'Oversight' Hearing Fails Utterly To Hold FCC Accountable For Lying To Congress About Fake DDOS Attack

from the ill-communication dept

FCC "oversight" hearings continue to be comically lacking in the actual oversight department. As we noted previously, today was Congress' opportunity to hold the FCC and agency head Ajit Pai accountable for making up a DDOS attack and then lying (repeatedly) about it to the press, FBI investigators, and Congress. As we've previously stated, both e-mails obtained via FOIA and an FCC Inspector General report (pdf) found that the FCC bizarrely made up a DDOS attack to try and explain away the fact that John Oliver viewers pissed about the net neutrality repeal crashed the FCC comment system.

The IG's report and internal e-mails clearly illustrate that not only did FCC CIO make up a DDOS, but several FCC staffers then misled Congress repeatedly about the total lack of evidence supporting that claim. The false statements were bad enough to warrant them being forwarded to the DOJ, which refused to prosecute anyone. But the e-mails also highlight how the FCC's press office repeatedly misled numerous press outlets, and even went so far as to issue statements denigrating reporters like Gizmodo's Dell Cameron for being "irresponsible" as they slowly uncovered the fake claims.

In a functional democracy, this is the sort of thing that would be covered extensively at a hearing purportedly designed specifically to hold the FCC accountable to Congress and the public. In said fictional healthy democracy, Congress might even, you know, actually do something about it.

But today's hearing was little more than a joke, rife with lots of giggling, football references, and numerous softball questions -- but few if any hard inquiries about the DDOS attack that wasn't. The closest thing Pai experienced to actually being pressured came from Senator Brian Schatz. But when pressed as to what he knew and when, Pai again threw his employees under the bus, denying that he had any knowledge of or role in the FCC's efforts to mislead Congress and public. The exchange is here for those interested:

In the exchange, Pai said he suspected there was no foul play from the beginning and that the "DDOS" was just the John Oliver effect. When pressed as to why Pai didn't do more to correct the false claims earlier, Pai said he "wanted you to get this information sooner" but remained quiet at the behest of the FCC IG (which has yet to respond to press inquiry). "I made the judgment that we had to adhere to the [IG's] request," claimed Pai, "even though I knew we would be falsely attacked for having done something inappropriate,” Pai said. “The story in this report vindicated my position."

Except the IG's report doesn't vindicate Pai's position, and somebody at the hearing should have pointed that out. In fact, the IG's report shows that it wasn't just the FCC CIO that had been making false DDOS claims for the better part of the last year. There's ample evidence, had anybody on the oversight committee actually wanted to press the issue, that numerous FCC employees repeatedly and intentionally doubled down on claims Pai now claims he knew weren't true.

For example, the IG report found that at least three staffers provided false statements to not only Congress, but also to FBI investigators trying to determine the scope of the alleged attack. And throughout the inquiry Pai's press shop issued statements attacking press outlets for being "irresponsible" simply for reporting the fact there was no evidence or "analysis" to support the FCC's allegation:

"The FCC has never stated that it lacks any documentation of this DDoS attack itself," the agency states. "And news reports claiming that the Commission has said this are without any basis and completely irresponsible. In fact, we have voluminous documentation of this attack in the form of logs collected by our commercial cloud partners."

But none of that was true. There was no DDOS attack and there was no evidence, "voluminous" or otherwise. Again, there's every indication that the FCC doubled down on the fake DDOS claim because it wanted to downplay media reports showing that millions of Americans were pissed about the death of net neutrality (it wasn't public outrage, we were attacked!). It's the same reason why the FCC refused to do anything about the bogus comments that plagued the repeal's net neutrality comment period: it wanted to push the Trumpian narrative that the massive public anger over the attack net neutrality wasn't real.

The fact that Pai's press shop was actively spreading false statements and maligning reporters makes it pretty obvious that Pai actively participated in or was at least aware of the FCC's head fake. But at no point during the "oversight" hearing was this avenue of inquiry pursued. Instead, users who tuned in for a reckoning got to enjoy Ted Cruz once again misrepresenting what net neutrality was, and gushing missives from telecom-sector allies like Senator John Thune on Pai's (artificial) love and adoration of neglected rural broadband markets.

