
FCC must reveal IP addresses and user-agent headers of net neutrality commenters - arunbahl
https://arstechnica.com/tech-policy/2020/05/fcc-broke-public-records-law-by-refusing-nyt-document-request-judge-rules/
======
ogre_codes
> Second, the FCC objects to producing the relevant materials from the API
> proxy server log because to do so requires creating a script, which demands
> "research" rather than simply a "search."

Funny how a government agency considers it overly burdensome to write what is
likely a 4 line script, so goes through a lawsuit that costs taxpayers likely
millions of dollars to avoid it. Unless their infrastructure is well and truly
F*ed, this is a 30-60 minute task for a junior server admin. Most likely they
already ran it and didn't like what it revealed so it's even less effort.

~~~
pc86
Don't underestimate the absolutely jaw-dropping incompetence from even senior
"tech" folks employed by governments.

Within the last couple years, I've overheard senior, so-called technical
government employees 1) complain about Git and wonder aloud why we weren't
using Visual Source Safe; 2) insist that rotating through a list of 12 hard-
coded passwords, in code, checked into Git, was totally fine; 3) refuse to
believe that automated deployments were possible (not hard, or against norms,
but _physically impossible_ ); 4) try to explain to another so-called
technical gov't employee the difference between CSS and JavaScript, and get it
wrong; 5) stand up in the middle of a conversation and walk out the door
because it's 2:30 PM and their day is over; 6) even more nonsense you wouldn't
believe if I showed you a video of it.

I would hope Federal is a little better than State, but I'm not convinced.

~~~
na85
>Don't underestimate the absolutely jaw-dropping incompetence from even senior
"tech" folks employed by governments.

When I was in training with the RCAF, I was in lecture where the Information
Systems Security Officer (i.e. the senior most infosec person at this base of
6-8000 people) told us about a time where "two guys were emailing back and
forth and just picked up a virus".

I made the mistake of pointing out that that's not really how computers work,
i.e. an email can't just pick up a virus in transit like a dog picks up a
tick.

I learned two lessons that day:

1\. Militaries don't like it when people stand out

2\. Governments are fundamentally incompetent

~~~
dallasgutauckis
Sounds like those two guys were man-in-the-middled

~~~
na85
Or, you know, the guy caught some malware through an entirely separate vector.

~~~
barbecue_sauce
My firewall protects you, and your firewall protects me.

------
tengbretson
I fully understand both the cases for and against having net neutrality rules.
However, I cannot for the life of me understand why a bunch of comments on a
website has somehow become the battleground where this is being fought. What
is going on here? As far as I can tell, the comments have about as much sway
on public policy as the average youtube comment – none whatsoever.

~~~
nappa-leon
There were very large numbers of comments both for and against net neutrality,
but the ones against net neutrality seemed to largely be autogenerated and
fraudulent, using names of people who said they didn't write them.

~~~
nickff
The parent is just pointing out that whether genuine or fraudulent, the
comments didn't matter.

I have had the same thought, and I am not sure why the veracity of the
comments is fomenting so much anger. No matter what the comments had said, the
FCC would have done the same thing; Pai had been very clear about his opinion
on net neutrality over the course of many years.

~~~
elliekelly
I got the impression the NYT is waging this battle more to figure out _who_
was behind fraudulent comments rather than to determine which comments were
fraudulent and which were legitimate.

First rule of any good investigative reporting: follow the money. Whoever paid
for the comments must have had some motivation for committing fraud and
identity theft en masse.

The fact that the FCC is fighting to keep the comment-purchasers IP
address(es) secret is telling in and of itself though I suppose.

~~~
willis936
You wouldn’t be implying that ex-Verizon-Corporate-Lawyer Ajit Pai might have
a conflict of interest when serving the public, would you?

~~~
giantrobot
Perish the thought!

