[HN Gopher] FCC must reveal IP addresses and user-agent headers ...
___________________________________________________________________
FCC must reveal IP addresses and user-agent headers of net
neutrality commenters
Author : arunbahl
Score : 195 points
Date : 2020-05-04 20:10 UTC (2 hours ago)
(HTM) web link (arstechnica.com)
(TXT) w3m dump (arstechnica.com)
| TazeTSchnitzel wrote:
| > IP addresses and User-Agent headers
|
| I expect the NYT will just find thousands of comments written
| with IE6 from AWS IP addresses.
| Traster wrote:
| Yes, in which case the question will go back to the FCC- why
| did you have no process in place to actually verify comments
| are genuine.
| tengbretson wrote:
| I fully understand both the cases for and against having net
| neutrality rules. However, I cannot for the life of me understand
| why a bunch of comments on a website has somehow become the
| battleground where this is being fought. What is going on here?
| As far as I can tell, the comments have about as much sway on
| public policy as the average youtube comment - none whatsoever.
| blakesterz wrote:
| I don't think it's really that the comments matter all that
| much, the judge explains it pretty well I thought:
|
| "Here, disclosing the originating IP addresses and user-agent
| headers would help clarify whether and to what extent
| fraudulent activity interfered with the comment process for the
| FCC's [net neutrality repeal], and more generally, the extent
| to which administrative rulemaking may be vulnerable to
| corruption. This serves a vital public interest because of the
| importance of public comments in agency rulemaking," Schofield
| wrote.
| bitxbitxbitcoin wrote:
| The comments are the proof that the Ajit Pai and the FCC went
| into the process already planning to axe net neutrality and
| ignored the real comments put forth by net neutrality
| supporters in favor of fake comments put forth by net
| neutrality detractors that arguably constitute identity theft.
| [1]
|
| [1] https://arstechnica.com/tech-policy/2017/12/dead-people-
| amon...
| nappa-leon wrote:
| There were very large numbers of comments both for and against
| net neutrality, but the ones against net neutrality seemed to
| largely be autogenerated and fraudulent, using names of people
| who said they didn't write them.
| ikeboy wrote:
| There were large numbers of comments on both sides made by
| people who denied writing them when asked. WSJ found
| thousands of people who denied writing a particular pro-NN
| message with their names attached.
| takeda wrote:
| The idea was to spam the comments forum so FCC can just
| ignore the comments altogether. Majority of genuine
| comments were pro NN[1][2].
|
| [1] https://medium.com/ragtag-notes/bot-or-not-verifying-
| public-...
|
| [2] https://medium.com/@csinchok/an-analysis-of-the-anti-
| title-i...
| ikeboy wrote:
| From your first link:
|
| >Based on this analysis, we estimate that 91% of all
| anti-net-neutrality submissions, and 79% of all pro-net-
| neutrality submissions, came from bots.
|
| Their survey data is mostly inconsistent with the WSJ
| data. See https://archive.fo/sp9Q7. WSJ had multiple
| orders of magnitude higher sample size, so I'd go with
| their numbers.
| nickff wrote:
| The parent is just pointing out that whether genuine or
| fraudulent, the comments didn't matter.
|
| I have had the same thought, and I am not sure why the
| veracity of the comments is fomenting so much anger. No
| matter what the comments had said, the FCC would have done
| the same thing; Pai had been very clear about his opinion on
| net neutrality over the course of many years.
| uoaei wrote:
| We can't just abandon vectors for the populace to hold
| governmental agencies to account. If anything we need to
| push to make it so that the people have more sway in cases
| where the people making decisions were not elected.
| gottareply2020 wrote:
| Abuse of power is important to curtail. If public officials
| are falsifying public comments, that matters. And to many
| American citizens, the truth still matters.
|
| As for your actual premise, 'the comments didn't matter',
| the rest of your comment invalidates your premise. Because
| if the comments did not matter, then the FCC would feel no
| need to fake the result.
|
| What you mean to say is, 'the comments would not effect the
| outcome of the FCC's decision.' And we can have a proper
| opinionated debate as to whether that is true. But the
| comments clearly 'matter'.
