> Second, the FCC objects to producing the relevant materials from the API proxy server log because to do so requires creating a script, which demands "research" rather than simply a "search."
Funny how a government agency considers it overly burdensome to write what is likely a 4 line script, so goes through a lawsuit that costs taxpayers likely millions of dollars to avoid it. Unless their infrastructure is well and truly F*ed, this is a 30-60 minute task for a junior server admin. Most likely they already ran it and didn't like what it revealed so it's even less effort.
Don't underestimate the absolutely jaw-dropping incompetence from even senior "tech" folks employed by governments.
Within the last couple years, I've overheard senior, so-called technical government employees 1) complain about Git and wonder aloud why we weren't using Visual Source Safe; 2) insist that rotating through a list of 12 hard-coded passwords, in code, checked into Git, was totally fine; 3) refuse to believe that automated deployments were possible (not hard, or against norms, but physically impossible); 4) try to explain to another so-called technical gov't employee the difference between CSS and JavaScript, and get it wrong; 5) stand up in the middle of a conversation and walk out the door because it's 2:30 PM and their day is over; 6) even more nonsense you wouldn't believe if I showed you a video of it.
I would hope Federal is a little better than State, but I'm not convinced.
The FOIA request was probably not denied because the FCC lacks the technical abilities to fulfill the request. In my experience it's likely that no technical people were consulted on it. A FOIA office simply looks for any excuse they can use to deny a request if they want to deny it. The reason doesn't need to make sense or be their true reason.
Here's an example from my own experience:
I can recall a FOIA request I made for the results of searches in an internal government database in spreadsheet format. To my knowledge this can be exported using existing functionality in the web interface for the internal database. The request was denied, and I appealed. They claimed that the information was publicly available, which is absurd. In the appeal I showed that actually almost none of what I wanted was publicly available and the independent appeals office agreed (after a long delay). Then it became clear that the FOIA office thought the request would be burdensome and they tried to deny it on those grounds. I insisted that no, it wouldn't be burdensome.
When it finally went to the person who would actually do the work, apparently it took only a few hours to do, and they declined to charge me anything for it. I assume the majority of that time was writing some useful comments in the headers of the spreadsheets. They didn't need to write the comments, so clearly they weren't pressed for time.
In the end, the FOIA office spent far more time trying to deny this request than it would have taken to fulfill it.
Once upon a time, my company lawyers came to me and asked me if we had certain historical data that I could pull from a database and how long it would take to pull it. It only took me an hour or so, so I just pulled the data, stuck it in an excel file and sent it to them. They were not happy. Apparently they had already told the judge that the data was unduly burdensome to pull and would take too long.
And when the Government is on the other side with requests, warrants, and subpoenas, they aggressively push with little regard to cost, complexity, or even feasibility.
If we replied to a lawful order with "This demands 'research' instead of simply a 'search'," they would tell us tough-shit.
I fully understand both the cases for and against having net neutrality rules. However, I cannot for the life of me understand why a bunch of comments on a website has somehow become the battleground where this is being fought. What is going on here? As far as I can tell, the comments have about as much sway on public policy as the average youtube comment – none whatsoever.
Because those are not youtube comments. Whenever FCC makes a policy change there is a period when citizens can comment on it and express their opinions and concern. To faithfully execute FCC supposed to include these comments in decision, they still could go against it, but they need to address the concerns raised there.
The false comments, basically gave them opportunity to claim that citizens were equally divided and they could just ignore them, when in reality people were overwhelmingly against the changes.
The whole FCC change reminds me of ICANN and .org TLD. Overwhelmingly unpopular to the public but driven by special interests.
I don't think it's true to say that the comments to the FCC have no impact. It's a part of their process for a reason, and the fact that somoene felt the need to stuff the ballot points to genuine concern. I think it's fairly reasonable to say it would have put Pai in a difficult position politically to institute a rule after 100% of people petitioned against it. Which is why the clearly fraudulent activity happened.
