FCC admits net neutrality DDoS attack was work of fiction
FCC chairman Ajit Pai pins error on former CIO providing "inaccurate information"
The US Federal Communications Commission has admitted that the alleged hack which blocked pro-net neutrality comments never happened, sparking outrage amongst activists.
FCC Chairman Ajit Pai released a statement yesterday confirming that the outage that prevented many people from leaving comments on the FCC's net neutrality proposal last May was not caused by "external" actors as previously suggested, but instead by inadequate IT systems, implying that it was overwhelmed by the sheer volume of commenters.
The statement follows the conclusion of an investigation by the FCC's Inspector General into the agency's claims that it fell victim to a DDoS attack. Pai has primarily blamed ex-CIO David Bray for spreading the DDoS story, as well as implying that the technical failings were the result of mismanagement by the Obama-era FCC leadership.
"I am deeply disappointed that the FCC's former Chief Information Officer (CIO), who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people," Pai said in a statement.
"It has become clear that in addition to a flawed comment system, we inherited from the prior Administration a culture in which many members of the Commission's career IT staff were hesitant to express disagreement with the Commission's former CIO in front of FCC management."
He also stated that the organisation's Electronic Comment Filing System (ECFS) was deeply in need of updating, and the FCC has pledged to improve it with the help of a congressional grant.
Many campaigners, however, are now calling for Congress to reinstate the net neutrality rules rolled back by the FCC, with Fight for the Future's deputy director Evan Greer arguing that the FCC's actions have rendered the pretext for the repeal "illegitimate".
"Under Ajit Pai's leadership, the FCC sabotaged its own public comment process," she said in a statement. "From ignoring millions of fraudulent comments using stolen names and addresses to outright lies about DDoS attacks that never happened, the agency recklessly abdicated its responsibility to maintain a functional way for the public to be heard."
"Pai attempts to blame his staff, but this happened on his watch, and he repeatedly obstructed attempts by lawmakers and the press to get answers. The repeal of net neutrality was not only unpopular, it was illegitimate. Congress must act now to pass the CRA resolution to reverse this decision and restore basic protections for Internet freedom."
The outage that the FCC initially blamed on a DDoS attack occurred last year, while the regulator was still in the process of gathering feedback and comments on whether or not to keep net neutrality rules in place. Powerful telco lobbies were in favour of repealing the rules, but polls showed that most ordinary people supported them, and the FCC's request for comment represented one of the only opportunities for them to make their opinions heard.
This was fuelled particularly by comedian John Oliver, after a segment on net neutrality from his HBO show Last Week Tonight went viral. The segment included simple instructions on how to leave a comment in support of net neutrality, and the FCC was promptly flooded with over 1.6 million responses. Shortly afterwards, the ECFS experienced a major outage, leaving people unable to post any further comments.
Although it's impossible to say for certain that the influx of feedback was a direct result of Oliver's segment, it's highly likely - particularly as the same thing happened in 2014. In a separate episode three years earlier, Oliver also issued a similar plea to users asking them to get in touch with the FCC to support net neutrality rules, after which the regulator received another deluge of comments.
The FCC's comments system went down in this instance too but, at the time, the watchdog (then led by Democrat Tom Wheeler) blamed the outage on the unexpected spike in traffic, coupled with old and ailing software.
While logic (and Pai's statement) would suggest that the same thing happened last year, the FCC instead insisted that the recent outage was the result of a DDoS attack. FCC officials also told reporters that the 2014 outage was also caused by a DDoS and that Wheeler was covering it up, according to a Gizmodo report.
Multiple sources have disputed these accounts, citing the FCC's refusal to produce any evidence in support of its claims. In fact, the Government Accountability Office is still in the midst of an independent investigation into the FCC's claims. This investigation is separate from the Inspector General's report, which has not yet been made public.
"The Inspector General Report tells us what we knew all along," said Jessica Rosenworcel, a Democrat member of the FCC and staunch defender of net neutrality; "The FCC's claim that it was the victim of a DDoS attack during the net neutrality proceeding is bogus."
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now