Aside from the fake DDOS attack, the hearing was yet another missed opportunity to seriously hold the FCC to account on a number of issues, including making up data and ignoring the public in the rush to repeal net neutrality, gutting funding for rural broadband, eroding consumer privacy protections, killing efforts to improve cable box competition, propping up predatory prison telco monopolies and every other little anti-consumer, pet project Ajit Pai has embraced as leader of the agency. But instead of "oversight," users that tuned in this morning got something that looked much more like a bipartisan game of patty cake.

Filed Under: ajit pai, brian shatz, david bray, ddos, fcc, john oliver, lies, oversight, senate, ted cruz

On Thursday, Ajit Pai Has To Explain Why His FCC Made Up A DDOS Attack And Lied To Congress

from the getcha-popcorn-ready dept

So FCC boss Ajit Pai will need to don some tap-dancing shoes this Thursday, when he'll be forced to explain to a Senate oversight committee why his agency not only made up a DDOS attack, but lied repeatedly to the press and Congress about it.

As we recently noted, e-mails obtained by FOIA request have proven that the FCC completely made up a DDOS attack in a bizarre bid to downplay the fact that John Oliver's bit on net neutrality crashed the agency website last year. A subsequent investigation by the FCC Inspector General confirmed those findings, showing not only that no attack took place, but that numerous FCC staffers misled both Congress and the media when asked about it.

Pai initially tried to get out ahead of the scandal and IG report by issuing a statement that threw his employees under the bus while playing dumb. According to Pai's pre-emptive statement, the entire scandal was the fault of the FCC's since-departed CIO and other employees who mysteriously failed to alert him that this entire shitshow was occurring (you can just smell the ethical leadership here):

"I am deeply disappointed that the FCC’s former Chief Information Officer (CIO), who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people. This is completely unacceptable. I’m also disappointed that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn’t feel comfortable communicating their concerns to me or my office."

There's several problems with Pai's statement. One, while FCC CIO David Bray was hired by the Obama-era FCC, he remained employed (and spreading the false DDOS attack) well through last year under Pai's "leadership." Two, the FCC IG found that Bray and several other employees had not only been circulating the false DDOS report to reporters, but had repeatedly misled Congress (again under Pai's watch). The lies of three FCC employees to Congress were deemed severe enough that they were reported to the DOJ, which refused to prosecute anybody (I'm sure you and I would have been granted the same benefit of the doubt).

That Pai had no idea that any of this was happening is a pretty big stretch, especially considering that the FCC continues to block FOIA requests for certain e-mail exchanges related to the stupid affair. As such, when Pai appears before a Senate oversight committee on Thursday, the big question is going to be: just how long did Pai know that his staff was actively misleading Congress in numerous back and forth letter exchanges on the subject?

The other major problem, and it's one you'd hope lawmakers at the hearing address, is that Pai's claim that this was all the fault of rogue employees doesn't gel with the fact that Pai's press shop was actively misleading and denigrating reporters throughout this whole affair. For example, when the press began digging into the agency's shaky claims, Pai's FCC thought it would be a good idea to send a prickly statement to numerous media outlets. That statement not only tried to claim reporters were "irresponsible" simply for trying to clear up the matter, but that the FCC had "voluminous documentation" proving the DDOS attack occurred:

"The FCC has never stated that it lacks any documentation of this DDoS attack itself," the agency states. "And news reports claiming that the Commission has said this are without any basis and completely irresponsible. In fact, we have voluminous documentation of this attack in the form of logs collected by our commercial cloud partners."

Outside of the first sentence, nothing in that official FCC statement is true. So again, the idea that Pai knew nothing at all about this mess is hard to believe. Especially given that his own press shop and numerous employees were busy lying to Congress and denigrating reporters simply for getting to the truth. Pai's explanation for this should make for good television, whether or not Congress grows a spine and actually holds Pai's feet to the fire.

If you've watched Pai's FCC work, it seems pretty clear at this point that the nonexistent DDOS attack, much like the FCC's refusal to address bogus comments during the net neutrality public comment period, are all part of the same effort: doing everything possible try and downplay the scope and importance of the massive, unprecedented public opposition to Pai's historically unpopular policies.

You'd like to think there's something vaguely resembling accountability at the end of this story. At the very least, it's likely that the bogus DDOS attack and fake comments will be playing starring roles during the upcoming net neutrality hearings, where all of this can be used to add context to the FCC's rushed, facts-optional efforts to repeal net neutrality exclusively at broadband monopolies' behest.