I think the reason the case is being fought is the same reason, it's not about whether people actually like net neutrality, they clearly don't. The point is to rules lawyer through the situation - oh well the comments were a wash, oh well there seems to have been fraud, let's ignore the comments entirely, oh well we can actually really easily tell which comments were fraudulent, but the rules have been in place for years now so it's a moot point.
I don't think it's really that the comments matter all that much, the judge explains it pretty well I thought:
"Here, disclosing the originating IP addresses and user-agent headers would help clarify whether and to what extent fraudulent activity interfered with the comment process for the FCC's [net neutrality repeal], and more generally, the extent to which administrative rulemaking may be vulnerable to corruption. This serves a vital public interest because of the importance of public comments in agency rulemaking," Schofield wrote.
There were very large numbers of comments both for and against net neutrality, but the ones against net neutrality seemed to largely be autogenerated and fraudulent, using names of people who said they didn't write them.
The comments are the proof that the Ajit Pai and the FCC went into the process already planning to axe net neutrality and ignored the real comments put forth by net neutrality supporters in favor of fake comments put forth by net neutrality detractors that arguably constitute identity theft. [1]
There is a federal law called the Administrative Procedure Act, which requires executive agencies to follow a process while engaging in rulemaking. Part of the process is a public comment period, and agencies are required to substantively address the concerns in public comments. If, for example, the public comment process is 99% against a proposal and the agency proceeds without having a VERY good argument, it can get struck down by judicial review.
Pai knows this, and the fact that the public comments on net neutrality rulemaking were so obviously manipulated has made people think there is at least a possibility that he, or the FCC, was complicit, in order to flout the APA. The fact that the agency has gone out of its way to cover the situation up does not inspire much confidence, either.
TL;DR: A bunch of comments on a website could result in the FCC's actions being struck down in court.
Very good question! This all falls under what is called the Administrative Procedures Act (APA). While it sounds very dull, like it involves making sure bureaucrats fill out the right forms, it's actually a very important limit on the power of the executive branch. Especially in the last century we've seen the executive branch get bigger and bigger, with more and more government agencies giving significant power to bureaucrats appointed by the President: unelected, and some not even confirmed by the Senate. A large portion of regulations are set by them, and the worry is that the second the other party takes over the White House they will immediately change all the regulations to their choosing, and back and forth. Regulations rapidly changing based on which party is in control, not to mention being subject to the whims of often unelected bureaucrats, is really bad for consumers and businesses. At its core, the APA says that changes to regulations cannot be "arbitrary and capricious": i.e. that someone can't just arbitrarily create, remove, or change regulations just because they feel like it. There is a required procedure you have to do to change regulations. You have to propose your change, have a public comment period where anyone (ordinary people, industry people, activists, everyone) can voice their concerns, and then they have to make a decision. They also have to specifically address people's concerns and give a specific rationale why they agree with this person and disagree with that person, and so on. If a change is made to a regulation that doesn't respond to all of the concerns expressed, or has a rationale that doesn't make sense, you can sue and have the change stopped.
Long story short, that is why comments on a website genuinely matter to the regulatory process.
EDIT: as a side note, the current administration has been sued a lot over APA violations. Most of the lawsuits brought by states against the federal government you hear about in the news hinge on the APA. An example off the top of my head is the repeal of DACA. Now, DACA was an executive order and could have been un-done by an executive order (executive orders are mostly not subject to the APA). But Trump did not make an executive order repealing DACA: instead the Attorney General removed the rule himself, which means his decision was subject to APA review. As a part of this he had to publish a document explaining why he was going to repeal it. In it he said the reason he was repealing DACA was because he believed it was unconstitutional. A number of states have sued over this change, and one of the legal arguments used is an APA violation, because there is no evidence that DACA is unconstitutional. Which gets to what I find interesting about the APA; it forces the person making the change to specifically spell out their reasoning and rationalization for making that change. If their reasoning is faulty you can sue, and the federal government can't defend it by throwing about alternative rationales for the decision.
Its a skirmish in the campaign being waged by our intelligence services and others who insist the Russian government has been waging a secret campaign to attack our country and "sow division" by using sockpuppets and spam posts on a variety of platforms.
