This is definitely a touchy subject. As the article notes, this will remove the privacy from all people who commented on net neutrality, but it will also allow 2 NYTimes reporters to try to figure out why there were fake comments that led to the loss of neutrality for the people.
The separate question that still needs to be figured out, is who is going to be penalized for lying to the american people and taking away their freedoms [1]?
> The FCC argued in court that making the millions of IP addresses contained in the logs publicly accessible would constitute an “unwarranted invasion of personal privacy.” And while [Judge Schofield] didn’t entirely disagree, she said the agency had failed to adequately spell out how anyone would be harmed by the disclosure.
> Regardless, Schofield said she also decided to weigh any hypothetical harm against the potential value of the information to the public. “In this case, the public interest in disclosure is great because the importance of the comment process to agency rulemaking is great,” she said, adding: “If genuine public comment is drowned out by a fraudulent facsimile, then the notice-and-comment process has failed.”
The judge also wrote that:
> ...despite the privacy concerns raised by the agency, releasing the logs may help clarify whether fraudulent activity interfered with the comment period, as well as whether the agency’s decision-making process is “vulnerable to corruption.”
I’m a bit confused about the privacy issue here. Isn’t the (alleged) commenter’s full name and address published along with their comment in the public filing? If the commenter’s address is already published what other information can be gleaned from their IP address? Is the fear that someone could use it to piece together a person’s web history?
The New York times isn't seeking the name or address in their request, just some other metadata about each comment including the IP and user agent header.
Edit: upon reading more, now I'm not sure if the NYT already has the names and addresses and is just seeking the metadata or if they don't need that data to do their analysis. Your guess might have been right, the ruling is unclear.
> The New York times isn't seeking the name or address in their request, just some other metadata about each comment including the IP and user agent header.
The point of the person you're responding to is that the NYT doesn't need to seek names or addresses, because they're already public information. Anyone can go look up the docket and see them[1].
So, their argument I believe is that, given that the names and addresses of the filers of comments are already publicly available, what further privacy concern is there in releasing IP address information?
And there might be one. IP address & UA might further allow me to correlate the user's activity elsewhere; some comments didn't submit names or addresses — IIRC these were "required" but some people filled in the fields with things like "none".
There were also allegations that the names of some comments were falsified on comments not in favor of net neutrality. IP address information might lend evidence to or against those allegations.
Exactly; I was on that list and looked at the db during the intial controversy. I looked up some of my neighbours, and it was clear to me they had no obvious connection to the issue, and had in fact very similar or exact things to say, as I recall. I took it at the time to mean they had gave someone a proxy to speak for them, maybe some business or political group.
This is really great news and I admire the judge's dedication to truth and justice. It makes me wonder how much pressure the judge recieved behind-the-scenes before making this ruling. Excited to see how this develops. Unfortunately I suspect the answer is probably more mundane than anything; e.g. the comments were from a botnet which the FCC lacks technical competence to deal with.
What’s crazy is if you own the ISP (who generally wants to repeal net neutrality) you already know which names are associated with each IP as well as other information since you looked up their credit score among other things.
It would make the ip address information useless. What they probably want to do is figure out how many comments came from the same network blocks that were allocated to organizations (to detect large numbers of fake comments). If you hash the ip addresses you can't figure out which ones came from the same network allocation, the most you could do is figure out which comments came from identical ip addresses.
I don’t think this is actually much of a privacy change. Here’s what you agree to when you submit a comment:
> Any comments that you submit to the FCC on a proposed rulemaking, petition, or other document for which public comment is requested will be made public, including any personally identifiable information you include in your submission. We may share non-personally identifiable information with others, including the public, in aggregated form, in partial or edited form, or verbatim.
> including any personally identifiable information you include in your submission
Wording here is a little ambiguous. As a techie, it's pretty easy to make an argument that the IP address is something I "included" in the submission (it's part of the packets my computer is sending on my behalf), but I'm not sure the average person would read it that way, instead interpreting it as pertaining only to information they explicitly typed into a text box.
