Most comments in FCC net neutrality consultation were reportedly fake
Subcontractors allegedly used stolen data for government petitions
The report, commissioned by New York Attorney General Letitia James, investigated a public consultation held by the FCC over its plans to repeal net neutrality rules in 2018. That consultation, which ultimately resulted in the FCC repealing the rules and eliminating net neutrality, was corrupted by a massive ISP-backed campaign to generate anti-net neutrality comments. The subcontractors who generated the comments did so fraudulently while broadband industry backers turned a blind eye, the report says.
The campaign used a technique known as astroturfing, in which lobbyists control supposed public interest groups to steer public opinion.
It began with a document circulated among senior broadband industry executives several days before Donald Trump’s inauguration in January 2017. The document suggested funding a campaign to collect comments for the FCC to provide then-chairman Ajit Pai with what executives called "intellectual cover" to repeal the net neutrality rules.
This campaign operated through a nonprofit called Broadband for America (BFA), with an executive committee comprising broadband executives.
This nonprofit spent $8.5 million on anti-net neutrality lobbying, most of which came from three of America's largest broadband companies. However, the campaign was operated through several non-profit entities, including American Commitment, the Center for Individual Freedoms, and the Taxpayers Protection Alliance. The BFA controlled everything, the report said.
These astroturfing groups operated their own comment collection pages, although they collected few comments. In reality, the BFA's lobbying firm enlisted co-registration lead generation companies to generate and submit comments, all of which used fraudulent tactics, the report said.
Co-registration companies promise free prizes and coupons to consumers in return for registering their names and contact details online, and, in some cases, responding to survey questions. The companies allegedly promised to solicit comment on the net neutrality rules via these sites, but it instead merely copied information from past registrants, whose names were submitted to the FCC as opposing net neutrality without their consent.
When consumers complained about these acts,, New York-based co-registration company Fluent allegedly lied to the BFA and fabricated landing pages with the solicitations.
Other co-registration companies commissioned by the lobbying firm subcontracted the work to a network of others, creating what the report called "an environment ripe for fraud." One of the subcontractors didn't even operate co-registration sites.
Cost of a data breach report 2020
Find out what factors help mitigate breach costsDownload now
Another contractor, which promised to run online advertisements soliciting comment, instead used names and addresses stolen during a data breach and dumped online in 2016.
One company used a text generation program to generate over a million fake comments for submission to the FCC, attaching them to fraudulently gathered names and email addresses.
The BFA acknowledged, discussed, and ultimately ignored red flags that pointed to fraudulent activities, the report added.
Not all fraud supported repealing the net neutrality rules, though. In another incident, a college student used automated software to submit 9.3 million comments to the FCC supporting net neutrality using easily fabricated names and email addresses.
Overall, nearly 18 million of the more than 22 million comments the FCC received in its public consultation were fake, James said.
The State of New York has imposed penalties on participants who collected the fraudulent comments: Fluent, Opt-Intelligence, and React2Media. Between them, they must pay $4.4 million in penalties and instigate reforms.
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now