Multiple distributed denial-of service attacks (DDoS) did not cause disruptions to the FCC’s electronic comment filing system last year, the FCC’s Office of Inspector General (OIG) has concluded in a report.
The report was not released today, but FCC Chairman Ajit Pai and Commissioner Jessica Rosenworcel released statements discussing it. OIG did not respond to TR Daily’s request for information about the report’s availability to the public.
In May 2017, in the wake of a call by comedian John Oliver on his HBO show for viewers and the entire Internet community to file comments in the Internet freedom proceeding in support of maintaining Title II classification of Internet access service, parties experienced delays in trying to use ECFS.
At the time, then-FCC Chief Information Officer David Bray said that delays experienced by parties attempting to file comments through ECFS were caused by multiple DDoS attacks, not by a large number of parties trying to file comments (TR Daily, May 8, 2017).
Mr. Pai released a lengthy statement on the report this afternoon.
“I want to thank the Office of the Inspector General, both for its thorough effort to get to the bottom of what happened and for the comprehensive report it has issued. With respect to the report’s findings, I am deeply disappointed that the FCC’s former Chief Information Officer (CIO), who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people. This is completely unacceptable. I’m also disappointed that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn’t feel comfortable communicating their concerns to me or my office,” Mr. Pai said.
“On the other hand, I’m pleased that this report debunks the conspiracy theory that my office or I had any knowledge that the information provided by the former CIO was inaccurate and was allowing that inaccurate information to be disseminated for political purposes,” the Chairman added. “Indeed, as the report documents, on the morning of May 8, it was the former CIO who informed my office that ‘some external folks attempted to send high traffic in an attempt to tie-up the server from responding to others, which unfortunately makes it appear unavailable to everyone attempting to get through the queue.’ In response, the Commission’s Chief of Staff, who works in my office, asked if the then-CIO was confident that the incident wasn’t caused by a number of individuals ‘attempting to comment at the same time . . . but rather some external folks deliberately trying to tie-up the server.’ In response to this direct inquiry, the former CIO told my office: ‘Yes, we’re 99.9% confident this was external folks deliberately trying to tie-up the server to prevent others from commenting and/or create a spectacle.’
“Looking ahead, the most important question is what can be done to prevent this from happening again,” Mr. Pai stressed. “First and foremost, this report highlights the need for the FCC to revamp ECFS. While our information technology staff worked hard to keep the system up and running in the weeks and months following this incident, it has become abundantly clear that ECFS needs to be updated. I’m therefore pleased that Congress last week approved a reprogramming request that provides us with the funding necessary to redesign ECFS. We’re looking forward to getting that important project started. Moreover, my office has made it clear that we welcome the participation in this effort of the IT experts in the Inspector General’s office who worked on this report.
“Second, it has become clear that in addition to a flawed comment system, we inherited from the prior Administration a culture in which many members of the Commission’s career IT staff were hesitant to express disagreement with the Commission’s former CIO in front of FCC management. Thankfully, I believe that this situation has improved over the course of the last year,” Mr. Pai said. “But in the wake of this report, we will make it clear that those working on information technology at the Commission are encouraged to speak up if they believe that inaccurate information is being provided to the Commission’s leadership.”
In her statement, Ms. Rosenworcel said, “The Inspector General Report tells us what we knew all along: the FCC’s claim that it was the victim of a DDoS attack during the net neutrality proceeding is bogus. What happened instead is obvious — millions of Americans overwhelmed our online system because they wanted to tell us how important internet openness is to them and how distressed they were to see the FCC roll back their rights. It’s unfortunate that this agency’s energy and resources needed to be spent debunking this implausible claim.” —Paul Kirby, [email protected]
Interested in submitting an article?
Submit your information to us today!Learn More