Yes, but even in that case how much does it change matters to go from your name, city, state, zip code, email address, etc. to include an IP? I mean, a data miner might be able to tell if you were posting from a house which isn’t yours or using your employer’s network but the entered PII is enough to uniquely identify a large number of people.
The original title is "Judge Orders FCC to Hand Over IP Addresses Linked to Fake Net Neutrality Comments"! Removing "Fake" makes it sound like a completely different thing.
This was probably done because of the (draconian) character limit imposed by HN on post titles... If it was me I would have removed the middle "e" in Addresses to comply.... aka Addrsses
Certainly it's not _completely_ different, though it does largely neuter the editorializing that is a main point of the article.
What really happened here is a judge orders an agency to comply with the freedom of information act because the agency had not made a sufficient case that it was exempted from doing so in this instance. Doesn't address who is right about the "fakeness" question.
What bugs me the most is that the government either doesn't really want to know who's interfering with the democratic process or they know and they're not telling us.
The former implies extreme ignorance, the later implies agency capture to the point the FCC is no longer a public institution.
I seem to recall at the time some pretty clear signaling from Pai and the FCC that their decisions were really not going to be influenced by the comments no matter what they contained.
His smug demeanor while talking about reading the support for no Net Neutrality seemed like a victory lap for getting away with short circuiting the system. He should be put on trial and his emails and texts should be admissible evidence.
As a reminder: the overwhelming public opinion and media coverage was on outrage over the fraudulent comments prior to Pai announcing that the public had shown support for ending Net Neutrality. That alone should be grounds for having him tried. At what point can you no longer legally get away with malicious lying for profit? I think he crossed that line, which is impressive.
A former Verizon lawyer received unanimous Senate support for an FCC position back when Obama was president. That's what set this all up, I blame both parties for exactly what they did.
You can't put industry insiders into top regulatory positions of the very industries they work for, you have to be a drooling moron to not see why that's a bad idea, much less unethical. The fact that both parties are okay with it should speak volumes.
It's already been discovered that fake comments were generated using personal information found in data breaches. I've lost hope of anybody being held responsible for this obvious fraud.
Sure, but it’s much more difficult to mass fake IPs for said comments. Which is why this is an important decision. Sure the ISPs could probably pull logs for who said what when, but those IPs won’t even be relevant to their current owners. Anyone mass gaming the comment system, even if using stolen identities, were not going to take the time to post each comment from an individual and unique IP address.
I remember that there were websites that allowed users to comment on NN that had pre-made comments already completed. The user only needed to enter a valid email address and could then forward the comment to the FCC or erase and put in their comment in their own words. I could see how this would look like obvious spam if users did not take the time to modify the form into their own thoughts. This shall be very interesting indeed. Pass the popcorn.
Which doesn't make much sense, because the arguments are used in the decision making process, not the number of comments. This wasn't some kind of vote where you could stuff the ballot box, this was somewhere that you could flag items of concern.
We all know that anyone could fake an IP address, as well. It would take little thought to spam a bunch of nonsense through a random proxy via a script. But, just like every other kind of spam, it would just get ignored by the recipient.
They were looking for legal arguments made by people regarding their plans, not public support. So, screw the spammers, but it's really weird that this is being made into such a huge deal. This isn't a vote, there's no ballot box to stuff. And even in the off chance a Russian made some good legal point about net neutrality, why would that be a bad thing?
Meanwhile, for those following the Russia stories, there's been huge news in the Flynn case, but I see almost no coverage. Well, we'll have to see how it plays out, sure, but the radio silence is just weird.
Yes, public comment like this is an ordinary part of their rulemaking. You can see something similar if you read, e.g. the responses to requests for DMCA exceptions from the Library of Congress. It may seem weird, but plenty of interested parties have lawyers bring up whatever legal points they wish to raise.
But that's also why I don't see them paying attention to the wishes of the general public at all. Most of us aren't lawyers and unless we raise some legal point, nothing we say actually matters to them at all. I think it's pretty clear that they went ahead with plans they had from the start.
