[HN Gopher] FCC must reveal IP addresses and user-agent headers ... ___________________________________________________________________ FCC must reveal IP addresses and user-agent headers of net neutrality commenters Author : arunbahl Score : 195 points Date : 2020-05-04 20:10 UTC (2 hours ago) (HTM) web link (arstechnica.com) (TXT) w3m dump (arstechnica.com) | TazeTSchnitzel wrote: | > IP addresses and User-Agent headers | | I expect the NYT will just find thousands of comments written | with IE6 from AWS IP addresses. | Traster wrote: | Yes, in which case the question will go back to the FCC- why | did you have no process in place to actually verify comments | are genuine. | tengbretson wrote: | I fully understand both the cases for and against having net | neutrality rules. However, I cannot for the life of me understand | why a bunch of comments on a website has somehow become the | battleground where this is being fought. What is going on here? | As far as I can tell, the comments have about as much sway on | public policy as the average youtube comment - none whatsoever. | blakesterz wrote: | I don't think it's really that the comments matter all that | much, the judge explains it pretty well I thought: | | "Here, disclosing the originating IP addresses and user-agent | headers would help clarify whether and to what extent | fraudulent activity interfered with the comment process for the | FCC's [net neutrality repeal], and more generally, the extent | to which administrative rulemaking may be vulnerable to | corruption. This serves a vital public interest because of the | importance of public comments in agency rulemaking," Schofield | wrote. | bitxbitxbitcoin wrote: | The comments are the proof that the Ajit Pai and the FCC went | into the process already planning to axe net neutrality and | ignored the real comments put forth by net neutrality | supporters in favor of fake comments put forth by net | neutrality detractors that arguably constitute identity theft. | [1] | | [1] https://arstechnica.com/tech-policy/2017/12/dead-people- | amon... | nappa-leon wrote: | There were very large numbers of comments both for and against | net neutrality, but the ones against net neutrality seemed to | largely be autogenerated and fraudulent, using names of people | who said they didn't write them. | ikeboy wrote: | There were large numbers of comments on both sides made by | people who denied writing them when asked. WSJ found | thousands of people who denied writing a particular pro-NN | message with their names attached. | takeda wrote: | The idea was to spam the comments forum so FCC can just | ignore the comments altogether. Majority of genuine | comments were pro NN[1][2]. | | [1] https://medium.com/ragtag-notes/bot-or-not-verifying- | public-... | | [2] https://medium.com/@csinchok/an-analysis-of-the-anti- | title-i... | ikeboy wrote: | From your first link: | | >Based on this analysis, we estimate that 91% of all | anti-net-neutrality submissions, and 79% of all pro-net- | neutrality submissions, came from bots. | | Their survey data is mostly inconsistent with the WSJ | data. See https://archive.fo/sp9Q7. WSJ had multiple | orders of magnitude higher sample size, so I'd go with | their numbers. | nickff wrote: | The parent is just pointing out that whether genuine or | fraudulent, the comments didn't matter. | | I have had the same thought, and I am not sure why the | veracity of the comments is fomenting so much anger. No | matter what the comments had said, the FCC would have done | the same thing; Pai had been very clear about his opinion on | net neutrality over the course of many years. | uoaei wrote: | We can't just abandon vectors for the populace to hold | governmental agencies to account. If anything we need to | push to make it so that the people have more sway in cases | where the people making decisions were not elected. | gottareply2020 wrote: | Abuse of power is important to curtail. If public officials | are falsifying public comments, that matters. And to many | American citizens, the truth still matters. | | As for your actual premise, 'the comments didn't matter', | the rest of your comment invalidates your premise. Because | if the comments did not matter, then the FCC would feel no | need to fake the result. | | What you mean to say is, 'the comments would not effect the | outcome of the FCC's decision.' And we can have a proper | opinionated debate as to whether that is true. But the | comments clearly 'matter'. | elliekelly wrote: | I got the impression the NYT is waging this battle more to | figure out _who_ was behind fraudulent comments rather than | to determine which comments were fraudulent and which were | legitimate. | | First rule of any good investigative reporting: follow the | money. Whoever paid for the comments must have had some | motivation for committing fraud and identity theft en | masse. | | The fact that the FCC is fighting to keep the comment- | purchasers IP address(es) secret is telling in and of | itself though I suppose. | willis936 wrote: | You wouldn't be implying that ex-Verizon-Corporate-Lawyer | Ajit Pai might have a conflict of interest when serving | the public, would you? | giantrobot wrote: | Perish the thought! | 0xy wrote: | This is extremely misleading. The majority of pro-NN comments | were also subject to botting and fraud. | bbatsell wrote: | There is a federal law called the Administrative Procedure Act, | which requires executive agencies to follow a process while | engaging in rulemaking. Part of the process is a public comment | period, and agencies