Filed Under: ajit pai, congress, david bray, ddos, fcc, john oliver, lies

Ajit Pai Throws His Employees Under The Bus After Investigation Proves FCC Made Up DDOS Attack

from the ill-communication dept

You might recall that when HBO comedian John Oliver originally tackled net neutrality on his show in 2014, the FCC website crashed under the load of concerned consumers eager to support the creation of net neutrality rules. When Oliver revisited the topic last May to discuss FCC boss Ajit Pai's myopic plan to kill those same rules, the FCC website crashed under the load a second time. That's not a particular shock; given the massive public opposition to the repeal, and an FCC website that's never been accused of being cutting edge.

But things then got a bit weird. After the second attack last year, since-departed FCC Chief Information Officer David Bray issued a statement (pdf) claiming that FCC analysis showed the FCC had been the target of a DDOS attack by "external actors":

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC."

But the FCC's claims were seen as suspect by numerous security experts, who say the crash showed none of the usual telltale signs of an actual DDOS. Journalists then discovered the "analysis" the FCC supposedly conducted never actually took place. When media outlets began reporting that the FCC actually had zero evidence to support the DDOS claim, the FCC issued a punchy statement to multiple outlets accusing Gizmodo reporter Dell Cameron (who broke the story) of being "completely irresponsible":

"The FCC has never stated that it lacks any documentation of this DDoS attack itself. And news reports claiming that the Commission has said this are without any basis and completely irresponsible. In fact, we have voluminous documentation of this attack in the form of logs collected by our commercial cloud partners."

No evidence was ever provided to journalists or lawmakers that pressured the agency for hard data proving the claims. Because, we now know, no such evidence ever actually existed because no DDOS attack actually took place.

Eventually, e-mails obtained via FOIA request made it clear that the FCC CIO either made up the DDOS attack or misinterpreted legitimate Oliver viewer traffic as a malicious act. But those e-mails also made clear that Pai's FCC then pushed the DDOS attack narrative to numerous tech reporters, apparently in a bid to try and downplay the public's massive opposition to Pai's controversial policies. This act was only compounded by the FCC's refusal to seriously address the identity theft and fraud that polluted the repeal's comment period, the only real time consumers had a chance to have their voices heard.

Fast forward to this week. After a lengthy investigation into the whole idiotic affair, the FCC's Inspector General has released a report (pdf) again making it very clear that the FCC not only made up the DDOS attack, but repeatedly misled Congress when asked about it. The report notes how the FCC under Pai's watch "misrepresented facts and provided misleading responses to Congressional inquiries related to this incident," and that investigators were unable "to identify any evidence that FCC staff or contractors analyzed server logs or conducted any substantive analysis."

The FCC IG report notes that some of these false claims several FCC staffers made to Congress were passed on to the DOJ for an additional investigation, but the DOJ has thus far declined to follow through. The fact the press was also routinely misled (as discovered in FOIA-obtained e-mails) and fed false statements doesn't appear to have warranted much concern in the report.

Hoping to get out ahead of the pretty damning investigation, Ajit Pai issued a statement before the report was released throwing everybody but himself under the bus for the DDOS attack that wasn't:

"I am deeply disappointed that the FCC’s former Chief Information Officer (CIO), who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people. This is completely unacceptable. I’m also disappointed that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn’t feel comfortable communicating their concerns to me or my office.

If you're a kid just making your way into this brave, weird, world, blaming all of your employees is not what actual leadership looks like. You'll also be shocked to learn that Pai, who harbors post-FCC political ambitions, isn't being particularly truthful.

For one, Bray was hired under Wheeler but still served as Pai's CIO for a notable chunk of his early tenure, making his claims Pai's responsibility. Two, former FCC boss Tom Wheeler acknowledged recently he didn't believe the DDOS claim, yet Pai not only did -- but had PR staff double down on the claims. Pai also just floats over the fact that his office not only misled Congress, but repeatedly sold the DDOS claim to reporters as part of a bizarre bid to downplay public opposition. In reality, it now seems obvious Pai's FCC just didn't like the narrative of "millions of people are angry at the FCC for bad policy" that was bouncing around the media thanks to John Oliver, and thought doubling down on bullshit was an ingenious PR countermeasure.

