The Permanent Subcommittee on Investigations chaired by Portman released a bipartisan report Thursday that shows regular misuse of the systems that 14 federal agencies use to collect comments from the public on proposed rules. Portman said the online comment process is meant to let Americans provide meaningful input to federal agencies, but the spam deluge “in some cases drowns out the substantive, significant comments that could make the regulations better.”
“The online comment systems are too often being abused, and agencies have not taken adequate steps to address that abuse,” said a statement from Portman. "Victims of identity theft are being misrepresented on federal government websites, and agencies are doing little to protect them. The systems are making extraordinarily profane content widely available... I’m hopeful that this bipartisan report will start a discussion between Congress and the federal agencies about how we can make online comment systems work better both for government agencies and Americans.”
The review found comments in the FCC system that were falsely attributed to reality television star Kim Kardashian, deceased rock star Elvis Presley, basketball star LeBron James, dictator Adolf Hitler, FCC Chair Ajit Pai, President Donald Trump, former presidents Barack Obama, Richard Nixon and Ronald Reagan, and U.S. Senators including Portman and Ohio’s Sherrod Brown. It said the only remedy the FCC allows for comments submitted under fake names is to let the identity theft victims post a separate comment to establish their own position on an issue, which makes dockets even more lengthy and “also requires the victims to engage in a regulatory process in which they potentially have no interest in engaging.”
Even though it’s a federal crime punishable by a fine or up to five years in prison, or both, to “knowingly and willfully” make “any materially false, fictitious, or fraudulent statement or representation” to the federal government, agencies the subcommittee contacted said they don’t verify the identity of those who make comments and only one - the Commodity Futures Trading Commission - had referred fraudulent activity to the Federal Bureau of Investigation.
Representatives of the agencies told Portman’s subcommittee that anonymous comments are important for the information gathering process, and “requiring commenters to provide their actual identities might dissuade some people, such as government and corporate whistleblowers who wish to remain anonymous, from providing information at all.”
“FCC Chairman Ajit Pai has acknowledged that during the Restoring Internet Freedom comment period, nearly eight million comments came from email addresses associated with fakemailgenerator.com and more than 500,000 came from Russian email addresses.,” the report said. “In an interview with Subcommittee staff, FCC Commissioner Jessica Rosenworcel cited a New York Attorney General investigation that estimated that more than two million comments submitted to the proceeding used stolen identities. She said that of those two million, 81,000 used Ohioans’ identities; 6,000 used Delawareans’ identities; 78,000 used Pennsylvanians’ identities; 176,000 used Texans’ identities; and 130,000 used Floridians’ identities.”
The report notes that the FCC bars radio and television stations from broadcasting profanities like the F-word, even though they appear with some frequency in public comments on its website. According to its tally, the F-word appeared in 23,381 comments to the FCC, as well as 31 comments made to other federal agencies through the Regulations.gov website. Other profanities that appeared in thousands of online federal comments included “hell,” "sh**, “damn,” and “a**hole.”
“As recently as 2004, the FCC sanctioned NBC for a single use of the word “f-ing” during a broadcast, stating that “[t]he ‘F-Word’ is one of the most vulgar, graphic and explicit descriptions of sexual activity in the English language,” the report says.
The report found that none of the commenting systems use CAPTCHA or other technology to ensure that real people, instead of bots, are submitting comments to rulemaking dockets, which leaves the commenting process more vulnerable to abuse by malicious actors. Agencies also have inconsistent policies for screening and posting comments, with some agencies like the FCC allowing posting of "copyrighted material, threats, personally identifiable information, and other sensitive and abusive material on its website.
“It has also accepted and posted executable files submitted as comments, which can contain viruses,” the report said. “No other agency the Subcommittee surveyed accepts executable files as comments. Members of the public who download the files may thereby be exposed to the viruses. Other agencies, like the Securities and Exchange Commission and Department of Commerce, have policies in place to screen comments for profanity, personally identifiable information, and threats to avoid posting harmful content online.”
It recommended that Congress amend the law to clarify that agencies shouldn’t “accept or post abusive, profane, or threatening comments; irrelevant comments; or comments submitted under a false identity,” and that those “containing threats or abusive language, irrelevant comments, or comments sent from a fake identity should not remain available for public viewing.”
It also suggested that agencies develop uniform and appropriate limits on duplicative comments, requiring commenters to submit individual comments directly through their platforms and develop policies to encourage organizations to collect signatures on one comment, rather than submitting thousands of individual identical comments that clog the system. Technologies like CAPTCHA should be used to ensure that only real human beings are submitting comments, the report said.
“Federal comment platforms should allow commenters the option to submit anonymously or under their real names, but not under false identities,” it said. “If commenters enter a name, the platforms should require commenters to confirm that the name is their own and that they understand that criminal penalties may attach if they falsify their identity. Federal agencies should refer allegations of identity theft to the appropriate law enforcement agencies.”
©2019 Advance Ohio Media, Cleveland. Distributed by Tribune Content Agency, LLC.