are required to substantively address the | concerns in public comments. If, for example, the public | comment process is 99% against a proposal and the agency | proceeds without having a VERY good argument, it can get struck | down by judicial review. | | Pai knows this, and the fact that the public comments on net | neutrality rulemaking were so obviously manipulated has made | people think there is at least a possibility that he, or the | FCC, was complicit, in order to flout the APA. The fact that | the agency has gone out of its way to cover the situation up | does not inspire much confidence, either. | | TL;DR: A bunch of comments on a website could result in the | FCC's actions being struck down in court. | Traster wrote: | I don't think it's true to say that the comments to the FCC | have no impact. It's a part of their process for a reason, and | the fact that somoene felt the need to stuff the ballot points | to genuine concern. I think it's fairly reasonable to say it | would have put Pai in a difficult position politically to | institute a rule after 100% of people petitioned against it. | Which is why the clearly fraudulent activity happened. | | I think the reason the case is being fought is the same reason, | it's not about whether people actually like net neutrality, | they clearly don't. The point is to rules lawyer through the | situation - oh well the comments were a wash, oh well there | seems to have been fraud, let's ignore the comments entirely, | oh well we can actually really easily tell which comments were | fraudulent, but the rules have been in place for years now so | it's a moot point. | takeda wrote: | > it's not about whether people actually like net neutrality, | they clearly don't. | | I disagree with you here, those who are informed are are for | net neutrality, not against it. | | No one wants ISP (or in fact anyone) deciding what sites they | can visit or not. | root_axis wrote: | > _No one wants ISP (or in fact anyone) deciding what sites | they can visit or not._ | | A lot of people do want that because they view prohibiting | it as a government take over of the internet. I personally | think that is absurd, but it's a very popular opinion. | fphhotchips wrote: | I think 'they' in this statement refers to the members of | the FCC that wanted the change. | Traster wrote: | Sorry, by they, I meant the FCC. | colejohnson66 wrote: | > I disagree with you here, those who are informed are are | for net neutrality, not against it. | | I know a software engineer who is very much against net | neutrality. He also happens to be very much pro free market | (in the "no regulation at all" approach). | pstuart wrote: | Libertarianism is a hell of a drug. | vkou wrote: | If public comments were not a part of the decision-making | process, then the agencies in question wouldn't be asking for | public comments. | | If they are asking for them, and piping them into /dev/null, | that's a scandal that FOIA requests can reveal. It also gives | political capital for a subsequent administration to overturn a | ruling with minimal fuss. | openasocket wrote: | Very good question! This all falls under what is called the | Administrative Procedures Act (APA). While it sounds very dull, | like it involves making sure bureaucrats fill out the right | forms, it's actually a very important limit on the power of the | executive branch. Especially in the last century we've seen the | executive branch get bigger and bigger, with more and more | government agencies giving significant power to bureaucrats | appointed by the President: unelected, and some not even | confirmed by the Senate. A large portion of regulations are set | by them, and the worry is that the second the other party takes | over the White House they will immediately change all the | regulations to their choosing, and back and forth. Regulations | rapidly changing based on which party is in control, not to | mention being subject to the whims of often unelected | bureaucrats, is really bad for consumers and businesses. At its | core, the APA says that changes to regulations cannot be | "arbitrary and capricious": i.e. that someone can't just | arbitrarily create, remove, or change regulations just because | they feel like it. There is a required procedure you have to do | to change regulations. You have to propose your change, have a | public comment period where anyone (ordinary people, industry | people, activists, everyone) can voice their concerns, and then | they have to make a decision. They also have to specifically | address people's concerns and give a specific rationale why | they agree with this person and disagree with that person, and | so on. If a change is made to a regulation that doesn't respond | to all of the concerns expressed, or has a rationale that | doesn't make sense, you can sue and have the change stopped. | | Long story short, that is why comments on a website genuinely | matter to the regulatory process. | | EDIT: as a side note, the current administration has been sued | a lot over APA violations. Most of the lawsuits brought by | states against the federal government you hear about in the | news hinge on the APA. An example off the top of my head is the | repeal of DACA. Now, DACA was an executive order and could have | been un-done by an executive order (executive orders are mostly | not subject to the APA). But Trump did not make an executive | order repealing DACA: instead the Attorney General removed the | rule himself, which means his decision was subject to APA | review. As a part of this he had to publish