REMARKS OF COMMISSIONER JESSICA ROSENWORCEL FEDERAL COMMUNICATIONS COMMISSION STATE OF THE NET CONFERENCE WASHINGTON, DC JANUARY 29, 2018 Good afternoon. It’s a treat to be here at the State of the Net Conference. So thank you to the Internet Education Foundation for having me—and thank you for the good work you do to foster conversation about internet policy. Upfront, I think I need a disclaimer. As a Commissioner at the Federal Communications Commission speaking at the State of the Net Conference I am going to defy expectations today. I am not going to talk about net neutrality. I support net neutrality. I voted against last month’s decision to roll back these rules. There is no shortage of places where you can read my heated take on what happened. Today, instead of talking about the substance of net neutrality, I want to use it as a launching pad to go big and discuss policymaking in the internet era. I want to talk about shortcomings in our civic infrastructure. Because we need to make some real changes if we want to give the public a fair shot at getting through to those who make decisions in Washington. That’s some lofty stuff, so let me start small. Let me start with three quick stories about three individuals. First story. Ketchikan is the biggest city in southern Alaska. That means it has about 8,000 residents. Ketchikan is nestled at the entrance to Alaska’s Inside Passage—a network of waterways that provides access to some of the state’s most idyllic scenery. The area is known for its thriving fishing industry, the world’s largest collection of standing totem poles, and the Misty Fjords National Monument. So no surprise, it’s a regular stop on the cruise ship circuit. The charm of this area brought Karl Amylon up from the lower 48, when in 1995 he assumed the position of Ketchikan’s Chief Administrative Officer. For more than two decades he has quietly helped run the city, ensuring that residents get the services they need from local authorities. He was surprised in December when the local radio station found his name on a comment in the FCC public record, asking the agency to repeal net neutrality. As he told the radio station, he definitely did not submit a comment. Poking around a bit more, the station found that just shy of 900 comments were submitted to the FCC from Ketchikan. As another official in the city mused, it’s “really, really unlikely” that so many public comments were authored by the residents of this little Alaskan hamlet. They look fake—and something looks wrong. Second story. Jessica Lints lives in Blossvale, New York. It’s a town upstate, mid-way between Syracuse and Utica. It has one elementary school and one very active Boy Scouts troop. Jessica Lints is an assistant scoutmaster. It’s a role she takes seriously. As part of her 2 commitment to the troop, she says she is careful not to express her political opinions to the scouts she oversees. So she was surprised—and angry—to find her identity had been stolen and used to file a comment in the FCC record regarding net neutrality. She asked: “[h]ow the hell is this possible?” Third story. Lake Bluff is located in northern Illinois, about an hour north of Chicago. It’s a picture-perfect midwestern small town, complete with a village green and a small beach along Lake Michigan. In fact, during the first World War, it was proclaimed the “most patriotic small town in America” for the efforts of its residents to support our troops abroad. Donna Duthie made her home in Lake Bluff. In June of this year, she filed a comment in the FCC public record. Her filing began: “Hi, I’d like to comment on internet freedom.” She went on to ask the agency to repeal its net neutrality policies, calling them an “exploitation of the open internet.” This was stunning for those who knew her—because she died more than 12 years ago. Those are three brief tales. The last two were actually featured in the Wall Street Journal. But their stories are not unique. People from across the country, from every political persuasion and walk of life have found their names, addresses, and identities stolen and used to file fake comments in the FCC net neutrality record. They include Senator Jeff Merkley, USA Today columnist Edward Baig, deceased actress Patty Duke, a 13-year-old in northern New York, and a 96-year-old World War II Veteran in southern California. At last count, two million individuals have been the victims of identity theft with filings in our record that they never wrote, sent, or authorized. These comments are not the only odd and unnerving thing in the FCC record. Nearly half a million of our comments come from Russian e-mail addresses. Just under eight million comments were submitted from e-mail domains attributed to FakeMailGenerator.com with all but identical wording. Just over a million comments were submitted using mail-merge techniques designed to make them appear like unique submissions. Everywhere you look in the record—there is something strange. Something is not right—and what is wrong here is not confined to the FCC. Let me offer a few other stories—from other agencies—to demonstrate. A while back, the Department of Labor proposed a policy that would require investment advisors working with retirement accounts to act in the best interest of their clients. The fiduciary rule, as it is known, is slated for full implementation in 2019. In the meantime, the Department of Labor is gathering feedback to better understand its impact. On the one hand, insurance companies and brokerage firms contend it will add new costs and make it harder to serve clients with smaller nest eggs. On the other hand, consumer groups point out that without this rule in place, retirees could be saddled with purchasing investment products with high commissions that are not in their best interest. 