I don't have much of a problem with this ruling given that all commenters were warned:
"every commenter was provided with a privacy notice, stating that '[a]ll information submitted, including names and addresses, will be publicly available via the Web.'"
If public comments were not a part of the decision-making process, then the agencies in question wouldn't be asking for public comments.
If they are asking for them, and piping them into /dev/null, that's a scandal that FOIA requests can reveal. It also gives political capital for a subsequent administration to overturn a ruling with minimal fuss.
Comment periods for draft laws certainly do have an impact. It's basically an opportunity for people to weigh in on the law and get a pulse check on how onboard people are.
because in the last decade or so, if not more, the common method of attack has been to shame. not debate on merits, in public shame. don't believe for a minute they won't resort to combining the information to find people. they will also pretty much write off any ip addresses linked to questionable IPs that supported the cause the paper needs supported.
sadly in this inter connected world it is far easier to name and shame people which thwarts any useful discussion, it is no different than voter intimidation; which is why one side wants to do away with secret ballots in unionization pushes.
winning is all that is cared about.
what are we going to do when either the NYT or another organization links back those ids to private individuals, just hashtag apologize and ignore it?
When his run at the FCC ends I think history will remember Pai as the big telco tool that he is. His leadership (sic) at the FCC has been appalling. I can’t wait for him to be gone so that, hopefully, the damage can be repaired by someone else.
FCC under Pai does the same basic thing FCC has always done and in fact was created to do: help Ma Bell and her descendants eliminate competition and screw customers. The details may change over the decades, but the bottom line does not.
The thing about Pai is that he is really good at the politics part of his job. I was listening to a podcast where he was interviewed, and at the end I was almost convinced he actually cares about the American public and what's best for them.
I don't think the FCC's pushback is based on lack of competence or inability to write simple scripts. That's just what they are trying to fool the courts with. I think they are covering up, because Pai knows where a lot of the fake comments came from: the sources of the fake comments will be discovered, and it will look bad for the industry when it comes out.
Aren’t they also the agency giving the green light to massive violations of consumer privacy by allowing ISPs to data warehouse and monetize browsing histories? And they have the nerve to claim that they want to keep IP addresses private in just this one case where it benefits themselves.
How do they still have all this data? Under GDPR (yes, it's European, I know) after a reasonable amount of time (=14 days) you gotta delete all the PII out of the logs. Does US law really allow storing mostly irrelevant logs for so long, and who pays for storing them?
When you make a comment you are acknowledging that you are entering information to form part of the public record. I've not examined the specific FCC form but I would almost guarantee it clearly explains that your comment and likely metadata around it are protected in some ways by the Privacy Act of 1974 and explicitly not protected in other ways.
These logs could form the basis of a legal record generated by the executive branch of the government and even if they weren't they are likely subject to a legal hold as a result of on-going legal action.
Records in the government sense are very important to form an open trail of policy decisions and overall function of government. Deleting them accidentally can get you a firm slap on the wrist while deleting them intentionally can put you in legal trouble (and worse if you're doing it to cover-up wrongdoing).
The National Archives (NARA) holds on to all the various records generated by the functioning of the federal government for various time periods based on the content of the records. As to payment - costs are incurred in part by the generating agencies and then the taxpayers funding NARA.
Further reading: Privacy Act of 1974, [1], FCC's Comment Filing System System of Records in the Federal Register [2], Paperwork Reduction Act of 1980 (more towards only collecting necessary info), and FCC's Website Notices [3].
Only if you have no legitimate reason to retain it, under the gdpr. Which isn’t relevant here anyway as the US (outside California) doesn’t have anything similar. In this case, the rules require a period of public comment. You could argue whether the IP address is relevant to this public comment, but there’s at least an argument that it is (in this case the concern is that a lot of the public comment may be fake).
Even in countries implementing the gdpr, I’d expect that metadata is retained in this sort of usecase.
