Hundreds of thousands of pro-net neutrality comments submitted in recent weeks to the Federal Communications Commission (FCC) website appear to be fake, according to a new analysis released today by the National Legal and Policy Center, a leading government watchdog.
An initial forensic analysis of the FCC’s 2.5 million comments shows:
More than 465,322 pro-net neutrality comment submissions (close to 20% of all pro-net neutrality comments filed) were made in which either the filers’ names were being submitted with the email address of an obviously different person or in which the same email address was used to file multiple comments – in some cases thousands of times.
Over 100,000 examples of identical comments used language from an Electronic Frontier Foundation letter desk campaign in which the email addresses were generated from a fake email generator program using as many as 10 different email domains. A check of hundreds of the 100,140 comments also revealed that the submissions included fake physical addresses and possibly even fake names.
Comments submitted from multiple filers using various foreign and U.S. email addresses appear to have been culled from spammer and hacker databases available on the public web.
“The full breadth of the fake comments at this point is not known,” said National Legal and Policy Center President Peter Flaherty. “But based on an initial forensic analysis, we believe it is massive. Indeed, based on our initial read, almost one fifth (465,322) of all pro-net neutrality comments submitted into the docket appear to have come from email addresses that have made multiple submissions, sometimes with duplicates in the thousands. At least 100,000 more comments from an Electronic Frontier Foundation Net Neutrality comment campaign appear to have been generated using both fake email and fake physical addresses and perhaps even fake names.”
One of the more troubling aspects of the deception are comments that are being submitted from thousands of filers using what appear to be other people’s private email addresses. Based on NLPC’s analysis, the email addresses appear in many cases to have either been culled from spam and hacker databases available on the open web, or from other publicly available files found on the open web such as PDF files – some not even in the U.S. In one case analyzed, an email address that appears to have been pulled from an Islamic hacker database on the public web was associated with seven different individuals submitting comments.
“For groups like the Electronic Frontier Foundation that claim to champion consumers’ online privacy, it would be an unprecedented privacy breach if they knowingly culled other people’s email addresses from spam databases and without their consent falsely submitted comments into the docket,” Flaherty continued. “At this point, the full extent of the problem is unclear, but it definitely deserves further investigation.”
To get a better understanding of the extent of the fake pro-net neutrality comments, NLPC announced today that they plan to submit the data to a professional data forensics expert in the days ahead to conduct a thorough analysis of the comments.
“We plan to work with a reputable forensics expert and release a full report on the extent of the problem,” Flaherty said. “Gaming a regulatory rulemaking in this way is highly deceptive and completely undermines the integrity of the public comment process. More troubling, the potential privacy breach of knowingly using other people’s email addresses without their permission to submit comments would be unprecedented,” Flaherty continued.
“If our independent forensics analysis confirms that the deception is as extensive as the initial analysis indicates, we will submit our report to Congress and urge them to conduct a full and thorough investigation,” Flaherty concluded.