the group finally got hold of documentation that led to their conclusion that as many as 2 million Americans’ identities were stolen to post fake comments before the FCC’s vote on net neutrality last year. Another 8 million identities were reportedly completely bogus (pdf).

The senators also asked, “Is the FCC aware of any foreign government submitting fake comments and for what purpose?” Can the agency even “determine how many of the fake comments on record were submitted by bots?”

When it comes to ensuring this never happens again, the senators recommended “simple security measures,” such as CAPTCHA, being rolled out “to restore trust in the rulemaking process.” If not CAPTCHA or “other security technology to prevent fraudulent machine input,” then “what measures is the FCC taking to ensure this does not happen in the future?”

This is far from the first time lawmakers and others have asked the FCC for answers. Even if the FCC fails to answer the seven specific questions asked by the senators, the Government Accountability Office previously agreed to investigate net neutrality comment fraud.

The GAO also previously agreed to investigate the FCC’s claim that “multiple” DDoS attacks were responsible for the FCC’s comment system going down at the exact same time that HBO’s John Oliver rallied viewers to submit comments and again fight for net neutrality.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.