| elliekelly wrote:
| I got the impression the NYT is waging this battle more to
| figure out _who_ was behind fraudulent comments rather than
| to determine which comments were fraudulent and which were
| legitimate.
|
| First rule of any good investigative reporting: follow the
| money. Whoever paid for the comments must have had some
| motivation for committing fraud and identity theft en
| masse.
|
| The fact that the FCC is fighting to keep the comment-
| purchasers IP address(es) secret is telling in and of
| itself though I suppose.
| willis936 wrote:
| You wouldn't be implying that ex-Verizon-Corporate-Lawyer
| Ajit Pai might have a conflict of interest when serving
| the public, would you?
| giantrobot wrote:
| Perish the thought!
| 0xy wrote:
| This is extremely misleading. The majority of pro-NN comments
| were also subject to botting and fraud.
| bbatsell wrote:
| There is a federal law called the Administrative Procedure Act,
| which requires executive agencies to follow a process while
| engaging in rulemaking. Part of the process is a public comment
| period, and agencies are required to substantively address the
| concerns in public comments. If, for example, the public
| comment process is 99% against a proposal and the agency
| proceeds without having a VERY good argument, it can get struck
| down by judicial review.
|
| Pai knows this, and the fact that the public comments on net
| neutrality rulemaking were so obviously manipulated has made
| people think there is at least a possibility that he, or the
| FCC, was complicit, in order to flout the APA. The fact that
| the agency has gone out of its way to cover the situation up
| does not inspire much confidence, either.
|
| TL;DR: A bunch of comments on a website could result in the
| FCC's actions being struck down in court.
| Traster wrote:
| I don't think it's true to say that the comments to the FCC
| have no impact. It's a part of their process for a reason, and
| the fact that somoene felt the need to stuff the ballot points
| to genuine concern. I think it's fairly reasonable to say it
| would have put Pai in a difficult position politically to
| institute a rule after 100% of people petitioned against it.
| Which is why the clearly fraudulent activity happened.
|
| I think the reason the case is being fought is the same reason,
| it's not about whether people actually like net neutrality,
| they clearly don't. The point is to rules lawyer through the
| situation - oh well the comments were a wash, oh well there
| seems to have been fraud, let's ignore the comments entirely,
| oh well we can actually really easily tell which comments were
| fraudulent, but the rules have been in place for years now so
| it's a moot point.
| takeda wrote:
| > it's not about whether people actually like net neutrality,
| they clearly don't.
|
| I disagree with you here, those who are informed are are for
| net neutrality, not against it.
|
| No one wants ISP (or in fact anyone) deciding what sites they
| can visit or not.
| root_axis wrote:
| > _No one wants ISP (or in fact anyone) deciding what sites
| they can visit or not._
|
| A lot of people do want that because they view prohibiting
| it as a government take over of the internet. I personally
| think that is absurd, but it's a very popular opinion.
| fphhotchips wrote:
| I think 'they' in this statement refers to the members of
| the FCC that wanted the change.
| Traster wrote:
| Sorry, by they, I meant the FCC.
| colejohnson66 wrote:
| > I disagree with you here, those who are informed are are
| for net neutrality, not against it.
|
| I know a software engineer who is very much against net
| neutrality. He also happens to be very much pro free market
| (in the "no regulation at all" approach).
| pstuart wrote:
| Libertarianism is a hell of a drug.
| vkou wrote:
| If public comments were not a part of the decision-making
| process, then the agencies in question wouldn't be asking for
| public comments.
|
| If they are asking for them, and piping them into /dev/null,
| that's a scandal that FOIA requests can reveal. It also gives
| political capital for a subsequent administration to overturn a
| ruling with minimal fuss.