a document | explaining why he was going to repeal it. In it he said the | reason he was repealing DACA was because he believed it was | unconstitutional. A number of states have sued over this | change, and one of the legal arguments used is an APA | violation, because there is no evidence that DACA is | unconstitutional. Which gets to what I find interesting about | the APA; it forces the person making the change to specifically | spell out their reasoning and rationalization for making that | change. If their reasoning is faulty you can sue, and the | federal government can't defend it by throwing about | alternative rationales for the decision. | JumpCrisscross wrote: | > _the Administrative Procedures Act (APA). While it sounds | very dull_ | | If you read SCOTUS opinions, it feels like every other case | with the U.S. government involves the APA. It's a powerful | piece of legislation preventing agencies from abusing their | rule-making power. | takeda wrote: | Because those are not youtube comments. Whenever FCC makes a | policy change there is a period when citizens can comment on it | and express their opinions and concern. To faithfully execute | FCC supposed to include these comments in decision, they still | could go against it, but they need to address the concerns | raised there. | | The false comments, basically gave them opportunity to claim | that citizens were equally divided and they could just ignore | them, when in reality people were overwhelmingly against the | changes. | | The whole FCC change reminds me of ICANN and .org TLD. | Overwhelmingly unpopular to the public but driven by special | interests. | gigatexal wrote: | When his run at the FCC ends I think history will remember Pai as | the big telco tool that he is. His leadership (sic) at the FCC | has been appalling. I can't wait for him to be gone so that, | hopefully, the damage can be repaired by someone else. | jedberg wrote: | The thing about Pai is that he is _really good_ at the politics | part of his job. I was listening to a podcast where he was | interviewed, and at the end I was almost convinced he actually | cares about the American public and what 's best for them. | 0xy wrote: | His Obama-era predecessor Tom Wheeler was the head of a | telecommunications lobby group for his entire career, | bankrolled by Verizon and others. Is this a case of "my telco | shill was better because he leaned my way politically"? | uoaei wrote: | Yeah these comments always scream myopia to me because this | shit was happening way before Trump got into office. | | By all accounts Obama is a war criminal. So is Bush, Clinton, | Bush, etc. It's not easy to be a good person and uphold a | global neocolonialist empire. To go back to normal is simply | to push the grifting and swindling back into the shadows. At | least now it's obvious enough that people paying attention | can see how power works at those high levels, so we can be | better prepared to combat abuses of power if/when they arise. | gigatexal wrote: | Notice nothing of my original post mentions politics. My | beef is with Pai and his whoring for the telcos. | 0xy wrote: | The Democrats nominated a literal career telco lobbyist | to this position last time. Why do you have faith they'll | fix this? | gigatexal wrote: | NN has gained favor in the recent years. And since Pai is | so anti-NN should a blue wave take over in a November I | could see things moving back farther in the direction of | sanity -- towards true NN. But I'm not sure; j just have | hope. | uoaei wrote: | "Blue wave" worked out great in 2018 eh? Impeachment went | well, and now our citizens are being taken care of by the | government because now Pelosi gets to sit at the lectern | and theatrically rip up pieces of paper? | uoaei wrote: | FEC Commissioner is an appointment position. Politics | decides who gets to choose who to appoint, and for what | reasons. | jedberg wrote: | You don't need to have a political opinion in either | direction to see which FCC chairs help telecoms and which | help the American people. | | All you have to do is look at the telecom response to policy. | Most have been in favor of Pai's policies, and were against | Wheeler's policies. | | Clearly one of them is working harder for the telecoms than | the other. | 0xy wrote: | This is some serious revisionism. Tom Wheeler was | vehemently against NN and even after backflipping refused | to enforce his own standards against ISPs. | | https://www.scientificamerican.com/article/net-neutrality- | ru... | | "The ruling in favor of corporate broadband providers | [...]" | jedberg wrote: | That was Verizon suing the FCC because the FCC put NN in | place. The FCC lost. Wheeler was not their friend. | gigatexal wrote: | Wheeler might have been a plant from Verizon but he didn't | seem to make his benefactors proud: | https://www.google.com/amp/s/www.wired.com/2015/02/fcc- | chair... | 0xy wrote: | He didn't enforce net neutrality even one time, despite | flagrant violations under his tenure. | | You're just posting his marketing speak. Tom Wheeler was | vehemently against net neutrality and spent his entire | career fighting it, both as a lobbyist and as the FCC head. | | https://www.scientificamerican.com/article/net-neutrality- | ru... | bluedays wrote: | How long will it take for this information to mysteriously go | missing? | topspin wrote: | Another "The files were accidentally deleted and the backups | were unrecoverable. So sorry." Yeah. Would be no surprise at | all. | ogre_codes wrote: | > Second, the FCC objects to producing the relevant materials | from the API proxy server log because to do so requires creating | a script, which demands "research" rather than simply a "search." | | Funny how a government agency considers it overly burdensome to | write what is likely a 4 line script, so goes through a lawsuit | that costs taxpayers likely millions of dollars to avoid it. | Unless their infrastructure is well and truly F*ed, this is a | 30-60 minute task for a junior server admin. Most likely they | already ran it and didn't like what it revealed so it's even less | effort. | pc86 wrote: | Don't underestimate the absolutely jaw-dropping incompetence | from even senior "tech" folks employed by governments. | | Within the last couple years, I've overheard senior, so-called | technical government employees 1) complain about Git and wonder | aloud why we weren't using Visual Source Safe; 2) insist that | rotating through a list of 12 hard-coded passwords, in code, | checked into Git, was totally fine; 3) refuse to believe that | automated deployments were possible (not hard, or against | norms, but _physically impossible_ ); 4) try to explain to | another so-called technical gov't employee the difference | between CSS and JavaScript, and get it wrong; 5) stand up in | the middle of a conversation and walk out the door because it's | 2:30 PM and their day is over; 6) even more nonsense you | wouldn't believe if I showed you a video of it. | | I would hope Federal is a little better than State, but I'm not | convinced. | ogre_codes wrote: | Regardless of how incompetent they are. Incompetence should | not be the benchmark for which terms like "Reasonable Burden" | are applied against. | nickff wrote: | Each part of the government tends to give a great deal of | deference to the other parts of the government. | na85 wrote: | >Don't underestimate the absolutely jaw-dropping incompetence | from even senior "tech" folks employed by governments. | | When I was in training with the RCAF, I was in lecture where | the Information Systems Security Officer (i.e. the senior | most infosec person at this base of 6-8000 people) told us | about a time where "two guys were emailing back and forth and | just picked up a virus". | | I made the mistake of pointing out that that's not really how | computers work, i.e. an email can't just pick up a virus in | transit like a dog picks up a tick. | | I learned two lessons that day: | | 1. Militaries don't like it when people stand out | | 2. Governments are fundamentally incompetent | fedthrowaway wrote: | Throwaway account because I still work this job. | | > Don't underestimate the absolutely jaw-dropping | incompetence from even senior "tech" folks employed by | governments. | | 100% agree. Except each agency can significantly change on | this. Some agencies (DEA, USCIS) can and are completely | competent. I've seen then turn around on certain moderately | complex tasks within hours. | | Then you have the idiots at HISN and VA that takes a year for | even basic one-way integration. Or, they will argue with you | how SAML works (or doesnt) for weeks at a time. | | > 1) complain about Git and wonder aloud why we weren't using | Visual Source Safe; | | Ah so you were talking with their developers. Sounds DoD'ish | as that's what they use, along with Firebird. | | > 2) insist that rotating through a list of 12 hard-coded | passwords, in code, checked into Git, was totally fine; | | Ive dealt with network infrastructure entities that did | similar for the commercial side of things. I wish it were the | "OMG" exception. There's more terrible out there than this, | admittedly. | | > 3) refuse to believe that automated deployments were | possible (not hard, or against norms, but physically | impossible); | | Well, they _ARE_ impossible by policy. FedRAMP and FISMA | requires manual and intentional deployments. Of course we all | know that this is the norm for a software SaaS company - but | its not the norm when you have to go through a VPN with a CAC | or PIV card, and then another VPN to either the testnet or | prodnet... And the only software support for both are | Windows. (And the VPNs will also kick you out if you 're not | running windows.) | | > 4) try to explain to another so-called technical gov't | employee the difference between CSS and JavaScript, and get | it wrong; | | I've had screaming fights break out in calls when technical | issues came up like this. And usually its the single real | employee screaming at the legions of 3rd party contractors. | And also, Snowden was correct in that 95% of the "government | employees" aren't. They are contractors working for Accenture | or the host of other Gino (govt in name only) employees. They | don't get govt benefits, nor do they have whistleblower | protections. Snowden in Hawaii was such a 3rd party govt | employee. | | I have only ran across 1 fed employee (contractor or real) | that was in any way and shape competent. | | > 5) stand up in the middle of a conversation and walk out | the door because it's 2:30 PM and their day is over; | | I get your point. But it's usually 4p. Ive also seen | government employees (employed by the local/state/fed) get in | trouble for working non-critical issues outside their hours. | | > 6) even more nonsense you wouldn't believe if I showed you | a video of it. | | One thing I've learned is that there is almost always a | reason (and a decent one too) of why there is a rule. It's | because someone previously abused something, or did something | that broke stuff, and the new rule is the usual | overcompensation so that anybody in power can claim "They | didnt follow our rules, which protect against that." And | remember, it's not far up the foodchain to an elected | official. | | But yeah, there's absolutely crazy shit out there, especially | in the fed side of things. And much of it is for complete | show. One such tempest in a teacup issue is the _new_ (as of | 2017) NIST password guidelines: not a single fed has | implemented them. They still enforce the old and terrible | ruleset. | goostavos wrote: | Number 5 sounds kind of nice, actually. | | I worked with Federal briefly. I was at a startup at the | time, and we had this integration with the Dept. Homeland | Security. I was young and stoked. I was the one who was going | to wire everything together. It seemed really big and | important. I thought it'd be a gold star on my resume. | | Reality was super disappointing. So much "we're working on a | document for when we can give a date for a date on another | document" kind of bureaucracy. I'm sure down in the deep | cores of these agencies there are super bright and talented | people. The ones at the edges, though.. the problem seems to | be that you have to be more of a politician than an engineer | to actually get anything done. | shrimp_emoji wrote: | >seems to be that you have to be more of a politician than | an engineer to actually get anything done. | | In Red Mars, they try to colonize Mars. At first, the | challenges are completely technical, and the engineers | prevail. But the success is chased by increasing | bureaucracy and involvement of stakeholders, and it quickly | becomes all politics. c: | JaimeThompson wrote: | To be fair I know of people in private industry who have said | some of the exact same things. It isn't limited to just | government employees. | pc86 wrote: | If you work for a modern software company (not a service | company that sells software), and you honestly suggest | Visual Source Safe, you'll get fired. There's just no | reasonably intelligent reason to suggest it. | | You practically have to assault someone in the break room | to get fired from a government job. | JeremyNT wrote: | But if your org is using $oldtech and some new person | comes in recommending $newtech, you'll be in great | company if you argue that $newtech sucks and you wish you | could just keep using $oldtech. | | Organizational inertia is definitely a thing, and | technology trends do not move as quickly in all sectors. | ikeboy wrote: | This is a technical legal point. You can be forced to produce | information you have, but generally not to create new | information. | ogre_codes wrote: | They are arguing that finding data that's in log files is | creating new data (because they have to write a script to | parse it) which is specious. Logs are _designed_ to be parsed | and searched. You might as well claim that running an SQL | script to query data is creating new information. | sl1ck731 wrote: | That is true but more likely they try to push back against | every request that isn't simply zip up files or documents | and deposit them. | | They are using the "defense" that it may be difficult to | do, but their aim (avoiding the more sinister | possibilities) is to stop precedent for other unwieldy | requests. | colejohnson66 wrote: | Well, if we're following that logic, then anytime data is | moved from a disk to ram, we're "creating new data." Well, | yes, it wasn't there before, so it's "new data," but it's | also a _copy_ of old data. | kortilla wrote: | > Logs are designed to be parsed and searched | | You've never dealt with a bad log setup. Things I've seen: | | - inconsistent format depending on which part of the | software was logging (think of some modules using logging | lib and others using print()) | | - multiline logs without any indication they are multiline | | - logs in some dumb binary format that requires the | original software to reverse into legible text | | There are more, but the point is that logs are not often | designed to be parsed and searched. They are normally added | by developers to be human readable means of reversing | internal state to debug issues. Anything above that is | (shockingly) bonus material that doesn't make it into home- | grown enterprise/govt software. | ogre_codes wrote: | > You've never dealt with a bad log setup. Things I've | seen: | | I'm not sure how this is relevant. I've seen miles of | incompetence in my career, that someone can fudge | something up royally doesn't change the fundamental | purpose of the thing. The point of log files is to store | and make retrievable data about server state and actions | over time. That someone somewhere can screw that up | doesn't change that. | | In this particular case, I find it unlikely they rolled | some custom bizarro log file format regardless because of | the nature of the subject matter: Proxy server log files. | It's unlikely they rolled their own proxy server (and | they certainly don't imply any particular difficulties | like that in court statements) so we're most likely | talking about reading standard Apache logs or something | similar. | vageli wrote: | They have the information (note that they did not contest | that point), the script would presumably allow them to | surface that information more quickly. | zelon88 wrote: | Technically you can open that logfile in Notepad and Ctrl+F | the thing. If I was the judge and you pulled that argument | someone at your agency would now be using that method instead | of "researching" a grep query. ___________________________________________________________________ (page generated 2020-05-04 23:00 UTC)