NYT defeats Ajit Pai as judge orders FCC to provide net neutrality records

Authored by arstechnica.com and submitted by Philo1927
image for NYT defeats Ajit Pai as judge orders FCC to provide net neutrality records

The New York Times has won its lawsuit against the Federal Communications Commission, as a federal judge ruled Thursday that the FCC must turn over net neutrality comment records that it refused to give to the NYT.

The NYT sued the FCC in September 2018, saying the agency denied a Freedom of Information Act (FoIA) request for records that the NYT said might shed light on possible Russian interference in the net neutrality repeal proceeding. The Times' motion for summary judgment was granted by Judge Lorna Schofield of the US District Court for the Southern District of New York.

"We are pleased that the court saw through the FCC's privacy arguments and understood the public interest in The Times having access to this data," a NYT spokesperson told Ars today.

We asked the FCC if it will appeal the ruling or supply the records to the NYT as ordered by the judge. We'll update this story if we get a response.

The public-comment process leading up to FCC Chairman Ajit Pai's December 2017 repeal of net neutrality rules attracted more than 22 million comments, but millions were made using stolen identities. The NYT filed a FoIA request for server logs related to public comments in June 2017, but the newspaper narrowed its request multiple times in response to the FCC's refusal to provide the records. The pared-down request the judge approved is for timestamps, originating IP addresses, and user-agent headers related to public comments, which are contained in an API proxy server log at the FCC.

Judge Schofield was not convinced by the FCC's arguments that producing IP addresses and user-agent headers would be too cumbersome for the FCC and that doing so would violate commenters' privacy. Her ruling noted that "every commenter was provided with a privacy notice, stating that '[a]ll information submitted, including names and addresses, will be publicly available via the Web.'"

The strongest argument for a substantial privacy risk "is that digital advertisers and digital platforms could combine this data with other available information to create a detailed and intimate profile" of each commenter, Schofield wrote. But the FCC didn't make a persuasive argument on that point, as "the general statements in the agency's declaration that IP addresses and other digital identifiers 'often can be reliably linked to individual persons' to create 'detailed profiles' fall short," she wrote.

Addressing the FCC argument that producing the requested records is too difficult, Schofield wrote that "the FCC contends that the API proxy server log is not actually a database, but instead 'a long and unwieldy list of various data' that it should not have to search." However, the FCC "d[id] not address why such a list does not fall under 'information... in any format' that is subject to FOIA."

Second, the FCC objects to producing the relevant materials from the API proxy server log because to do so requires creating a script, which demands "research" rather than simply a "search." This argument also fails as a matter of law. In contrast to completing a "search," which FoIA defines as reviewing agency records by automated means to locate responsive records, conducting research and answering questions require "dig[ging] out all the information that might exist, in whatever form or place it might be found." The FCC contends that the purpose of the script is to conduct a "matching and sorting process" that pulls only the relevant material from the API proxy server log. This "matching and sorting" process is closer to an automated search for responsive records than a scavenger hunt for disparate information. FOIA "clearly require[s] agencies to sort a pre-existing database of information to make information intelligible so that it may be transmitted to the public."

The FCC also "made no showing that creating and running such a script would require more than 'reasonable efforts to search' or 'would significantly interfere with the operation of the agency's automated information system,'" the judge wrote.

The user-agent headers sought by the NYT "contain information about a commenter's device, such as the operating system, operating system version, browser version, browser platform and language settings," which "can help distinguish between different users who share the same IP address," the ruling said.

Pai's repeal was opposed by an overwhelming majority of comments that weren't either fraudulent or part of form-letter campaigns. Fraudulent comments and form-letter campaigns apparently helped make public opinion seem more divided, though Pai pointed out that the fraud went in both directions. In the FCC's denial of the NYT public-records request, he said that a half-million comments submitted from Russian email addresses mostly supported keeping net neutrality rules.

Schofield said it's in the public interest for the FCC to provide the data requested by the Times.

"Here, disclosing the originating IP addresses and user-agent headers would help clarify whether and to what extent fraudulent activity interfered with the comment process for the FCC's [net neutrality repeal], and more generally, the extent to which administrative rulemaking may be vulnerable to corruption. This serves a vital public interest because of the importance of public comments in agency rulemaking," Schofield wrote.

Schofield noted that "the integrity of the notice-and-comment process is directly tied to the legitimacy of an agency's rulemaking," and that the "comment process is sufficiently important that a rule may be vacated if the agency does not comply with the notice-and-comment requirements."

The FCC "argues that adequate information is already available to the public," noting "that its final rule runs over 500 pages and describes the public comments and other sources considered," Schofield wrote. But this FCC argument "misunderstands the public interest at stake. The concern is not whether the FCC was appropriately responsive to certain comments. Rather, the concern is whether the notice-and-comment process functioned as a check on agency rulemaking authority as prescribed by federal administrative law."

Schofield ruled against the NYT's motion for the FCC to pay for its court costs because "the parties have not briefed this issue," but denied the motion without prejudice so the NYT can resubmit the request.

Separately, the FCC's net neutrality proceeding led to an investigation by the US Government Accountability Office (GAO). The GAO said recently that the FCC has implemented most of its recommendations for improving the security of its public comment system.

The NYT case wasn't the only lawsuit over an FCC refusal to comply with a public records request related to the net neutrality proceeding. In another instance, a judge ordered the FCC to hand over records to a journalist; the FCC later paid the journalist $43,000 in a settlement to cover his attorneys' fees and court costs.

JackAceHole on May 5th, 2020 at 01:45 UTC »

192.168.0.1 192.168.0.2 192.168.0.3 ...

But seriously, this is great fucking news if it actually happens. If the real IPs get published, the fraud will be exposed. My guess is they will claim they lost the data or they’ll just use random IPs from China or something.

murl on May 5th, 2020 at 01:18 UTC »

"the FCC contends that the API proxy server log is not actually a database, but instead 'a long and unwieldy list of various data' that it should not have to search."

There is sure to be a way to read logs and extract the information. For example, a computer could be employed.

jimbo_throwaway77 on May 5th, 2020 at 01:13 UTC »

So when we find out that our taxes were spent to pay for astroturfing to make our internet services slower and more expensive, can there be some class action suit? 'Cause that's what we are going to find out