| openasocket wrote:
| Very good question! This all falls under what is called the
| Administrative Procedures Act (APA). While it sounds very dull,
| like it involves making sure bureaucrats fill out the right
| forms, it's actually a very important limit on the power of the
| executive branch. Especially in the last century we've seen the
| executive branch get bigger and bigger, with more and more
| government agencies giving significant power to bureaucrats
| appointed by the President: unelected, and some not even
| confirmed by the Senate. A large portion of regulations are set
| by them, and the worry is that the second the other party takes
| over the White House they will immediately change all the
| regulations to their choosing, and back and forth. Regulations
| rapidly changing based on which party is in control, not to
| mention being subject to the whims of often unelected
| bureaucrats, is really bad for consumers and businesses. At its
| core, the APA says that changes to regulations cannot be
| "arbitrary and capricious": i.e. that someone can't just
| arbitrarily create, remove, or change regulations just because
| they feel like it. There is a required procedure you have to do
| to change regulations. You have to propose your change, have a
| public comment period where anyone (ordinary people, industry
| people, activists, everyone) can voice their concerns, and then
| they have to make a decision. They also have to specifically
| address people's concerns and give a specific rationale why
| they agree with this person and disagree with that person, and
| so on. If a change is made to a regulation that doesn't respond
| to all of the concerns expressed, or has a rationale that
| doesn't make sense, you can sue and have the change stopped.
|
| Long story short, that is why comments on a website genuinely
| matter to the regulatory process.
|
| EDIT: as a side note, the current administration has been sued
| a lot over APA violations. Most of the lawsuits brought by
| states against the federal government you hear about in the
| news hinge on the APA. An example off the top of my head is the
| repeal of DACA. Now, DACA was an executive order and could have
| been un-done by an executive order (executive orders are mostly
| not subject to the APA). But Trump did not make an executive
| order repealing DACA: instead the Attorney General removed the
| rule himself, which means his decision was subject to APA
| review. As a part of this he had to publish a document
| explaining why he was going to repeal it. In it he said the
| reason he was repealing DACA was because he believed it was
| unconstitutional. A number of states have sued over this
| change, and one of the legal arguments used is an APA
| violation, because there is no evidence that DACA is
| unconstitutional. Which gets to what I find interesting about
| the APA; it forces the person making the change to specifically
| spell out their reasoning and rationalization for making that
| change. If their reasoning is faulty you can sue, and the
| federal government can't defend it by throwing about
| alternative rationales for the decision.
| JumpCrisscross wrote:
| > _the Administrative Procedures Act (APA). While it sounds
| very dull_
|
| If you read SCOTUS opinions, it feels like every other case
| with the U.S. government involves the APA. It's a powerful
| piece of legislation preventing agencies from abusing their
| rule-making power.
| takeda wrote:
| Because those are not youtube comments. Whenever FCC makes a
| policy change there is a period when citizens can comment on it
| and express their opinions and concern. To faithfully execute
| FCC supposed to include these comments in decision, they still
| could go against it, but they need to address the concerns
| raised there.
|
| The false comments, basically gave them opportunity to claim
| that citizens were equally divided and they could just ignore
| them, when in reality people were overwhelmingly against the
| changes.
|
| The whole FCC change reminds me of ICANN and .org TLD.
| Overwhelmingly unpopular to the public but driven by special
| interests.
| gigatexal wrote:
| When his run at the FCC ends I think history will remember Pai as
| the big telco tool that he is. His leadership (sic) at the FCC
| has been appalling. I can't wait for him to be gone so that,
| hopefully, the damage can be repaired by someone else.
| jedberg wrote:
| The thing about Pai is that he is _really good_ at the politics
| part of his job. I was listening to a podcast where he was
| interviewed, and at the end I was almost convinced he actually
| cares about the American public and what 's best for them.
| 0xy wrote:
| His Obama-era predecessor Tom Wheeler was the head of a
| telecommunications lobby group for his entire career,
| bankrolled by Verizon and others. Is this a case of "my telco
| shill was better because he leaned my way politically"?
| uoaei wrote:
| Yeah these comments always scream myopia to me because this
| shit was happening way before Trump got into office.
|
| By all accounts Obama is a war criminal. So is Bush, Clinton,
| Bush, etc. It's not easy to be a good person and uphold a
| global neocolonialist empire. To go back to normal is simply
| to push the grifting and swindling back into the shadows. At
| least now it's obvious enough that people paying attention
| can see how power works at those high levels, so we can be
| better prepared to combat abuses of power if/when they arise.
