Entered an online contest lately? Congrats! You could have unwittingly supported the repeal of net neutrality.
In 2017, the Trump-era Federal Communications Commission (FCC) solicited public comments over whether it should repeal the Obama-era rule that established net neutrality (which it did in 2018). Net neutrality is the concept that internet providers have to treat all website traffic equally, and can’t create “fast lanes” or “slow lanes” for different companies and customers.
New information in a report from the New York Office of the Attorney General (OAG) has revealed how people on both sides of the issue manipulated the digital comment submission process.
A 19-year-old created a bot that generated fake names, emails, and addresses to submit over 7.7 million comments in support of net neutrality. Meanwhile, the trade organization representing ISPs like Comcast and AT&T, called Broadband for America (BFA), paid $4.2 million to a lobbying firm, which employed a network of sketchy marketing companies, who ended up using stolen names, names from unrelated marketing campaigns, and even the names of dead people, for comments supporting a repeal of the rule.
Those campaigns generated more than 8.5 million fake comments and an additional half million fake letters to Congress. Three of the companies responsible are collectively paying $4.4 million in settlements for their actions.
Broadband for America and its lobbying firm have emerged relatively unscathed, since the OAG found no evidence that they had direct knowledge of fraud. However, the OAG says BFA did ignore red flags, and continued using one of the vendors even after partners raised concerns.
Why the big to-do over such a wonky sounding issue? Because both money, and the future of the internet, were on the line. Internet service providers are typically against net neutrality, because charging more for different tiers of service is a way they can make money. Internet activists support net neutrality because it establishes the internet as a public utility to which everyone is entitled. The contentious and high-stakes nature of the issue is why the proposed repeal of the net neutrality rules — that had just passed in 2015 — inspired a deluge of public comments: 22 million, in fact.
At the time, reports exposed that comments in support of repealing the net neutrality rule came from people who said they had never made such comments, and even from dead people. Thanks to the OAG report, now we know that around 18 million of those 22 million comments were fake.
The big picture mechanism that enabled the fraud were the layers of vendors and contractors separating the people that commissioned the comments — BFA and its lobbying firm — from the multiple companies actually “collecting” names.
“This arrangement created an environment that was ripe for fraud,” the report says. “The layers of intermediaries separating BFA’s lobbying firm at the top of the web from the co-registration firms at the bottom of the web made those co-registration firms unaccountable.”
The OAG’s organizational charts of the operations show how this was possible.
The astroturfing org chart.
Image: New York OAG
Opt-Intelligence used multiple sub-contractors to get its names.
Image: NY OAG
The lobbying firm hired three companies — Fluent, Inc., React2Media, Inc., and Opt-Intelligence, Inc — to solicit comments and letters to Congress. These companies do what’s called “lead generating,” which means using online marketing tactics to gather personal information.
What these companies were *supposed* to do was actually sketchy in and of itself. They were supposed to display ads that got people to consent to the companies sending a pre-written comment on their behalf. They contracted with organizations like the Taxpayers Protection Alliance to make it look like the campaigns were coming from organizations — intentionally obscuring the BFA’s involvement in the operation. They also employed “Mad Libs”-like tactics that would automatically make messages look different from one another to obscure the fact that they were a result of a campaign.
The lead generating company never even ran these ads it mocked up.
Image: NY OAG
But this was not, in fact, how the companies delivered their 9 million comments and letters. What they did was much simpler.
The largest vender, Fluent, generates leads by advertising gift card giveaways and other sweepstakes. Fluent took the time to spin up websites it could show its client, the lobbying firm, that it was generating leads from the advocacy method. But it was actually just using names it had gotten by advertising sexual enhancement supplements and other upstanding chances to win.
“Contrary to its representations to BFA’s lobbying firm, Fluent never ran any comment solicitations on its websites, and, accordingly, never obtained anyone’s consent to submit comments to the FCC,” the report says. “Instead, Fluent copied information consumers had provided when registering on one of Fluent’s websites — in some cases, months or years earlier — and passed it off as personal information entered into the comment solicitation by individuals who had agreed to participate in the campaign to repeal net neutrality rules.”
Enter to win a Visa gift card, and the company running the campaign might use your name and email for other purposes without your consent!
Image: NY OAG
The second firm, Opt-Intelligence, hired multiple layers of subcontractors who also ended up using old records from unrelated campaigns. The black market was the data source of the third vendor, React2Media, which was responsible for running banner ads.
“Emails and database records obtained in the OAG’s investigation revealed that the company engaged to run the ads ran few, if any,” the report says. “Instead, it fabricated all or nearly all of the more than 1.5 million records of consent it claimed to have obtained. The personal information that commenters had purportedly entered had, in fact, merely been copied from other sources, including records that had been stolen in a data breach and dumped online.”
While BFA and its lobbying firm didn’t perpetrate the fraud, the report indicates that it turned a blind eye to it. The vendor in charge of sending the emails to Congress notified the firm when it received reports that people had never consented to giving their names for the campaign. The firm suspended the email campaign, but nonetheless continued its lead generating work for FCC comments with Fluent — the company that had provided the names for the congressional email campaign.
The ISPs empowered contractors to put together a typical astroturfing campaign, which means creating the appearance of grassroots support when it’s really bought and paid for. What they got was much simpler, and stupider. And, it turns out, illegal.