So whether or not Russians or other foreigners commented in a web form open to the world or not, I don't see it as having mattered one bit.
No matter which side you believe, you can expect there to be Russian IP addresses on there. It was an open web form, anyone could leave a comment. Anyone could find a proxy if they were so inclined. I suspect lots of random foreigners would've commented and I don't think any of it mattered one bit, despite the constant protestations that foreigners making online comments about matters of international importance is something to fear for reasons that have never quite been made clear.
But apparently spamming a web form with pointless comments is really important to some people because it proves... something?
Friendly reminder that there were massive bot compaigns on both sides of the issue. https://archive.fo/sp9Q7 this WSJ article found thousands of people that said they never posted the comments attributed to them.
>One 369-word comment supporting the Obama-era net-neutrality rules was posted on the FCC website more than 300,000 times. One of those was attributed to Gloria Burney, 87, a retired speech therapist in Los Angeles. She isn’t in favor of repealing those rules, she said, “but I never wrote that.”
A comment from “Elzor The Blarghmaster” at 9632 Elm Road, Maywood, Ill., was among the 818,000 identical FCC comments backing the Trump policy. No such address could be found, said Jimmie Thompson, a U.S. Postal Service carrier in Maywood.
If you've got the impression that the bot compaigns were only from one side, you've just been misled by biased media like OP, which links to prior coverage of one company and doesn't bother to tell you about the broader picture.
I don't think the evidence you've posted supports that there were massive bot campaigns. The popular thesis, which the evidence you've presented is consistent with, is
- the pro-net-neutrality side organized virtual letter-writing campaigns, getting lots of actual human people to send in pre-written messages they agree with but did not author
- the anti-net-neutrality side, unable to find large numbers of actual human people who agreed, used bots to pretend to be lots of people
and therefore, to the underlying question of what policy do more actual human people support, we should disregard many more of the received anti-net-neutrality comments.
Did you read the WSJ article I linked to? It shows plenty of fake comments submitted by the pro-net-neutrality side. Just asserting that it was only one side who resorted to fake comments is an evidence-free position.
I struggle to think how you can characterize 7 million fake comments out of 23 million total that came from a "single fake e-mail generator website" as "the pro-net-neutrality side organized virtual letter-writing campaigns, getting lots of actual human people to send in pre-written messages they agree with but did not author"
I get that this narrative is more comfortable for some to believe, but it's plainly contradicted by the facts.
The claim you made was, "Friendly reminder that there were massive bot compaigns on both sides of the issue."
The claim I made was, "I don't think the evidence you've posted supports that there were massive bot campaigns," bot in italics.
You have now changed your claim to be about "fake comments," independent of bots, which is not what we were talking about. Nor did I claim that it was "only one side who resorted to fake comments" - I said "we should disregard many more of the received anti-net-neutrality comments. I did not say that we should disregard zero received pro-net-neutrality comments. It is certainly true that a nonzero number of comments on both sides were fake comments. The question is whether that's a small number or a large number, and whether the numbers are the same (let alone "massive") on both sides.
The WSJ article you linked to includes evidence that a number of anti-net-neutrality comments were posted by bots - see the paragraphs starting "Chicago programmer..." - and that a number of pro-net-neutrality comments were posted by humans encouraged to send in pre-canned messages. Those are certainly not "bot campaigns." Whether those comments count as "fake comments," whether those comments correspond to a small number of actual humans who were stealing others' identities, whether those comments correspond one-to-one with actual humans who failed to fill in their own contact information, etc. is an interesting question that's worth discussing, but let's settle the claim you originally made, first, that there were "massive bot campaigns on both sides of the issue." Where is the evidence that there was even a single bot campaign - again, emphasis on bot - on the pro-net-neutrality side?
The comment from an FCC spokesman about a "single fake e-mail generator website" refers to fake e-mail addresses (it's a website much like Mailinator). Such addresses could well have been used by real people to send real comments, so this does not necessarily correlate with "fake comments." (For instance, I assume your legal name is not "Ikeboy," so you're using a "fake name" on this website - but that hardly means you're making "fake comments," or that you're part of a bot campaign.)