In a statement of her own, Pai's fellow Commissioner Jessica Rosenworcel got more to the point:

"The Inspector General Report tells us what we knew all along: the FCC’s claim that it was the victim of a DDoS attack during the net neutrality proceeding is bogus. What happened instead is obvious—millions of Americans overwhelmed our online system because they wanted to tell us how important internet openness is to them and how distressed they were to see the FCC roll back their rights. It’s unfortunate that this agency’s energy and resources needed to be spent debunking this implausible claim."

And in a statement to Gizmodo Senator Ron Wyden was blunter still:

"This report shows that the American people were deceived by the FCC and Chairman Pai as they went about doing the bidding of Big Cable. It appears that maintaining a bogus story about a cyberattack was convenient cover to ignore the voices of millions of people who were fighting to protect a free and open internet. Americans face higher prices for streaming services and other content as a result of Chairman Pai’s repeal of net neutrality protections, and it’s going to sting even worse knowing they were lied to about it by their government. The fact that Chairman Pai and the FCC came clean only after their story was debunked by the inspector general is disappointing, but it’s sadly unsurprising in this administration."

We'll see if anything even vaguely resembling accountability stems from the FCC's repeated efforts to mislead the press and public on this subject. And you can be sure this and the fake comments scandal will be popping up in the looming court fight over net neutrality. If nothing else, Pai's providing everybody with a stellar example of what ethical leadership doesn't look like, in case you needed yet another demonstration in 2018.

Filed Under: ajit pai, david bray, ddoc, fcc, made up

Oddly The Trump FCC Doesn't Much Want To Talk About Why It Made Up A DDOS Attack

from the radio-silent dept

We've discussed for a while how the FCC appears to have completely made up a DDOS attack in a bizarre effort to downplay the "John Oliver effect." You'll recall that both times the HBO Comedian did a bit on net neutrality (here's the first and the second), the resulting consumer outrage crashed the FCC website. And while the FCC tried to repeatedly conflate genuine consumer outrage with a malicious attack, they just as routinely failed to provide any hard evidence supporting their allegations, resulting in growing skepticism over whether the FCC was telling the truth.

Last week, e-mails obtained via FOIA request revealed that yes, FCC staffers routinely misled journalists in order to prop up this flimsy narrative, apparently in the belief they could conflate consumer outrage with criminal activity. The motive? It was likely for the same reason the FCC refused to do anything about the identity theft and bogus comments we witnessed during the repeal's open comment period: they wanted to try and downplay the massive, bipartisan public opposition to what the lion's share of Americans thought was an idiotic, corruption-fueled repeal of popular consumer protections.

Understandably with so much going on, the story floated semi-quietly under the cacophony of other national outrages. But the FCC's response to the story has proven to be somewhat comical all the same.

One of the FCC staffers accused of making false statements about the DDOS attack was recently departed FCC IT chief David Bray. Original reports stated that Bray and other staffers had been feeding this flimsy DDOS narrative to gullible reporters for years, then pointing to these inaccurate stories as "proof" the nonexistent attack occurred. Under fire in the wake of last week's report, Bray first doubled down on his claims, adding that the 2014 "attack" hadn't been publicized because former FCC boss Tom Wheeler covered it up. But Wheeler himself subsequently stated in a report late last week that this was unequivocally false:

"When I was in the greenroom waiting to come in here, I got an email from David Bray, who said 'I never said that you told us not to talk about this and to cover up,' which was the term that got used. Which of course is logical, because as the Gizmodo article that you referenced pointed out, A) FCC officials who were there at the time said it didn’t happen, [and] B) the independent IT contractors that were hired said it didn’t happen. So if it didn’t happen it’s hard to have a cover up for something that didn’t happen."

Since this story was first published, the Trump FCC (which you'll recall bragged it would be super transparent) has gone radio silent about the story. Multiple requests for comment from numerous news outlets have been ignored since the story broke:

"The FCC has gone dark on this issue. It is refusing to answer questions from reporters. It is even refusing to go on the record to say it stands by its own story about a malicious cyberattack causing its system to crash for a second time last year....(FCC media relations contact Brian Hart) did not respond to multiple follow ups. In fact, his office has not responded to related inquiries for the past eight days. And not just from Gizmodo; it did not respond to Newsweek nor Ars Technica either. When somehow reached by Nextgov, it declined to say anything at all.