3 The back-and-forth on this issue at the Department of Labor is fierce. Among the comments you’ll find one from Robert Schubert of Devon, Pennsylvania that makes crystal clear he opposes the fiduciary rule. He writes: “I do not need, do not want and object to any federal interference in my retirement planning.” But his filing was a fraud. Confronted with it, Robert Schubert said he was disgusted that people can post comments using his name. But his experience is not unusual. A survey conducted for the Wall Street Journal found that 2 in 5 comments involving the fiduciary rule featured stolen names, addresses, phone numbers, and e- mails. The Consumer Financial Protection Bureau has been swamped with comments about payday lending. Last year, the CFPB adopted new rules designed to curb abuse in the $50 billion short-term loan industry. This year, however, the CFPB has announced it will revisit and reconsider those rules. The back-and-forth here has been messy. So has the public record. As the Wall Street Journal reported, Ashley Marie Mireles, of Fresno, California was surprised to see a comment posted under her name. In it, she offered a personal anecdote about how helpful a payday loan was when she needed to take her car in for unexpected and expensive repairs. This was an obvious fake, because her family owns an auto body shop and it’s the one place where she doesn’t have to pay. Her filing wasn’t the only irregularity in the payday lending record. At last count, more than 4,000 fake comments like hers have been submitted. The Securities and Exchange Commission is reviewing the sale of the Chicago Stock Exchange to an investor group with ties to China. The public record includes some curious filings, including one from John Ciccarelli on behalf of the Global Investigative Journalism Network. It raised concerns about the use of the proposed ownership structure for money laundering—which sounds bad. The only problem is that Dave Kaplan, the Executive Director of the network says the letter was a fraud. But you can still find it in the SEC record. Final story. The Federal Energy Regulatory Commission approved the NEXUS natural gas pipeline last year. The 255-mile pipeline will carry natural gas from the Utica and Marcellus shales to users in Ohio and Michigan. While evaluating this pipeline, FERC asked for public comment on its merits. Landowners and residents along the NEXUS route were not shy about voicing their concern. But Mary England of Rising Sun, Ohio, was surprised to see that her husband Glenn sent a letter to FERC supporting the pipeline route in the Buckeye State. Her surprise was more than just substantive—because her husband died in 1998. This was by no means the only suspect filing in the record, because others in Ohio and Michigan have complained to FERC that they did not write the pro-pipeline letters posted in their names. That’s a lot of stories. So let’s review. We know that five agencies—the FCC, the Department of Labor, the CFPB, the SEC, and FERC—have had problems with stolen identities and fake comments in the public record. But I suspect they are not the only ones. The Administrative Procedure Act is a law from 1946. As attorneys at the FCC, the Department of Labor, the CFPB, the SEC, and FERC know, it’s the law that sets up the basic framework for rulemaking. When a government agency proposes new policies, it has a duty to give “interested persons” an opportunity to voice their opinion. After considering these public comments, agencies may adopt final rules along with a general statement of basis and purpose. 