tinited ~rotes ~enate WASHINGTON, DC 20510 398 May 2 1, 201 8 The Honorable Aj it Pai Chairman Federal Communications Commi ssion 445 12th Street Southwest Washington, DC 20554 Dear Chairman Pai: Late last year, the identities of as many as two million Ameri cans were stolen and used to fi le fake comments during the Federal Communications Commission's (FCC' s) comment period for the net neutrality rule. We were among those whose identities were misused to express viewpoints we do not hold. We are writing to express our concerns about these fake comments and the need to identify and address fraudulent behavior in the rulemaking process. The first three words in our Constitution are, "We the People." The federal rulemaking process is an essential part of our democracy and allows Americans the opportunity to express their opinions on how government agencies decide important regulatory issues. As such, we are concerned about the aforementioned fraudulent acti vity. We need to prevent the deliberate misuse of Americans' personal information and ensure that the FCC is working to protect against current and future vulnerabilities in its system. Simple security measures should be employed to restore trust in the rulemaking process. For example, a CAPTCHA, or Comp letely Automated Public Turing test to tell Computers and Humans Apart, could be used in future public comment submissions. This technology would ensure that a human, not a machine, is using a computer to submit comments. We encourage the FCC to determine who facili tated these fake comments. While we understand and agree with the need to protect individuals' privacy, we request that the FCC share with the public the total number of fake comments that were fil ed. We also request that the FCC answer the fo llowing questions regarding those fake comments: " How is the FCC working with the Department of Justice to identify those who submitted fake comments? " ls the FCC working with state attorneys general to determine whether state crimes were broken when these identities were stolen? " What measures is the FCC taking to ensure thi s does not happen in the future? " How can the FCC track down who misused the identities of two million Americans? " Can the FCC determine how many of the fake comments on record were submitted by bots, a software application that runs automated tasks (scripts) over the Internet? " Has the FCC considered using a CAPTCHA, or other security technology, to prevent fraudulent machine input? " Is the FCC aware of any foreign government submitting fake comments and for what purpose? Thank you for your time and attention to this important matter, and we look forward to reviewing your responses to the above questions. Sincerely, Jeffrey A. Merkley Pat Toomey United States Senator United States Senator 2