In a statement on Monday, FCC Chairman Ajit Pai said that he was “deeply disappointed” that the agency’s former chief information officer, David Bray, provided “inaccurate information” about an alleged cyberattack on the FCC’s comment system last summer as the agency was considering new rules to overturn Obama-era net neutrality protections.
Pai’s remarks were circulated ahead of the release of an inspector general report examining claims by senior FCC officials that the comment system was overwhelmed on the night of May 7, 2017, by “multiple distributed denial-of-service attacks (DDoS).” The comment system suffered intermittent downtime that night after John Oliver, host of HBO’s Last Week Tonight, directed his audience to flood the FCC with comments supporting net neutrality.
The FCC’s claim that a DDoS attack was responsible for the downtime was immediately disputed by pro-net neutrality groups. The agency has long refused to supply lawmakers with evidence showing an attack occurred. In July 2017, the agency told Gizmodo it had no documented analysis showing an attack occurred in response to a Freedom of Information Act request.
As Gizmodo first reported last year, Bray had previously leaked baseless claims that the FCC was struck by a cyberattack in 2014. He was also the first official at the agency to publicly claim the comment system had been attacked last May.
While the inspector general report is not yet public, statements from Pai and other FCC officials indicate it will reflect that no evidence was found supporting the commission’s prior claims that it was attacked.
“The Inspector General Report tells us what we knew all along: the FCC’s claim that it was the victim of a DDoS attack during the net neutrality proceeding is bogus,” said FCC Commissioner Jessica Rosenworcel.
Pai was questioned last month about the attack by Rep. Debbie Dingell during an FCC oversight hearing, but said he was legally forbidden from discussing the matter openly, citing “some of the sensitivity of that information.”
“I want to thank the Office of the Inspector General, both for its thorough effort to get to the bottom of what happened and for the comprehensive report it has issued,” Pai said in a statement Monday. “With respect to the report’s findings, I am deeply disappointed that the FCC’s former Chief Information Officer (CIO), who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people. This is completely unacceptable.”
Scrambling to divert blame away from his office, Pai also fingered as responsible Obama leftovers whom he suggested were culpable for failing to inform him that they disagreed with Bray’s claims.
In addition to a “flawed comment system,” he said, it had become clear the FCC had inherited from the previous administration “a culture in which many members of the Commission’s career IT staff were hesitant to express disagreement with the Commission’s former CIO in front of FCC management.”
Pai said he was “disappointed” that employees working under his former CIO “either disagreed with the information that he was presenting or had questions about it, yet didn’t feel comfortable communicating their concerns to me or my office.”
Bray did not immediately respond to a request for comment.
Update, 8/7: A statement issued on Dr. David Bray’s behalf by a friend said that Bray had not been contacted by the FCC Office of the Inspector General and had not seen its reported findings.
“There has not been any outreach to ask what he had seen, observed, or concluded during the events more than a year ago in May 2017. He chose to take a new leadership role last year and is no longer at the FCC,” the statement said. “Swift response ensured the commenting system was up more than 99.4% of the time for the total commenting period.”
Correction: A previous version of this article said that a statement had been issued on behalf of Dr. David Bray by The People-Centered Internet coalition, where Bray now serves as executive director. The statement was issued by a friend. We regret the error.
Update, 8/7/2017: The FCC Office of the Inspector General (OIG) concluded through investigation that there was no cyberattack against the FCC’s comment system in May 2017.
“The May 7-8, 2016 degradation of the FCC’s ECFS was not, as reported to the public and to Congress, the result of a DDoS attack,” the OIG report states. “At best, the published reports were the result of a rush to judgment and the failure to conduct analyses needed to identify the true cause of the disruption to system availability.”