| gigatexal wrote:
| Notice nothing of my original post mentions politics. My
| beef is with Pai and his whoring for the telcos.
| 0xy wrote:
| The Democrats nominated a literal career telco lobbyist
| to this position last time. Why do you have faith they'll
| fix this?
| gigatexal wrote:
| NN has gained favor in the recent years. And since Pai is
| so anti-NN should a blue wave take over in a November I
| could see things moving back farther in the direction of
| sanity -- towards true NN. But I'm not sure; j just have
| hope.
| uoaei wrote:
| "Blue wave" worked out great in 2018 eh? Impeachment went
| well, and now our citizens are being taken care of by the
| government because now Pelosi gets to sit at the lectern
| and theatrically rip up pieces of paper?
| uoaei wrote:
| FEC Commissioner is an appointment position. Politics
| decides who gets to choose who to appoint, and for what
| reasons.
| jedberg wrote:
| You don't need to have a political opinion in either
| direction to see which FCC chairs help telecoms and which
| help the American people.
|
| All you have to do is look at the telecom response to policy.
| Most have been in favor of Pai's policies, and were against
| Wheeler's policies.
|
| Clearly one of them is working harder for the telecoms than
| the other.
| 0xy wrote:
| This is some serious revisionism. Tom Wheeler was
| vehemently against NN and even after backflipping refused
| to enforce his own standards against ISPs.
|
| https://www.scientificamerican.com/article/net-neutrality-
| ru...
|
| "The ruling in favor of corporate broadband providers
| [...]"
| jedberg wrote:
| That was Verizon suing the FCC because the FCC put NN in
| place. The FCC lost. Wheeler was not their friend.
| gigatexal wrote:
| Wheeler might have been a plant from Verizon but he didn't
| seem to make his benefactors proud:
| https://www.google.com/amp/s/www.wired.com/2015/02/fcc-
| chair...
| 0xy wrote:
| He didn't enforce net neutrality even one time, despite
| flagrant violations under his tenure.
|
| You're just posting his marketing speak. Tom Wheeler was
| vehemently against net neutrality and spent his entire
| career fighting it, both as a lobbyist and as the FCC head.
|
| https://www.scientificamerican.com/article/net-neutrality-
| ru...
| bluedays wrote:
| How long will it take for this information to mysteriously go
| missing?
| topspin wrote:
| Another "The files were accidentally deleted and the backups
| were unrecoverable. So sorry." Yeah. Would be no surprise at
| all.
| ogre_codes wrote:
| > Second, the FCC objects to producing the relevant materials
| from the API proxy server log because to do so requires creating
| a script, which demands "research" rather than simply a "search."
|
| Funny how a government agency considers it overly burdensome to
| write what is likely a 4 line script, so goes through a lawsuit
| that costs taxpayers likely millions of dollars to avoid it.
| Unless their infrastructure is well and truly F*ed, this is a
| 30-60 minute task for a junior server admin. Most likely they
| already ran it and didn't like what it revealed so it's even less
| effort.
| pc86 wrote:
| Don't underestimate the absolutely jaw-dropping incompetence
| from even senior "tech" folks employed by governments.
|
| Within the last couple years, I've overheard senior, so-called
| technical government employees 1) complain about Git and wonder
| aloud why we weren't using Visual Source Safe; 2) insist that
| rotating through a list of 12 hard-coded passwords, in code,
| checked into Git, was totally fine; 3) refuse to believe that
| automated deployments were possible (not hard, or against
| norms, but _physically impossible_ ); 4) try to explain to
| another so-called technical gov't employee the difference
| between CSS and JavaScript, and get it wrong; 5) stand up in
| the middle of a conversation and walk out the door because it's
| 2:30 PM and their day is over; 6) even more nonsense you
| wouldn't believe if I showed you a video of it.
|
| I would hope Federal is a little better than State, but I'm not
| convinced.
| ogre_codes wrote:
| Regardless of how incompetent they are. Incompetence should
| not be the benchmark for which terms like "Reasonable Burden"
| are applied against.
| nickff wrote:
| Each part of the government tends to give a great deal of
| deference to the other parts of the government.