[+] [-] ogre_codes|5 years ago|reply
Funny how a government agency considers it overly burdensome to write what is likely a 4 line script, so goes through a lawsuit that costs taxpayers likely millions of dollars to avoid it. Unless their infrastructure is well and truly F*ed, this is a 30-60 minute task for a junior server admin. Most likely they already ran it and didn't like what it revealed so it's even less effort.
[+] [-] pc86|5 years ago|reply
Within the last couple years, I've overheard senior, so-called technical government employees 1) complain about Git and wonder aloud why we weren't using Visual Source Safe; 2) insist that rotating through a list of 12 hard-coded passwords, in code, checked into Git, was totally fine; 3) refuse to believe that automated deployments were possible (not hard, or against norms, but physically impossible); 4) try to explain to another so-called technical gov't employee the difference between CSS and JavaScript, and get it wrong; 5) stand up in the middle of a conversation and walk out the door because it's 2:30 PM and their day is over; 6) even more nonsense you wouldn't believe if I showed you a video of it.
I would hope Federal is a little better than State, but I'm not convinced.
[+] [-] btrettel|5 years ago|reply
Here's an example from my own experience:
I can recall a FOIA request I made for the results of searches in an internal government database in spreadsheet format. To my knowledge this can be exported using existing functionality in the web interface for the internal database. The request was denied, and I appealed. They claimed that the information was publicly available, which is absurd. In the appeal I showed that actually almost none of what I wanted was publicly available and the independent appeals office agreed (after a long delay). Then it became clear that the FOIA office thought the request would be burdensome and they tried to deny it on those grounds. I insisted that no, it wouldn't be burdensome.
When it finally went to the person who would actually do the work, apparently it took only a few hours to do, and they declined to charge me anything for it. I assume the majority of that time was writing some useful comments in the headers of the spreadsheets. They didn't need to write the comments, so clearly they weren't pressed for time.
In the end, the FOIA office spent far more time trying to deny this request than it would have taken to fulfill it.
[+] [-] irrational|5 years ago|reply
[+] [-] ikeboy|5 years ago|reply
[+] [-] rasengan|5 years ago|reply
[1] https://www.vice.com/en_us/article/4xaqz9/hillary-clinton-te...
[+] [-] erichurkman|5 years ago|reply
If we replied to a lawful order with "This demands 'research' instead of simply a 'search'," they would tell us tough-shit.
[+] [-] zamalek|5 years ago|reply
[+] [-] tengbretson|5 years ago|reply
[+] [-] takeda|5 years ago|reply
The false comments, basically gave them opportunity to claim that citizens were equally divided and they could just ignore them, when in reality people were overwhelmingly against the changes.
The whole FCC change reminds me of ICANN and .org TLD. Overwhelmingly unpopular to the public but driven by special interests.
[+] [-] Traster|5 years ago|reply
I think the reason the case is being fought is the same reason, it's not about whether people actually like net neutrality, they clearly don't. The point is to rules lawyer through the situation - oh well the comments were a wash, oh well there seems to have been fraud, let's ignore the comments entirely, oh well we can actually really easily tell which comments were fraudulent, but the rules have been in place for years now so it's a moot point.
[+] [-] blakesterz|5 years ago|reply
"Here, disclosing the originating IP addresses and user-agent headers would help clarify whether and to what extent fraudulent activity interfered with the comment process for the FCC's [net neutrality repeal], and more generally, the extent to which administrative rulemaking may be vulnerable to corruption. This serves a vital public interest because of the importance of public comments in agency rulemaking," Schofield wrote.
[+] [-] nappa-leon|5 years ago|reply
[+] [-] bitxbitxbitcoin|5 years ago|reply
[1] https://arstechnica.com/tech-policy/2017/12/dead-people-amon...
[+] [-] bbatsell|5 years ago|reply
Pai knows this, and the fact that the public comments on net neutrality rulemaking were so obviously manipulated has made people think there is at least a possibility that he, or the FCC, was complicit, in order to flout the APA. The fact that the agency has gone out of its way to cover the situation up does not inspire much confidence, either.
TL;DR: A bunch of comments on a website could result in the FCC's actions being struck down in court.
