Thanks, Obama —

Ajit Pai admits FCC lied about “DDoS,” blames it on Obama administration

Former CIO "provided inaccurate information" about comment outage, Pai says.

FCC Chairman Ajit Pai smiling during a TV interview.
Enlarge / FCC Chairman Ajit Pai at Fox Studios on November 10, 2017 in New York City.

Federal Communications Commission Chairman Ajit Pai acknowledged Monday that the FCC lied about its public comment system being taken down by a DDoS attack during the net neutrality repeal proceeding.

Pai blamed the spreading of false information on employees hired by the Obama administration and said that he isn't to blame because he "inherited... a culture" from "the prior Administration" that led to the spreading of false information. Pai wrote:

I am deeply disappointed that the FCC's former Chief Information Officer [David Bray], who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people. This is completely unacceptable. I'm also disappointed that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn't feel comfortable communicating their concerns to me or my office."

Pai's admission came in a statement yesterday. "It has become clear that in addition to a flawed comment system, we inherited from the prior Administration a culture in which many members of the Commission's career IT staff were hesitant to express disagreement with the Commission's former CIO in front of FCC management," he also said.

Outage affected net neutrality supporters

Pai's FCC had been insisting for more than a year that distributed denial-of-service attacks took down the FCC comment system on May 8, 2017, just as many net neutrality supporters were trying to submit comments opposing Pai's plan to eliminate the rules.

Pai's statement yesterday came after the FCC Inspector General's office investigated the incident. Pai thanked the Inspector General's office "for the comprehensive report it has issued," but the FCC hasn't made the report available publicly. We asked Pai's office for a copy of the report yesterday and haven't received it yet. (UPDATE: The report was released Tuesday afternoon.)

"The Inspector General Report tells us what we knew all along: the FCC's claim that it was the victim of a DDoS attack during the net neutrality proceeding is bogus," said FCC Commissioner Jessica Rosenworcel, the commission's only Democrat. "What happened instead is obvious—millions of Americans overwhelmed our online system because they wanted to tell us how important Internet openness is to them and how distressed they were to see the FCC roll back their rights. It's unfortunate that this agency's energy and resources needed to be spent debunking this implausible claim."

The FCC claimed it was hit by the DDoS attack just after comedian John Oliver asked his viewers to submit comments opposing Pai's net neutrality repeal.

Pai: It wasn’t my fault

According to Pai, the Inspector General's report "debunks the conspiracy theory" that Pai himself was to blame for the FCC spreading false information. Pai said:

I'm pleased that this report debunks the conspiracy theory that my office or I had any knowledge that the information provided by the former CIO was inaccurate and was allowing that inaccurate information to be disseminated for political purposes. Indeed, as the report documents, on the morning of May 8, it was the former CIO who informed my office that "some external folks attempted to send high traffic in an attempt to tie-up the server from responding to others, which unfortunately makes it appear unavailable to everyone attempting to get through the queue." In response, the Commission's Chief of Staff [Matthew Berry], who works in my office, asked if the then-CIO was confident that the incident wasn't caused by a number of individuals "attempting to comment at the same time... but rather some external folks deliberately trying to tie-up the server." In response to this direct inquiry, the former CIO told my office: "Yes, we're 99.9 percent confident this was external folks deliberately trying to tie-up the server to prevent others from commenting and/or create a spectacle."

Going forward, "we will make it clear that those working on information technology at the Commission are encouraged to speak up if they believe that inaccurate information is being provided to the Commission’s leadership," Pai said.

Pai also said the FCC's comment system needs to be updated and that "We're looking forward to getting that important project started."

Bray, the former CIO, left the FCC last year and is now executive director of People-Centered Internet. People-Centered Internet provided a statement on behalf of Bray yesterday, saying that he "has not been contacted by the FCC IG and has not seen their reported findings. There has not been any outreach to ask what he had seen, observed, or concluded during the events more than a year ago in May 2017."

"Swift response ensured the commenting system was up more than 99.4 percent of the time for the total commenting period," the statement also said. The comment period lasted until August 30, nearly four months after the "DDoS" incident.

Bray's version of events recently unraveled. He told reporters in 2017 that the FCC comments system was attacked both in 2014 and 2017 but that the 2014 DDoS wasn't revealed publicly at the time because "the Chairman" wanted to keep it quiet. Former FCC Chairman Tom Wheeler denied this, and former FCC official Gigi Sohn called Bray's statement about the 2014 incident "flat-out false."

Pai has touted his efforts to increase "transparency" at the FCC, but his FCC was criticized by US Senator Ron Wyden (D-Ore.) last year for refusing to provide evidence to support the claim that it was hit by DDoS attacks. Pai's office issued a statement at the time saying that it was "categorically false" to suggest that "the FCC lacks written documentation of its analysis," even as the FCC refused to make that documentation public.

The FCC ultimately received nearly 24 million comments on Pai's plan, though millions were fraudulent. The New York State Attorney General's office has been investigating the fraud and accused Pai of refusing to provide "crucial evidence" needed for the investigation.

The May 2017 incident is also being investigated by US Government Accountability Office.

Pai dismissed pro-net neutrality comments

Pai said last year that the number of pro-net neutrality comments was "not as important as the substantive comments that are in the record," and he more recently said that net neutrality supporters are "Chicken Littles."

Pai's FCC finalized its decision in December 2017, voting to deregulate the broadband industry and eliminate net neutrality rules that prohibited Internet service providers from blocking and throttling Internet traffic. The repeal took effect in June 2018.

Pai promises that the repeal will create "better, cheaper, and faster Internet access," and he claimed that the rules harmed broadband investment. Yet ISPs told investors that the rules didn't harm their network investments.

To bolster his argument, Pai has claimed that broadband deployment projects that were started during the Obama administration were somehow caused by his net neutrality repeal.

Channel Ars Technica