The FCC Just Got Sued Again—Now for Withholding Records About Its Alleged DDoS Attack

A second lawsuit has been filed against the Federal Communications Commission (FCC) this week over the secrecy shrouding its plans to kill off net neutrality.

An investigative journalist filed paperwork suing the FCC in New York Wednesday afternoon, accusing the agency of improperly withholding records about a May cyberattack that it claims temporarily took down a website used by the public to participate in the net neutrality debate. Specifically, the FCC has been accused of violating the Freedom of Information Act (FOIA), a federal transparency law that compels the government to release non-exempt agency records upon request.

The lawsuit, filed by former Vocativ senior reporter Kevin Collier, was the second to hit the FCC on Wednesday. American Oversight, a legal watchdog group, had filed a lawsuit just hours before, accusing the FCC of withholding records about Chairman Ajit Pai’s meetings with internet service providers—most of which support the rollback of Obama-era regulations that made it illegal to discriminate against online content by blocking or slowing traffic to certain websites.

Collier filed two public records requests at the FCC this year seeking information about (1) what the agency claims was a distributed denial-of-service (DDoS) attack against its public comment system on May 7-8, and (2) regarding the agency’s analysis of astroturfing efforts targeting its public comment website—in other words, fake comments generated en masse which were designed to emulate those submitted by real Americans. (Disclosure: Kevin Collier and I formerly worked together as staff writers at the Daily Dot.)

In response to a similar request filed by Gizmodo in May, the FCC refused to release any records of significance concerning the so-called cyberattack that prevented Americans from using the public comment system temporarily after comedian John Oliver, host of HBO’s Last Week Tonight, directed his audience to visit the FCC’s website. Among other justifications, the agency claimed that roughly 92 percent of the documents concerning the cyberattack contained either “trade secrets” or “privileged and confidential” information; others, it said, would reveal “discussion of the Commission’s IT infrastructure and countermeasures.”

Collier said his records request was prompted by the FCC’s “weird and cagey” inclination to obscure details about the incident. “The fact that they gave Gizmodo such a runaround in its own request for internal ‘analysis’ of the attack just goes to show this,” he said. “I want to know the full story.”

Wyden told Gizmodo last week the FCC’s actions raised “legitimate questions about whether the agency is being truthful when it claims a DDoS attack knocked its commenting system offline.”

Sources on both sides of the net neutrality debate claim the FCC’s public comment system is wholly compromised as the result of multiple astroturfing campaigns. A conservative group claims that hundreds of thousands of pro-net neutrality comments were generated all using the same address in Russia, among others in Germany and the United Kingdom.

The system is also said to have been inundated with comments from a spambot using the names and addresses of US citizens without their permission; those comments, which numbered in the thousands and are identical, according to a ZDNet investigation, markedly opposed net neutrality and criticize the “unprecedented regulatory power the Obama administration imposed on the internet.”

The FCC has so far refused to release any substantive proof of a DDoS attack, although it did provide one amorphous description of a “bot swarm” emanating from “cloud providers” in a letter to Wyden and Schatz mid-June. The agency classified the incident, nonsensically, as a “non-traditional DDoS attack.” But in a subsequent letter to Wyden on July 11, Chairman Pai declined to reveal any measures taken by FCC to protect its systems out of an apparent sense of operational security: “Given the nature of this situation,” he said, “I believe that publicly disclosing the specific steps that we are taking could undermine their efficacy.”

What’s more, Pai has further implied that the FCC may, by default, honor some of the counterfeit comments submitted to its website about net neutrality during the 90-day open comment period that ended this week.

Collier had pressed the FCC repeatedly on whether they’d include the “obviously astroturfed comments.” The agency would only refer him to Chairman Pai’s previous remarks. (Pai told reporters in May that the FCC had generally “erred on the side of openness.”)

“The FCC may be determined to ignore journalists,” said Dan Novack, Collier’s attorney in New York, “but it’s going to be in for a rude awakening when a federal judge is asking the questions.”

The FCC has ignored multiple requests for comment and has declined to respond to all inquiries regarding Sen. Wyden’s concerns.