FCC chairman: truth about site failure should have come out sooner


The head of the Federal Communications Commission told Congress he couldn't alert the public to that website problems had been incorrectly designated as a cyberattack without jeopardizing a federal investigation.

Ajit Pai, the chairman of the FCC, told lawmakers at an Aug. 16 Senate Commerce Committee hearing that he knew a cyberattack likely did not take down the FCC comment filing website in 2017 during a poiltically charged debate over net neutrality. Pai said he didn't want to complicate the Inspector General's investigation and any subsequent criminal prosecution.

Sen. Brian Schatz (D-Hawaii) questioned Pai on whether he knew the cyberattack designation was false, saying that it was "hard to digest" the chairman was "duped" into believing that caused the website malfunction.

"I think a lot of people's first instinct was that it didn't make any sense," Schatz said. "So I understand your reliance on your CIO -- I don't blame you for that -- my question was, did you have any doubt at any time before the report came out?"

Pai said that when he learned the system was down the morning of May 8, 2017, he immediately assumed the site was overwhelmed by a sudden influx of traffic following a segment on an HBO show hosted by John Oliver that directed viewers to file comments with the FCC.

Despite those doubts, Pai chose to go public with findings from then-CIO David Bray characterizing the outage as resulting from a distributed denial of service attack. Pai said the IG notified him in January that those findings were potentially incorrect, but requested that information remain confidential as the investigation was referred to the Justice Department for criminal prosecution.

"Once we knew what the conclusions were, it was very hard to stay quiet," Pai said. "We wanted the story to get out not only because it vindicated what we had been saying -- that we relied on the chief information officer's representations -- but also because otherwise we knew that members of this committee, including potentially you [Sen. Schatz], would think, 'Welp, he knew something was wrong but he didn't tell us about it.'"

Bray defended his position in a June 2018 Medium post, writing "whether the correct phrase is denial of service or "bot swarm" or "something hammering the Application Programming Interface" (API) of the commenting system — the fact is something odd was happening in May 2017." His biggest concern at the time, Bray said, was that "we were also being spammed by something automated" and could keep people from commenting on the proposal.

The hearing came just two days after the House Energy and Commerce Committee inquiry called Pai's unwillingness to correct "a public myth" for more than a year "troubling" and requested more details on his decision making.

As the hearing continued, Schatz seemed unsatisfied with Pai's responses: "It just seems odd that the moment your CIO says something that you run with it and ran with it quite aggressively," he said.

Pai stuck to his position, however, saying that keeping the OIG's confidence was the right action to prevent interfering with the federal investigation and possible DOJ prosecution.

"It's a difficult position to be in," he said. "I made the judgement that we had to adhere to the OIG's request even though I knew we would be falsely attacked for having done something inappropriately."

Schatz replied, "I guess what I'm looking for is some measure of accountability as the chairman...I can't imagine that there was not another way to thread this needle and deal with us in our oversight capacity."

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.