• United States



FCC lied about DDoS attack during net neutrality comment process, blames former CIO

News Analysis
Aug 07, 20183 mins

FCC Chairman Ajit Pai says a DDoS attack did not take out the net neutrality comment site, and he blames the former administration and inaccurate information provided by the former FCC CIO.

That DDoS attack on the FCC’s public comment system that happened at the exact same time as John Oliver urged Last Week Tonight viewers to leave comments supporting net neutrality? Yep, it never really happened – not that you believed it was true. But now the FCC admits it lied about the DDoS attack on its public comment system.

FCC Chairman Ajit Pai didn’t come clean about it until the Office of Inspector General’s report proving the DDoS claim was false was imminent. Unsurprisingly, Pai claims the DDoS lie from May 2017 wasn’t his fault; instead, he points the finger of blame at the FCC’s former CIO David Bray.

Pai said in a statement:

I am deeply disappointed that the FCC’s former Chief Information Officer (CIO), who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people. 

Pai even had the gall to claim the IG’s report “debunks the conspiracy theory” that he was involved:

On the other hand, I’m pleased that this report debunks the conspiracy theory that my office or I had any knowledge that the information provided by the former CIO was inaccurate and was allowing that inaccurate information to be disseminated for political purposes. 

Why didn’t Pai say anything sooner?

Pai claims he didn’t speak up because the IG’s office asked the FCC not to discuss an ongoing investigation. Why didn’t people working under Bray speak up about the DDoS claim being inaccurate? Who knows, maybe they were scared to cross Pai? At any rate, Pai expressed disappointment “that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn’t feel comfortable communicating their concerns to me or my office.”

Pai’s statement and finger pointing goes on and on until he finally admits that the FCC’s outdated Electronic Comment Filing System (ECFS), inherited from the former administration, is a “flawed comment system” that will be redesigned and updated. Congress approved the funding for the reprogramming.

FCC Commissioner Jessica Rosenworcel shot straight to the point, saying, “The Inspector General Report tells us what we knew all along: the FCC’s claim that it was the victim of a DDoS attack during the net neutrality proceeding is bogus.”

She added:

What happened instead is obvious—millions of Americans overwhelmed our online system because they wanted to tell us how important internet openness is to them and how distressed they were to see the FCC roll back their rights. It’s unfortunate that this agency’s energy and resources needed to be spent debunking this implausible claim.

Fight for the Future, which called for the FCC to provide logs and prove DDoS attacks stopped net neutrality comments immediately after the FCC first spouted the lie, now says:

Under Ajit Pai’s leadership, the FCC sabotaged its own public comment process. From ignoring millions of fraudulent comments using stolen names and addresses to outright lies about DDoS attacks that never happened, the agency recklessly abdicated its responsibility to maintain a functional way for the public to be heard. Pai attempts to blame his staff, but this happened on his watch, and he repeatedly obstructed attempts by lawmakers and the press to get answers. The repeal of net neutrality was not only unpopular, it was illegitimate. Congress must act now to pass the CRA resolution to reverse this decision and restore basic protections for Internet freedom.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.