------
gigatexal
When his run at the FCC ends I think history will remember Pai as the big
telco tool that he is. His leadership (sic) at the FCC has been appalling. I
can’t wait for him to be gone so that, hopefully, the damage can be repaired
by someone else.

~~~
jessaustin
FCC under Pai does the same basic thing FCC has always done and in fact was
created to do: help Ma Bell and her descendants eliminate competition and
screw customers. The details may change over the decades, but the bottom line
does not.

~~~
linuxftw
Agreed. Remember, though, this also applies to those other agencies, even the
ones defended dogmatically.

------
not2b
I don't think the FCC's pushback is based on lack of competence or inability
to write simple scripts. That's just what they are trying to fool the courts
with. I think they are covering up, because Pai knows where a lot of the fake
comments came from: the sources of the fake comments will be discovered, and
it will look bad for the industry when it comes out.

------
TazeTSchnitzel
> IP addresses and User-Agent headers

I expect the NYT will just find thousands of comments written with IE6 from
AWS IP addresses.

~~~
Traster
Yes, in which case the question will go back to the FCC- why did you have no
process in place to actually verify comments are genuine.

~~~
casefields
This country screams bloody murder about voting ID laws, yet you want some ID
mechanism for public FCC comments?

------
natch
Aren’t they also the agency giving the green light to massive violations of
consumer privacy by allowing ISPs to data warehouse and monetize browsing
histories? And they have the nerve to claim that they want to keep IP
addresses private in just this one case where it benefits themselves.

------
paypalcust83
Next, they'll require IDs and use IVRC to delete comments based on "too
similar names."

------
adamleithp
It would be hilarious and ever maddening if the user agent came back as
"Puppeteer" and IP came back ::0

Can't wait to see it.

------
panny
I hope the NYT posts a copy of the data for public inspection.

------
mschuster91
How do they still have all this data? Under GDPR (yes, it's European, I know)
after a reasonable amount of time (=14 days) you gotta delete all the PII out
of the logs. Does US law really allow storing mostly irrelevant logs for so
long, and who pays for storing them?

~~~
velosol
When you make a comment you are acknowledging that you are entering
information to form part of the public record. I've not examined the specific
FCC form but I would almost guarantee it clearly explains that your comment
and likely metadata around it are protected in some ways by the Privacy Act of
1974 and explicitly not protected in other ways.

These logs could form the basis of a legal record generated by the executive
branch of the government and even if they weren't they are likely subject to a
legal hold as a result of on-going legal action.

Records in the government sense are very important to form an open trail of
policy decisions and overall function of government. Deleting them
accidentally can get you a firm slap on the wrist while deleting them
intentionally can put you in legal trouble (and worse if you're doing it to
cover-up wrongdoing).

The National Archives (NARA) holds on to all the various records generated by
the functioning of the federal government for various time periods based on
the content of the records. As to payment - costs are incurred in part by the
generating agencies and then the taxpayers funding NARA.

Further reading: Privacy Act of 1974, [1], FCC's Comment Filing System System
of Records in the Federal Register [2], Paperwork Reduction Act of 1980 (more
towards only collecting necessary info), and FCC's Website Notices [3].

[1]: [https://www.archives.gov/about](https://www.archives.gov/about)

[2, Word .doc]: [https://www.fcc.gov/omd/privacyact/documents/records/FCC-
CGB...](https://www.fcc.gov/omd/privacyact/documents/records/FCC-CGB-2.doc)

[3]: [https://www.fcc.gov/general/website-
notices](https://www.fcc.gov/general/website-notices)

~~~
pdonis
_> When you make a comment you are acknowledging that you are entering
information to form part of the public record. I've not examined the specific
FCC form_

I have since I actually submitted a comment on this very rulemaking. Your
description is correct.

------
bluedays
How long will it take for this information to mysteriously go missing?

~~~
topspin
Another "The files were accidentally deleted and the backups were
unrecoverable. So sorry." Yeah. Would be no surprise at all.