4 This structure has served us well for decades. It’s been the solid foundation for every agency that seeks public input for its decisions. Over time, when we have identified deficiencies in its framework, we have made adjustments. As a result, in 1980 the Regulatory Flexibility Act amended the Administrative Procedure Act to ensure agencies consider the impact of proposed rules on small business. Plus, other laws—like the Paperwork Reduction Act and Unfunded Mandates Reform Act—have changed this framework to respond to new concerns. But what we are facing now does not reflect what has come before. Because it is apparent the civic infrastructure we have for accepting public comment in the rulemaking process is not built for the digital age. As the Administrative Conference of the United States acknowledges, while the basic framework for rulemaking from 1946 has stayed the same, “the technological landscape has evolved dramatically.” This problem may seem small—but the impact is big. Administrative decisions made in Washington affect so much of our day-to-day life. They involve everything from internet openness to retirement planning to the availability of loans and the energy sources that power our homes and businesses. So much of the decision- making that affects our future takes place in the administrative state. The American public deserves a fair shot at participating in these decisions. Expert agencies are duty bound to hear from everyone, not just those who can afford to pay for expert lawyers and lobbyists. The framework from the Administrative Procedure Act is designed to serve the public—by seeking their input—but increasingly they are getting shut out. Our agency internet systems are ill-equipped to handle the mass automation and fraud that is corrupting channels for public comment. It’s only going to get worse. The mechanization and weaponization of the comment-filing process has only just begun. We need to do something about it. Because ensuring the public has a say in what happens in Washington matters. Because trust in public institutions matters. Last week Edelman released its annual Trust Barometer and reported that only a third of Americans trust the government—a 14 percentage point decline from last year. Fixing that decline is worth the effort. We can start with finding ways that give all Americans—no matter who they are or where they live—a fighting chance at making Washington listen to what they think. We can’t give in to the easy cynicism that results when our public channels are flooded comments from dead people, stolen identities, batches of bogus filings, and commentary that originated from Russian e-mail addresses. We can’t let this deluge of fake filings further delegitimize Washington decisions and erode public trust. No one said digital age democracy was going to be easy. But we’ve got to brace ourselves and strengthen our civic infrastructure to withstand what is underway. This is true at regulatory agencies—and across our political landscape. Because if you look for them you will 5 find uneasy parallels between the flood of fake comments in regulatory proceedings and the barrage of posts on social media that was part of a conspicuous campaign to influence our last election. There is a concerted effort to exploit our openness. It deserves a concerted response. This has not yet happened. At the FCC, for instance, anyone who has found their name stolen and misused in the net neutrality docket has been advised to file another statement to that effect in the public record. Let me put this as gently as I can—this is not a scalable solution. The FCC also has refused to work with state authorities like the Attorney General of New York, who has found that tens of thousands of residents in his state—as well as in California, Georgia, Missouri, Ohio, Pennsylvania, and Texas—have had their identities stolen. This is not right. For starters, it is at odds with the spirit of cooperative federalism. But more critically, the theft of identities like this is often a violation of state law. For the record, it’s also a violation of federal law. Section 1001 of Title 18 makes it a felony for any person to “knowingly or willfully” make “any materially false, fictitious, or fraudulent statement or representation” in matters before the federal government. It makes the unwillingness of our regulators in Washington to address the fraud we already know exists especially chilling. Now for some good news. Earlier this month, the Government Accountability Office wrote to Congressman Frank Pallone announcing that in response to a request made by himself and his colleagues, they would be reviewing the “extent and pervasiveness of fraud and the misuse of American identities during the federal rulemaking process.” That’s a start. Stay tuned. But it’s not enough. We need a lot more investigating—from the Department of Justice and the Federal Bureau of Investigation. We are looking at a systemic effort to corrupt the process by which the public participates in some of the biggest decisions being made in Washington. If we want to build the civic infrastructure to withstand this assault we need to both understand its origins and take out the rogues who are stealing identities, cheating the public, and destroying our trust. Plus, while we build this civic infrastructure, we can take steps to improve the rulemaking process. Every agency should perform its own internal investigation. Every agency should consider simple security measures—like CAPTCHA or two-factor authentication—that enhance security without decreasing public participation. And every agency can do something old-fashioned: they can hold public hearings. But the truth is we need to get started. Because it’s what good governance—and democracy in the digital age requires. Thank you.