[+] [-] openasocket|5 years ago|reply
Long story short, that is why comments on a website genuinely matter to the regulatory process.
EDIT: as a side note, the current administration has been sued a lot over APA violations. Most of the lawsuits brought by states against the federal government you hear about in the news hinge on the APA. An example off the top of my head is the repeal of DACA. Now, DACA was an executive order and could have been un-done by an executive order (executive orders are mostly not subject to the APA). But Trump did not make an executive order repealing DACA: instead the Attorney General removed the rule himself, which means his decision was subject to APA review. As a part of this he had to publish a document explaining why he was going to repeal it. In it he said the reason he was repealing DACA was because he believed it was unconstitutional. A number of states have sued over this change, and one of the legal arguments used is an APA violation, because there is no evidence that DACA is unconstitutional. Which gets to what I find interesting about the APA; it forces the person making the change to specifically spell out their reasoning and rationalization for making that change. If their reasoning is faulty you can sue, and the federal government can't defend it by throwing about alternative rationales for the decision.
[+] [-] StanislavPetrov|5 years ago|reply
I don't have much of a problem with this ruling given that all commenters were warned:
"every commenter was provided with a privacy notice, stating that '[a]ll information submitted, including names and addresses, will be publicly available via the Web.'"
[+] [-] axus|5 years ago|reply
[+] [-] vkou|5 years ago|reply
If they are asking for them, and piping them into /dev/null, that's a scandal that FOIA requests can reveal. It also gives political capital for a subsequent administration to overturn a ruling with minimal fuss.
[+] [-] refurb|5 years ago|reply
[+] [-] Shivetya|5 years ago|reply
sadly in this inter connected world it is far easier to name and shame people which thwarts any useful discussion, it is no different than voter intimidation; which is why one side wants to do away with secret ballots in unionization pushes.
winning is all that is cared about.
what are we going to do when either the NYT or another organization links back those ids to private individuals, just hashtag apologize and ignore it?
[+] [-] gigatexal|5 years ago|reply
[+] [-] jessaustin|5 years ago|reply
[+] [-] jedberg|5 years ago|reply
[+] [-] 0xy|5 years ago|reply
[deleted]
[+] [-] not2b|5 years ago|reply
[+] [-] TazeTSchnitzel|5 years ago|reply
I expect the NYT will just find thousands of comments written with IE6 from AWS IP addresses.
[+] [-] Traster|5 years ago|reply
[+] [-] natch|5 years ago|reply
[+] [-] paypalcust83|5 years ago|reply
[+] [-] adamleithp|5 years ago|reply
Can't wait to see it.
[+] [-] panny|5 years ago|reply
[+] [-] mschuster91|5 years ago|reply
[+] [-] velosol|5 years ago|reply
These logs could form the basis of a legal record generated by the executive branch of the government and even if they weren't they are likely subject to a legal hold as a result of on-going legal action.
Records in the government sense are very important to form an open trail of policy decisions and overall function of government. Deleting them accidentally can get you a firm slap on the wrist while deleting them intentionally can put you in legal trouble (and worse if you're doing it to cover-up wrongdoing).
The National Archives (NARA) holds on to all the various records generated by the functioning of the federal government for various time periods based on the content of the records. As to payment - costs are incurred in part by the generating agencies and then the taxpayers funding NARA.
Further reading: Privacy Act of 1974, [1], FCC's Comment Filing System System of Records in the Federal Register [2], Paperwork Reduction Act of 1980 (more towards only collecting necessary info), and FCC's Website Notices [3].
[1]: https://www.archives.gov/about
[2, Word .doc]: https://www.fcc.gov/omd/privacyact/documents/records/FCC-CGB...
[3]: https://www.fcc.gov/general/website-notices
[+] [-] rsynnott|5 years ago|reply
Even in countries implementing the gdpr, I’d expect that metadata is retained in this sort of usecase.
[+] [-] nikanj|5 years ago|reply
[+] [-] niij|5 years ago|reply
[+] [-] bluedays|5 years ago|reply
[+] [-] topspin|5 years ago|reply