| na85 wrote:
| >Don't underestimate the absolutely jaw-dropping incompetence
| from even senior "tech" folks employed by governments.
|
| When I was in training with the RCAF, I was in lecture where
| the Information Systems Security Officer (i.e. the senior
| most infosec person at this base of 6-8000 people) told us
| about a time where "two guys were emailing back and forth and
| just picked up a virus".
|
| I made the mistake of pointing out that that's not really how
| computers work, i.e. an email can't just pick up a virus in
| transit like a dog picks up a tick.
|
| I learned two lessons that day:
|
| 1. Militaries don't like it when people stand out
|
| 2. Governments are fundamentally incompetent
| fedthrowaway wrote:
| Throwaway account because I still work this job.
|
| > Don't underestimate the absolutely jaw-dropping
| incompetence from even senior "tech" folks employed by
| governments.
|
| 100% agree. Except each agency can significantly change on
| this. Some agencies (DEA, USCIS) can and are completely
| competent. I've seen then turn around on certain moderately
| complex tasks within hours.
|
| Then you have the idiots at HISN and VA that takes a year for
| even basic one-way integration. Or, they will argue with you
| how SAML works (or doesnt) for weeks at a time.
|
| > 1) complain about Git and wonder aloud why we weren't using
| Visual Source Safe;
|
| Ah so you were talking with their developers. Sounds DoD'ish
| as that's what they use, along with Firebird.
|
| > 2) insist that rotating through a list of 12 hard-coded
| passwords, in code, checked into Git, was totally fine;
|
| Ive dealt with network infrastructure entities that did
| similar for the commercial side of things. I wish it were the
| "OMG" exception. There's more terrible out there than this,
| admittedly.
|
| > 3) refuse to believe that automated deployments were
| possible (not hard, or against norms, but physically
| impossible);
|
| Well, they _ARE_ impossible by policy. FedRAMP and FISMA
| requires manual and intentional deployments. Of course we all
| know that this is the norm for a software SaaS company - but
| its not the norm when you have to go through a VPN with a CAC
| or PIV card, and then another VPN to either the testnet or
| prodnet... And the only software support for both are
| Windows. (And the VPNs will also kick you out if you 're not
| running windows.)
|
| > 4) try to explain to another so-called technical gov't
| employee the difference between CSS and JavaScript, and get
| it wrong;
|
| I've had screaming fights break out in calls when technical
| issues came up like this. And usually its the single real
| employee screaming at the legions of 3rd party contractors.
| And also, Snowden was correct in that 95% of the "government
| employees" aren't. They are contractors working for Accenture
| or the host of other Gino (govt in name only) employees. They
| don't get govt benefits, nor do they have whistleblower
| protections. Snowden in Hawaii was such a 3rd party govt
| employee.
|
| I have only ran across 1 fed employee (contractor or real)
| that was in any way and shape competent.
|
| > 5) stand up in the middle of a conversation and walk out
| the door because it's 2:30 PM and their day is over;
|
| I get your point. But it's usually 4p. Ive also seen
| government employees (employed by the local/state/fed) get in
| trouble for working non-critical issues outside their hours.
|
| > 6) even more nonsense you wouldn't believe if I showed you
| a video of it.
|
| One thing I've learned is that there is almost always a
| reason (and a decent one too) of why there is a rule. It's
| because someone previously abused something, or did something
| that broke stuff, and the new rule is the usual
| overcompensation so that anybody in power can claim "They
| didnt follow our rules, which protect against that." And
| remember, it's not far up the foodchain to an elected
| official.
|
| But yeah, there's absolutely crazy shit out there, especially
| in the fed side of things. And much of it is for complete
| show. One such tempest in a teacup issue is the _new_ (as of
| 2017) NIST password guidelines: not a single fed has
| implemented them. They still enforce the old and terrible
| ruleset.
| goostavos wrote:
| Number 5 sounds kind of nice, actually.
|
| I worked with Federal briefly. I was at a startup at the
| time, and we had this integration with the Dept. Homeland
| Security. I was young and stoked. I was the one who was going
| to wire everything together. It seemed really big and
| important. I thought it'd be a gold star on my resume.
