Two Democratic senators are demanding answers from the Federal Communications Commission about its response to distributed denial-of-service (DDoS) attacks that temporarily prevented the public from commenting on a controversial proposal to dismantle net neutrality rules.
The FCC’s public comments site struggled for hours Sunday night and Monday after comedian John Oliver called on HBO viewers to write in protest of Chairman Ajit Pai’s proposal to eliminate the current net neutrality rules. The FCC issued a statement yesterday attributing the downtime to DDoS attacks, without mentioning the influx of comments caused by Oliver’s show.
The docket is available here. There have been more than 300,000 filings on the net neutrality proposal since Oliver’s show, bringing the total to about 350,000 since the docket opened two weeks ago. The number would likely be higher if not for the downtime, but this is still an unusually large number of comments for an FCC proceeding. Comments will be accepted until August 16.
Senators Ron Wyden (D-Ore.) and Brian Schatz (D-Hawaii) wrote a letter to Pai today asking for detailed information on the DDoS attacks. “A denial-of-service attack against the FCC’s website can prevent the public from being able to contribute to this process and have their voices heard,” the senators wrote. “Any potentially hostile cyber activities that prevent Americans from being able to participate in a fair and transparent process must be treated as a serious issue.”
The senators asked for the following information:
- Details on the nature of the DDoS attacks, including the amount of malicious traffic received by the FCC network, and any evidence of who is responsible for the attacks
- Whether the FCC has sought assistance from other federal agencies in investigating and responding to the attacks
- Whether the FCC uses commercial DDoS protection services
- The number of concurrent visitors the FCC website is designed to handle.
- How many people were unable to submit comments during the outage caused by the DDoS attacks
- Whether the FCC will send responses to people who were able to submit comments but did not receive immediate confirmations from the FCC because of the DDoS
- Whether the FCC has all the resources and expertise it needs to combat DDoS attacks
The senators asked Pai for answers by June 8. “We have received the letter and are reviewing it,” an FCC spokesperson toldtoday. The FCC yesterday called the attacks “deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host.”
Net neutrality activist group Fight for the Future accused the FCC of lying about suffering a DDoS attack at the same time that John Oliver viewers were trying to comment. Fight for the Future offered no proof that a DDoS attack did not occur, but it seems reasonable to assume that the heavy influx of comments caused by the John Oliver show would have made responding to a DDoS attack more difficult.
This week’s situation is a repeat from 2014, when a John Oliver show—and a database denial of service attack on the same night—crippled the FCC’s comment system. The FCC has since upgraded the website’s infrastructure and switched from internal servers to the Amazon cloud.
The comment system has been running pretty smoothly today, but Wyden and Schatz urged Pai to give the public additional methods for commenting, such as a dedicated e-mail address like the one used by the FCC in 2014.