80% of Net Neutrality Comments to FCC Were Fudged | Threatpost

Broadband providers and a 19-year-old college student were among those who successfully hijacked public comments during a crucial decision-making process in 2017 to overturn net neutrality by flooding the Federal Communications Commission (FCC) with fraudulent comments indicating their position on the move, according to a new report.

A secret campaign by the broadband industry to offer support to roll back net neutrality resulted in fake comments comprising more than 40 percent of those sent to the FCC during the public comments phase of its decision, according to the report by the New York State Office of the Attorney General.

The industry also sent more than half a million fake letters to Congress to “create the appearance of widespread grassroots opposition to existing net neutrality rules, which as described in an internal campaign planning document would help provide ‘cover’ for the FCC’s proposed repeal,” according to the report “Fake Comments: How U.S. Companies and Partisans Hack Democracy to Undermine Your Voice”, published online Thursday.

Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine.

On the other side of the debate, a 19-year-old college student who opposed the repeal of net neutrality managed to file more than 7.7 million pro-neutrality comments with the FCC by fabricating people’s names and addresses using software. Meanwhile, another group of 1.6 million pro-neutrality comments of an undetermined source were submitted using fictitious identities.

Fake-Comment Fest

Overall, the Office of the New York Attorney General (OAG) found that fake comments accounted for nearly 18 million of the more than 22 million comments the FCC received during its 2017 rulemaking.

“This type of fraud has significant consequences for our democracy,” the AG’s office said in the report. “Federal and state agencies rely on public comments to set standards that govern many aspects of our lives, from public health to consumer protection to the environment, and, in this case, the rules that govern how we share and consume content over the internet.”

Public comments can also influence legislators and play a role in creating the laws that are later enacted, so sabotaging the process also undermines the democratic legislative process in the United States, according to the report.

Net neutrality is the principle that ISPs treat all content going over the internet equally and not give preference to some digital content from certain providers. President Obama ostensibly put net neutrality rules into effect in 2015 when the FCC voted to classify consumer broadband service as a public utility under Title II of the 1934 Communications Act. Under that law, the FCC adopted a policy that traffic could not be blocked or disrupted; nor could providers pay to prioritize their content.

However, the FCC under President Trump repealed net neutrality with a replacement rule crafted in 2017 called the Restoring Internet Freedom Order. At the time, a united coalition of net neutrality supporters – including 20 state attorneys general, consumer groups, and companies such as Vimeo, Netflix and Sonos – pushed back with legal challenges against the order, which in the end were not successful at the federal level. California later passed its own net neutrality law, butting heads with the feds over the issue.

The report now makes it abundantly clear that FCC regulators were deliberately misled during the public comments period in the lead-up to the net-neutrality repeal and may have been unduly influenced during their decision-making.

Bogus Comments from Both Sides

On one side, the three largest telecom companies in the United States and an industry trade group – all of whom had a vested interest in seeing net neutrality fail – tried to manufacture support for repeal by paying lead-generating companies to create comments in support of the repeal.

Among the actions taken by these third-party companies were to submit comments through a process called “co-registration.” This encouraged consumers to join in the campaign by promising people “gift cards and sweepstakes entries.” The companies then used the names of those consumers to craft and submit responses in support of the rollback without those people’s knowledge.

“Nearly every lead generator that was engaged to enroll consumers in the broadband industry’s campaign fabricated consumers’ responses to the campaign,” according to the report. “Most never even ran the broadband industry’s campaign solicitation; instead, they copied names and addresses they had purchased or collected months or years earlier through unrelated lead-generation efforts, and passed it off as information submitted by consumers who had agreed to join the broadband industry’s campaign.”

The AG has not found any evidence that the companies who hired the lead generators were aware that the companies didn’t carry out a legitimate solicitation campaign, however.

Three of the lead-generation companies engaged in this activity – Fluent, React2Media, and Opt-Intelligence – already have entered into settlements with the New York AG’s office that require them to pay more than $4 million in total.

In terms of the fake comments in support of net neutrality, the FCC lacked safeguards to detect or prevent millions of submissions from a single source, which is how one person managed to submit nearly 8 million comments, according to the report. A college student pursuing a degree in computer science in California was behind this particular campaign, using disposable email addresses to submit the comments one by one.

“As this report makes clear, deception and fraud have infected public policymaking by agencies and legislatures, drowning out citizens’ voices with manufactured and fraudulent public comments, letter, and petitions,” the report concluded. “Reform is badly needed.”

Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” – a LIVE roundtable event on Wed, May 12 at 2:00 PM EDT. Sponsored by Zoho ManageEngine, Threatpost host Becky Bracken moderates an expert panel discussing best defense strategies for these 2021 threats. Questions and LIVE audience participation encouraged. Join the lively discussion and Register HERE for free.