Several lawmakers would like to know why the FCC not only made up a distributed denial of service attack, but repeatedly lied to the media and Congress about that fact.
You might recall that last year’s John Oliver segment on the FCC’s unpopular net neutrality repeal drove millions of angry viewers to the FCC website, which promptly collapsed under the load.
In the wake of the outage, the FCC issued a statement claiming that extensive FCC “analysis” had found that the outage wasn’t simply due to pissed-off internet users, but had been the result of a malicious attack on the agency. Security experts were quick to question the claim, noting the “attack” had none of the telltale signs of a traditional DDOS.
FOIA requests subsequently showed that no FCC analysis had actually been completed and that no attack appeared to have ever occurred. As reporters began to highlight this fact, the FCC curiously doubled down on the claim, issuing a punchy statement to numerous media outlets last summer, accusing reporters of being “completely irresponsible.”
“News reports claiming that the Commission has said this are without any basis and completely irresponsible,” the FCC told the media. “In fact, we have voluminous documentation of this attack in the form of logs collected by our commercial cloud partners."
But again, not only did the DDOS attack never take place, the “voluminous documentation” the FCC cited has been proven to have never existed.
Subsequent FOIA requests quickly illustrated that not only was there never any DDOS attack, but that several FCC staffers repeatedly peddled the false narrative to numerous media outlets. Those claims were supported by an FCC Inspector General Report that found several employees at the agency also repeatedly misled Congress and the FBI during several concurrent inquiries.
Those misstatements to Congress in turn resulted in the case being forwarded to the DOJ, though the agency refused to press charges against any FCC staffers.
Hoping to get ahead of the Inspector General report, FCC boss Ajit Pai issued a pre-emptive statement last week attempting to throw numerous FCC employees under the bus, while denying any knowledge of the repeated efforts to mislead the press, public, and Congressional lawmakers.
“I am deeply disappointed that the FCC’s former Chief Information Officer (CIO), who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people,” Pai said.
“I’m also disappointed that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn’t feel comfortable communicating their concerns to me or my office.”
But the letter sent to the FCC today by Democratic Representatives accuses the FCC of “dereliction of duty” in failing to dispel the phony DDOS attack claim, and expresses disbelief at the idea that Pai knew nothing about the year-long effort to mislead the public.
“Given the significant media, public, and Congressional attention this alleged cyberattack received for over a year, it is hard to believe that the release of the IG’s Report was the first time that you and your staff realized that no cyberattack occurred,” the letter states.
While since-departed FCC CIO David Bray was originally hired by Pai’s predecessor Tom Wheeler, he remained employed for much of last year under Pai’s watch. Additionally, the IG report highlighted how several other FCC employees doubled down on Bray’s false claims, helping to perpetuate the narrative in numerous interactions with the press, FBI, and Congress.
“It is troubling that you allowed the public myth created by the FCC to persist and your misrepresentations to remain uncorrected for over a year,” the Senators noted. “To the extent that you were aware of the misrepresentations prior to the release of the Report and failed to correct them, such actions constitute a wanton disregard for Congress and the American public.”
Consumer groups angry about the FCC’s repeal of net neutrality weren’t particularly impressed by the entire, ridiculous affair.
“Ajit Pai is an embarrassment,” said Evan Greer, Deputy Director of consumer advocacy group Fight For the Future.
“We knew he was lying about his reasons for killing net neutrality, but now we know his agency also lied to Congress, journalists, and the public about something as serious as a cyber attack,” Greer said. “He may well be the Republican party’s biggest liability in the midterm elections.”
This all begs the million-dollar question: why would the FCC make up a DDOS attack?
Much like the FCC’s decision to do absolutely nothing about the fraudulent comments filed during the net neutrality repeal public comment period, it’s believed the FCC was hoping to deflate media reports of massive public opposition to historically-unpopular FCC policies.
Ajit Pai is scheduled to testify this Thursday before a Senate oversight committee, where he’ll have to explain what he knew and when he knew it. Pai’s claim that he knew nothing at all doesn’t align with the fact that several Pai staffers not only fed false information to Congress, but Pai’s own press shop maligned reporters for digging into the false claims.
Lawmakers have also given the agency boss until August 28 to provide more detail on the DDOS-that wasn’t, and to explain why his agency spent much of the last year pushing a fairy tale. Should Congress fail to generate much in the way of accountability, the bogus attack will also likely resurface during the looming net neutrality lawsuits headed the FCC’s direction.