It's understandable the FCC doesn't want to chat about why it's withholding data and repeatedly making false statements (pdf) to the press and public, especially given the GAO is currently investigating this whole kerfuffle. Between this and the identity theft and comment fraud during the net neutrality repeal's public comment period, one gets the aching suspicion there's a few additional layers to this story that have yet to be unearthed. Both issues may also make an appearance during legal efforts to get popular net neutrality rules restored.

Filed Under: ajit pai, david bray, ddos, fcc, john oliver, lies

E-Mails Show FCC Made Up DDOS Attack To Downplay The 'John Oliver Effect'

from the disinformation-nation dept

You might remember that when HBO comedian John Oliver originally tackled net neutrality on his show in 2014, the FCC website crashed under the load of concerned consumers eager to support the creation of net neutrality rules. When Oliver revisited the topic last May to discuss Trump FCC boss Ajit Pai's myopic plan to kill those same rules, the FCC website crashed under the load a second time. That's not a particular shock; the FCC's website has long been seen as an outdated relic from the wayback times of Netscape, hit counters, and awful MIDI music.

But then something weird happened. In the midst of all the media attention Oliver was receiving for his segment, the FCC issued a statement (pdf) by former FCC Chief Information Officer David Bray, claiming that comprehensive FCC "analysis" indicated that it was a malicious DDoS attack, not angry net neutrality supporters, that brought the agency's website to its knees:

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC."

But the FCC's claims were seen as suspect by numerous security experts, who say the crash showed none of the usual telltale signs of an actual DDOS. And reports subsequently emerged indicating that the "analysis" the FCC supposedly conducted never actually occurred. When media outlets began noticing that something fishy was going on, the Trump FCC issued a punchy statement accusing the media of being "completely irresponsible." No evidence was ever provided to journalists or lawmakers that pressured the agency for hard data proving the claims.

Fast forward to this week, and new internal FCC e-mails obtained via FOIA request show that yes, the FCC did routinely try to mislead the public and the press with repeated claims of DDOS attacks that never actually happened:

"The FCC has been unwilling or unable to produce any evidence an attack occurred—not to the reporters who’ve requested and even sued over it, and not to U.S. lawmakers who’ve demanded to see it. Instead, the agency conducted a quiet campaign to bolster its cyberattack story with the aid of friendly and easily duped reporters, chiefly by spreading word of an earlier cyberattack that its own security staff say never happened."

The story is worth a read, and highlights how former FCC CIO David Bray and FCC media relations head Mark Wigfield repeatedly fed false information about the nonexistent attack to reporters, then used those (incorrect) stories to further prop up their flimsy claims about the DDOS:

"Bray is not the only FCC official last year to push dubious accounts to reporters. Mark Wigfield, the FCC’s deputy director of media relations, told Politico: “there were similar DDoS attacks back in 2014 right after the Jon Oliver [sic] episode.” According to emails between Bray and FedScoop, the FCC’s Office of Media Relations likewise fed cooked-up details about an unverified cyberattack to the Wall Street Journal.

The Journal apparently swallowed the FCC’s revised history of the incident, reporting that the agency “also revealed that the 2014 show had been followed by DDoS attacks too,” as if it were a fact that had been concealed for several years. After it was published, the Journal’s article, authored by tech reporter John McKinnon, was forwarded by Bray to reporters at other outlets and portrayed as a factual telling of events. Bray also emailed the story to several private citizens who had contacted the FCC with questions and concerns about the comment system’s issues."

The story isn't going to get much mainstream traction thanks to numerous other instances of cultural idiocy we're all currently soaking in, but it's fairly amazing all the same. In short, the FCC appears to have completely concocted a fake DDOS attack in a ham-fisted effort to try and downplay the massive public opposition to its extremely-unpopular policies.

Of course that's pretty standard behavior for an agency that also blocked a law enforcement inquiry into fraud during the public comment period, likely also an effort to downplay massive public opposition to the repeal. It's also pretty standard behavior from a Trump administration that enjoys using bullshit to distract from the fact that countless policies (like repealing net neutrality) run in stark, violent contrast to the admin's "populist" election message.

This isn't likely to be the end of this story, and more details are likely to surface in the looming lawsuits against the FCC attempting to restore net neutrality.

Filed Under: ajit pai, david bray, ddos, fcc, john oliver, lies, net neutrality, public comments