>Where is the evidence that there was even a single bot campaign - again, emphasis on bot - on the pro-net-neutrality side?
There's plenty:
>One 369-word comment supporting the Obama-era net-neutrality rules was posted on the FCC website more than 300,000 times. One of those was attributed to Gloria Burney, 87, a retired speech therapist in Los Angeles. She isn’t in favor of repealing those rules, she said, “but I never wrote that.”
You presented the "Chicago programmer" analysis as proof of bot activity. In the linked blog post, they say:
>A number of journalists have tried to trace where this message is coming from, and the best guess seems to be the Council for Individual Freedom. This was a mentioned in a recent Gizmodo article, where the organization claimed that they were running an ad campaign that directed users to a form, and they provided a screenshot of that form.
This is the same thing that many of the pro NN organizations were doing. Under what definition are you implying that a single message submitted 300k times wasn't a bot but the other ones discussed are?
Again:
>He said the FCC received more than 7.5 million comments consisting of the same short-form letter supporting the current rules from about 45,000 unique email addresses, “all generated by a single fake e-mail generator website.”
This is on average each email being used over 100 times. You think 7 million Americans:
A. Know how to use email generator websites
B. Decided to all use a particular website
C. Sent the same form letter while using said website and
D. Happened to choose the same name as 100 other people on average?
This is just not a credible claim.
I'm sure you've got a perfectly innocent non-bot explanation for this as well:
>He said the FCC received more than 400,000 comments supporting the old rules “from the same address in Russia.”
> One 369-word comment supporting the Obama-era net-neutrality rules was posted on the FCC website more than 300,000 times. One of those was attributed to Gloria Burney, 87, a retired speech therapist in Los Angeles. She isn’t in favor of repealing those rules, she said, “but I never wrote that.”
This is consistent with my claim: "the pro-net-neutrality side organized virtual letter-writing campaigns, getting lots of actual human people to send in pre-written messages they agree with but did not author."
There is not enough detail in the WSJ article to distinguish between scenario 1, Ms. Burney having clicked on a thing that says "take action now to support net neutrality!" which sent a message under her name that she didn't write and no longer remembers, and scenario 2, Ms. Burney not having been involved at all, not wanting to have submitted a comment, but happening to agree with a message she never submitted. Both are plausible under the evidence, and we know there were sites that let people submit pre-written letters to the FCC and asked only for some contact info. I am claiming that scenario 1 is plausible and nothing in the article contradicts it.
What we know about Ms. Burney is that, first, she's familiar enough with the rules to have an opinion, and second, she "never wrote that." That's exactly what we'd expect from someone who sent in a pre-written comment.
If you want to argue that comments in scenario 1 count as "fake" comments for some reason, sure, we can discuss that, but first let's settle the claim you made, that these were "bot campaigns." Only in scenario 2 could it have been a "bot campaign."
> Under what definition are you implying that a single message submitted 300k times wasn't a bot but the other ones discussed are?
The definition that 300K real human people clicked a form and provided (or at least were directed to provide, and usually did provide) their own contact information, signing a pre-written message that they agreed with but did not author.
> You think 7 million Americans: A. Know how to use email generator websites B. Decided to all use a particular website C. Sent the same form letter while using said website and D. Happened to choose the same name as 100 other people on average?
Yes.
From the evidence we have, we know there were massive organized campaigns to get large numbers of Americans to submit, of their own agency, pre-written letters from the FCC. So it's not merely that it's theoretically possible, we have strong evidence for B and C, at least.
I'd have to dig up the report to see what happened, but a plausible scenario here for A is that one of these campaigns said something like "Your e-mail address will be public record, you may want to generate a throwaway address," and either it linked to this "fake e-mail generator website" or it was first on Google. In turn, for D, it's also entirely plausible that that website uses a low-entropy random email generator, such that it couldn't generate more than 45,000 email addresses and therefore had collisions.