|
| Reality was super disappointing. So much "we're working on a
| document for when we can give a date for a date on another
| document" kind of bureaucracy. I'm sure down in the deep
| cores of these agencies there are super bright and talented
| people. The ones at the edges, though.. the problem seems to
| be that you have to be more of a politician than an engineer
| to actually get anything done.
| shrimp_emoji wrote:
| >seems to be that you have to be more of a politician than
| an engineer to actually get anything done.
|
| In Red Mars, they try to colonize Mars. At first, the
| challenges are completely technical, and the engineers
| prevail. But the success is chased by increasing
| bureaucracy and involvement of stakeholders, and it quickly
| becomes all politics. c:
| JaimeThompson wrote:
| To be fair I know of people in private industry who have said
| some of the exact same things. It isn't limited to just
| government employees.
| pc86 wrote:
| If you work for a modern software company (not a service
| company that sells software), and you honestly suggest
| Visual Source Safe, you'll get fired. There's just no
| reasonably intelligent reason to suggest it.
|
| You practically have to assault someone in the break room
| to get fired from a government job.
| JeremyNT wrote:
| But if your org is using $oldtech and some new person
| comes in recommending $newtech, you'll be in great
| company if you argue that $newtech sucks and you wish you
| could just keep using $oldtech.
|
| Organizational inertia is definitely a thing, and
| technology trends do not move as quickly in all sectors.
| ikeboy wrote:
| This is a technical legal point. You can be forced to produce
| information you have, but generally not to create new
| information.
| ogre_codes wrote:
| They are arguing that finding data that's in log files is
| creating new data (because they have to write a script to
| parse it) which is specious. Logs are _designed_ to be parsed
| and searched. You might as well claim that running an SQL
| script to query data is creating new information.
| sl1ck731 wrote:
| That is true but more likely they try to push back against
| every request that isn't simply zip up files or documents
| and deposit them.
|
| They are using the "defense" that it may be difficult to
| do, but their aim (avoiding the more sinister
| possibilities) is to stop precedent for other unwieldy
| requests.
| colejohnson66 wrote:
| Well, if we're following that logic, then anytime data is
| moved from a disk to ram, we're "creating new data." Well,
| yes, it wasn't there before, so it's "new data," but it's
| also a _copy_ of old data.
| kortilla wrote:
| > Logs are designed to be parsed and searched
|
| You've never dealt with a bad log setup. Things I've seen:
|
| - inconsistent format depending on which part of the
| software was logging (think of some modules using logging
| lib and others using print())
|
| - multiline logs without any indication they are multiline
|
| - logs in some dumb binary format that requires the
| original software to reverse into legible text
|
| There are more, but the point is that logs are not often
| designed to be parsed and searched. They are normally added
| by developers to be human readable means of reversing
| internal state to debug issues. Anything above that is
| (shockingly) bonus material that doesn't make it into home-
| grown enterprise/govt software.
| ogre_codes wrote:
| > You've never dealt with a bad log setup. Things I've
| seen:
|
| I'm not sure how this is relevant. I've seen miles of
| incompetence in my career, that someone can fudge
| something up royally doesn't change the fundamental
| purpose of the thing. The point of log files is to store
| and make retrievable data about server state and actions
| over time. That someone somewhere can screw that up
| doesn't change that.
|
| In this particular case, I find it unlikely they rolled
| some custom bizarro log file format regardless because of
| the nature of the subject matter: Proxy server log files.
| It's unlikely they rolled their own proxy server (and
| they certainly don't imply any particular difficulties
| like that in court statements) so we're most likely
| talking about reading standard Apache logs or something
| similar.
| vageli wrote:
| They have the information (note that they did not contest
| that point), the script would presumably allow them to
| surface that information more quickly.
| zelon88 wrote:
| Technically you can open that logfile in Notepad and Ctrl+F
| the thing. If I was the judge and you pulled that argument
| someone at your agency would now be using that method instead
| of "researching" a grep query.
___________________________________________________________________
(page generated 2020-05-04 23:00 UTC)