“What is the FCC hiding?” Pai still won’t release net neutrality server logs

The Federal Communications Commission has once again refused a New York Times request for records that the Times believes might shed light on Russian interference in the net neutrality repeal proceeding.

The Times made a Freedom of Information Act (FoIA) request in June 2017 for FCC server logs and sued the FCC in September of this year over the agency's ongoing refusal to release the records. The court case is still pending, but the Times had also appealed directly to the FCC to reverse its FoIA decision. The FCC denied that appeal in a decision released today.

The Times' FoIA request was for server logs related to the system for accepting public comments on FCC Chairman Ajit Pai's repeal of net neutrality rules. The Times sought the information in order to investigate Russian involvement in fraudulent public comments. A similar request was made by Buzzfeed News, and the FCC rejected the requests from both news organizations in its order today.

Although the Times narrowed its records request to satisfy the FCC's privacy and security concerns, the FCC says it still won't provide any of the requested data. Doing so, the agency asserts, would require more than a simple database search and require the FCC to "create records that do not already exist."

Democrat Jessica Rosenworcel was the only FCC commissioner to dissent from the new ruling against the FoIA request. "What is the Federal Communications Commission hiding?" Rosenworcel asked in her dissenting statement. (Since the departure of Mignon Clyburn, Rosenworcel is the only Democratic commissioner.)

Rosenworcel pointed to the widespread fraud in the net neutrality proceeding, saying that "as many as 9.5 million people had their identities stolen and used to file fake comments, which is a crime under both federal and state laws."

"Something here is rotten—and it's time for the FCC to come clean," Rosenworcel said. "Regrettably, this agency will not do this on its own. So it falls to those who seek to investigate from outside its walls."

Pai fired back at Rosenworcel in a statement of his own, complaining that Rosenworcel didn't support Pai's efforts to improve FCC transparency during the Obama administration, when Democrats held the commission majority.

"What has changed between then and now? Literally nothing, other than the political affiliation of the FCC's leadership (and a lot more transparency now than the agency ever had then)," Pai wrote. "What is required in this matter, as in any other, is sober analysis of the facts and the law—not partisan gamesmanship. Fortunately, the Commission majority embraces that ethos in this item."

Pai accused Rosenworcel of ignoring court precedents and FCC staff analysis that support the FCC majority's position. He wrote that Rosenworcel neglected to mention "the fact that the half-million comments submitted from Russian email addresses and the nearly eight million comments filed by email addresses from email domains associated with FakeMailGenerator.com supported her position on the issue!"

In another public records case, a US district court judge ruled that the FCC must disclose email addresses that were used to submit bulk comments in the net neutrality repeal proceeding.

Pai said that today's FCC decision "relies on clear judicial precedent and careful analysis of the facts to uphold the career staff's determination that disclosure of certain server logs is inappropriate under FOIA Exemptions 6 and 7(E)."

Exemption 6 lets agencies withhold information that "would invade another individual's personal privacy." Exemption 7(E) relates to law enforcement techniques and procedures—the FCC notes that it has law enforcement powers and says the server logs would reveal sensitive information about how it defends its IT infrastructure against attacks.

The Times previously agreed to narrow its public records request to eliminate a request for comments, names, and timestamps. The narrowed request sought "only (1) originating IP addresses and timestamps, and (2) User-Agent headers and timestamps," the Times said in its court complaint. This addressed the FCC's privacy concerns because "the originating IP addresses would not be linked to any specific comment," the Times said.

The Times also argued that revealing IP addresses and User-Agent headers by themselves would not reveal any of the security measures used by the FCC.

The FCC denial today mostly addresses the Times' original, broader records request, and it repeats the FCC's arguments that the original request would invade commenters' privacy and reveal sensitive information about the FCC's IT systems.

The FCC doesn't dispute the Times' argument that the narrowed request would satisfy the commission's privacy and security concerns. But the FCC still refuses to release the IP addresses, user-agent headers, and timestamps, saying that producing them would be complicated.

"Although agencies are required to conduct simple database searches under the FoIA, the FoIA does not require agencies to create new records to satisfy requests," the FCC said. "Processing the request as modified by [Times reporter Nicholas] Confessore would go well beyond a straightforward database query; it would require the Commission to create records that do not already exist."

Rosenworcel said the FCC should produce the records, saying that the information could help identify "where this fraud in our public record came from, assess who could have orchestrated it, and identify who could have paid for it to occur." She continued:

[I]nstead of providing news organizations with the information requested, in this decision the FCC decides to hide behind Freedom of Information Act exemptions and thwart investigative journalism. In doing so, the agency asserts an overbroad claim about the security of its public commenting system that sounds no more credible than its earlier and disproven claim that the system was the subject of distributed denial of service attack. It appears this agency is trying to prevent anyone from looking too closely at the mess it made of net neutrality. It is hiding what it knows about the fraud in our record, and it is preventing an honest account of its many problems from seeing the light of day.

Separately, Pai's FCC has failed to fulfill an Ars request for records related to the FCC's measurement of in-home broadband speeds. The FCC hasn't released any new data from its speed tests in nearly two years, and we've been trying to get information about the future of the program.