What's your scenario? That a bot generated all these emails and used a third-party e-mail address generator website (instead of, say, generating its own emails)? Did the third-party e-mail address generator website have an API, or did the bot scrape it 45,000 times, decide that that was enough addresses, and then submit seven million comments?
> He said the FCC received more than 400,000 comments supporting the old rules “from the same address in Russia.”
E-mail address? IP address? Mailing address?
In particular, is your claim that a Russian bot campaign sent a bunch of letters to the FCC identifying itself as from Russia, knowing full well that the FCC takes into account only comments from America? How does that make any sense? I don't have an explanation, but I don't think you do, either, and you don't have enough evidence to call it a "bot campaign."
The standard of evidence you're requiring to call something a bot compaign is high enough that nothing counts.
So sure. It's theoretically possible that all the apparent hints of impropriety are just coincidences and lots of people just forgot what they did and so on. But then that goes both ways. It's not like the evidence is significantly stronger on one side or the other; if you're inclined to explain away everything, you can do so.
If you'd like, read my initial comment as saying something more along the lines of "there's some evidence of massive bot compaigns on both sides", or replace that with a weaker claim if you think none of this counts as evidence.
But motivated skepticism of the evidence on one side only doesn't help.
So: what evidence do you see that there was bot behavior on the anti-NN side that's so much stronger than any of the evidence on the other side? Everything I've seen can be easily explained away by the same standards you're applying.
The standard of evidence I'm applying is simply that evidence for X being true must not also be plainly compatible with X being false.
Here, for instance, is some evidence that meets that standard, from that very same article you love:
> He found a near-constant rate—1,000 every 10 minutes—punctuated by periods of zero comments, as if web robots were turning on and off. He determined many were from hacked accounts.
This pattern is either server-side (e.g., a server-side rate limit and an extremely flaky server) or client-side. If it's server-side, we'd expect to find it independent of the contents of the comment, we'd expect to have stories of people being unable to submit comments, etc. Unless we have those stories, then this pattern is plainly incompatible with actual humans submitting comments, even with the aid of some automation or pre-written letters. That is evidence that these comments were almost certainly not from actual humans.
No similarly strong evidence exists on the pro-net-neutrality side. "A bunch of comments claimed an address from Russia" is certainly suspicious and weird, I agree, but it is not plainly incompatible with humans (if it's IP address, bad geolocation; if it's e-mail address, Russian-run mail provider whose accounts are used by Americans; etc.). I am happy to grant with more detail about what's is meant there - which neither the FCC nor the WSJ has provided to us - there may be strong evidence, but it's not there yet with what you've posted.
If you want to revise your initial complaint to "Friendly reminder that some weak evidence exists in favor of small, isolated bot campaigns on the pro-network neutrality side and very large bot campaigns on the anti-network neutrality side, such that if all suspicious comments were disregarded in proportion to their likely untrustworthiness, the overwhelming weight of public sentiment as measured by this exercise would be firmly on the pro-network-neutrality side," then I have no remaining objection.
>Unless we have those stories, then this pattern is plainly incompatible with actual humans submitting comments, even with the aid of some automation or pre-written letters.
A site is set up to collect names for form letters. They don't submit it in real time; instead, they submit it in batches every few minutes.
This is at least as plausible as the various explanations you gave above.
In fact, if you read the linked blog post, they explain that this is how the API worked - you'd upload a CSV and everything would be uploaded in bulk.
And the sizes still don't add up. As mentioned, a single campaign for the pro-NN side had 7 million suspicious comments. That's bigger than any of the alleged bot campaigns on the other side. Overall, there's more suspicious comments for the pro-NN side. Whether the evidence is enough to definitively call them bot campaigns or not, that's still true.
And that's not even addressing the fact that WSJ contacted a portion of those leaving some of the form letters and found that 32% of one pro-NN batch said they never sent anything. The number is higher for the other anti-NN batches they checked, 60-80% range, but that's not the difference between massive and not-massive.
