has sued the Federal Communications Commission over the agency’s refusal to release records that the believes might shed light on Russian interference in the net neutrality repeal proceeding.
The made a Freedom of Information Act (FoIA) request in June 2017 for FCC server logs related to the system for accepting public comments on FCC Chairman Ajit Pai’s repeal of net neutrality rules.
This led to a months-long process in which the repeatedly narrowed its public records request in order to overcome the FCC’s various objections. But the FCC still refuses to release any of the records requested by the , so the newspaper sued the commission yesterday in US District Court for the Southern District of New York.
The ‘ complaint said:
The request at issue in this litigation involves records that will shed light on the extent to which Russian nationals and agents of the Russian government have interfered with the agency notice-and-comment process about a topic of extensive public interest: the government’s decision to abandon “net neutrality.” Release of these records will help broaden the public’s understanding of the scope of Russian interference in the American democratic system.
Despite the clear public importance of the requested records, the FCC has thrown up a series of roadblocks, preventing from obtaining the documents.
Repeatedly, has narrowed its request in the hopes of expediting release of the records so it could explore whether the FCC and the American public had been the victim of orchestrated campaign by the Russians to corrupt the notice-and-comment process and undermine an important step in the democratic process of rule-making. Repeatedly, the FCC has responded to ‘s attempt to resolve this matter without litigation with protestations that the agency lacked the technical capacity to respond to the request, the invocation of shifting rationales for rejecting ‘s request, and the misapplication of FoIA’s privacy exemption to duck the agency’s responsibilities under FoIA.
“FCC’s mishandling of comment process”
The ‘ complaint notes that “The FCC’s mishandling of the public comment process for the proposed rule has been well documented.”
As we’ve reported, the FCC falsely claimed that an outage in its public comment system was caused by multiple DDoS attacks, when in fact the outage was caused by the FCC’s inability to handle an influx of pro-net neutrality comments. The comment system was also overrun with bots and comments fraudulently submitted in people’s names without their knowledge.
The ‘ complaint said it is interested in Russian involvement in the comment process, pointing to an op-ed by FCC Commissioner Jessica Rosenworcel that said the commission received half a million comments from Russian email addresses.
“And in July 2018, a cyber-intelligence company released a report linking Russian email addresses cited in Special Counsel Mueller’s indictment of thirteen Russian individuals and three Russian companies to the emails used to submit comments on the FCC’s proposed rule,” the ‘ court complaint said. “The report concluded that ‘[i]t is plausible that email addresses involved in major breaches are being harvested and reassigned for myriad uses.'”
That’s why the filed its FoIA request:
In an effort to better understand Russian influence in the FCC notice-and-comment system, Plaintiff Nicholas Confessore, on behalf of The New York Times Company and fellow reporter Plaintiff Gabriel Dance, submitted a FoIA request to the FCC on June 22, 2017. The sought the IP addresses, timestamps, and comments, among other data, for all public comments regarding the FCC’s proposed rule that were submitted between April 26, 2017 and June 7, 2017.
FCC denial
The FCC denied the request, telling the on July 21, 2017 that the information may be withheld in full under the FoIA exemption for data containing personally identifiable information.
The argued that the exemption doesn’t apply to public comments, and that even if it did, “the FCC is obligated to redact or segregate exempt materials rather than withhold the records in full.”
The FCC then raised new objections, saying “that the requested records would reveal sensitive information about the security measures in place to protect the FCC’s notice-and-comment processes [and] that the request was overly burdensome,” according to the ‘ lawsuit.
In September 2017, the says it “agreed to narrow its request and eliminate certain header information in an effort to ensure that the security measures introduced by the agency would not be revealed.”
In December, the FCC told the that this would not satisfy its security concerns, so the narrowed its request again. The new request “sought only the comment, the originating IP address, the date and time stamp, and the User-Agent header for comments submitted within the specified time frame,” the said.
After another FCC refusal, the in May of this year “proposed that the agency produce across separate logs: (1) the originating IP addresses and timestamps, so that the agency’s security measures would not be revealed; (2) User-Agent headers (which reveal information such as what Internet browser the individual was using) and timestamps; and (3) the comments, names, and timestamps submitted between the specified dates.”
One last try before the lawsuit
With the FCC still not providing any records, the narrowed its request one more time in August. “The eliminated the portion of the request seeking comments, names, and timestamps. It narrowed its request to seek only (1) originating IP addresses and timestamps, and (2) User-Agent headers and timestamps,” the complaint said.
The said this last proposal addressed the FCC’s privacy concerns by letting the agency produce the records as separate logs so that “the originating IP addresses would not be linked to any specific comment.”
The also said its final proposal addressed the FCC’s security concerns “because none of the security measures implemented by the agency would be revealed by producing only the originating IP address and User-Agent header, without any forwarding data.”
“Finally, the proposal would resolve the agency’s concerns about burdensomeness because releasing the few data points requested would require the production of only a limited number of logs,” the wrote.
Since the has “exhausted all administrative remedies,” the paper asked the court to declare that the documents are public under federal law and must be disclosed and to order the FCC to provide the requested documents within 20 business days. The also asked for reimbursement of attorneys’ fees.
FCC stands by security claim
When contacted by Ars today, the FCC insisted it was correct to deny the ‘ request.
“We are disappointed that has filed suit to collect the Commission’s internal Web server logs, logs whose disclosure would put at jeopardy the Commission’s IT security practices for its Electronic Comment Filing System,” an FCC spokesperson told Ars. “Indeed, just last week the US District Court for the District of Columbia held that the FCC need not turn over these same web server logs under the Freedom of Information Act.”
That ruling came in a separate FoIA lawsuit filed against the FCC by freelance journalist Jason Prechtel, but Prechtel didn’t narrow his request like the did. Prechtel also beat the FCC on another point, with the District Court judge ruling that the FCC must turn over email addresses that were used to submit .CSV files that contained large sets of comments. The judge also ordered the FCC to work with Prechtel on releasing the .CSV files themselves, though it isn’t clear if the FCC still has those files.