Assuming you trust the WSJ to have conducted the survey in an honest and non-leading manner, but I thought we weren't supposed to be trusting "biased media." The article starts off by portraying net neutrality as "pro-regulation" - I'd imagine a good number of people who are pro-net-neutrality would not have answered yes to, say, "Did you send a letter to the FCC favoring additional regulation on the internet?" despite having done so. We'd need to see exactly what the survey said and how they worded it.
They also haven't given you enough information to know the size of the pro-NN batch they investigated, so we still don't know that it's "massive."
>They also haven't given you enough information to know the size of the pro-NN batch they investigated, so we still don't know that it's "massive."
There's thousands of people who said they didn't leave the respective comments. That's enough to be statistically significant and to extrapolate across the whole sample.
There might be selection bias, as only a small percentage of people responded.
Sure. So how big is that population you can extrapolate over?
The WSJ article is carefully not saying, 32% of people who appear to have left pro-NN comments said they didn't make them. They said 32% of people in this batch did. They didn't say, as far as I can tell, how big the batch is. (Maybe I'm just misreading?)
There's a big difference between "32% of a thousand pro-NN comments are untrustworthy" and "60% of a million anti-NN comments are untrustworthy."
The WSJ, like any MSM outlet, is manipulating you through half-truths. Pay attention.
>There's a big difference between "32% of a thousand pro-NN comments are untrustworthy" and "60% of a million anti-NN comments are untrustworthy."
If you look on the sidebars, they reached thousands of people on both sides that disclaimed the comments left in their name. Given the abysmal response rate, the total size of the batches would have been hundreds of thousands at least for both sides.
>The WSJ, like any MSM outlet, is manipulating you through half-truths. Pay attention.
Look. I agree with you that we should be skeptical of such claims. But you seem to be applying that skepticism only to claims about one side.
And of course, if the tinfoil hat mentality is appealing, why not one actor spamming comments for _both_ sides? If said actor prefers one position they can just have a an order-of-magnitude difference in what they submitted; either way, said hypothetical party can be satisfied with eroding public trust in the process.
Perhaps - my own pet theory is it was just some bored guys on 4chan who did it because they could.
The thing is, a lot of the bots didn't submit comments directly, which would have required getting keys to submit in bulk and leave a trail. Instead, they filled out forms on the many sites that were set up to take names and submit form letters to the FCC. So some advocacy org might set up a site and get a million comments, half of them might be legit and half might be from a script kiddy running a database of addresses and names through the site, which then submits it to the FCC. The site has no particular incentive to vet the submissions. Knowing the IP address of the entity who sent the message to the FCC is close to useless, in that scenario.
I would consider the scenario where it was not just 1 person/group, you could have more then 1 person trying to cheat the system in favor of his favorite tribe or even just trolls practicing their scripting skills.
This is actually a practice I shun. I submitted commentary on behalf of most of the people in my relatively meager social circle, but at a minimum I 'asked' them if it was alright to do so, explained to them the position I was advocating and asked them if they were in alignment enough to be comfortable being included.
Scraping names/addresses and blasting comments without actually doing the footwork actually undermines the integrity of the entire thing. For both sides.
I won't deny an automated form filler script didn't pass through my mind as an option; but I have a very intense distaste for people who engage in unauthorized proxy behavior, or who subvert other's identities online. Especially now that everyone has thrown out the prevailing common sense of not linking your real life persona to your digital presence. It's one of those lines you just don't cross.
Then again, I've been called an anachronism by peers before; and with recent behavior by various large companies (Wells Fargo) taking the initiative to sign people up for things they don't ask for, maybe my brand of professional ethos hasn't aged well.
>He said the FCC received more than 7.5 million comments consisting of the same short-form letter supporting the current rules from about 45,000 unique email addresses, “all generated by a single fake e-mail generator website.”
He said the FCC received more than 400,000 comments supporting the old rules “from the same address in Russia.”
The separate question that still needs to be figured out, is who is going to be penalized for lying to the american people and taking away their freedoms [1]?
[1] https://techcrunch.com/2018/08/06/fcc-admits-it-was-never-ac...