SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
The Federal Communications Commission has told members of Congress that it won't reveal exactly how it plans to prevent future attacks on the public comment system.
FCC Chairman Ajit Pai and Democratic lawmakers have been exchanging letters about a May 8 incident in which the public comments website was disrupted while many people were trying to file comments on Pai's plan to dismantle net neutrality rules. The FCC says it was hit by DDoS attacks. The commission hasn't revealed much about what it's doing to prevent future attacks, but it said in a letter last month that it was researching "additional solutions" to protect the comment system.
[...] "Given the ongoing nature of the threats to disrupt the Commission's electronic comment filing system, it would undermine our system's security to provide a specific roadmap of the additional solutions to which we have referred," the FCC chief information officer wrote. "However, we can state that the FCC's IT staff has worked with commercial cloud providers to implement Internet‐based solutions to limit the amount of disruptive bot-related activity if another bot-driven event occurs."
[...] When responding to another question about what hardware resources are being committed to improve the comment system's uptime, the CIO again said that revealing specific details would undermine the FCC's security.
[...] There are apparently no law enforcement agencies involved in the FCC's ongoing investigation because the attacks weren't significant enough. "The FCC consulted with the FBI following this incident, and it was agreed this was not a 'significant cyber incident' consistent with the definition contained in Presidential Policy Directive-41 (PPD-41)," the FCC said in its letter to House Democrats.
[...] Pai told House Democrats to trust him that the situation is under control.
-- submitted from IRC
(Score: 4, Interesting) by urza9814 on Wednesday August 02 2017, @12:14AM (2 children)
Soo...Cloudflare? Sounds like Cloudflare.
Which, IMO, would be a violation of the first amendment right to petition the government. Because you aren't petitioning the government anymore, you're petitioning a private company that may or may not transfer your message as written, and may or may not block you for any reason they want. Sounds like an attempt to avoid accountability, which would explain the secrecy...
Of course, with no details, maybe it *is* in-house...in which case it sounds like they're aiming for security through obscurity. Which isn't much better...
(Score: 3, Interesting) by frojack on Wednesday August 02 2017, @01:10AM (1 child)
Nothing about petitioning the government suggests privacy or anonymity.
You usually have to sign on the line and include your address. Legibly.
Setting up a system where bots can vote, and then calling it ddos is ridiculous.
I can't see an on-line vote on ANYTHING working any better than this fiasco.
And that it happened to a government agency that is supposed to actually have a clue is priceless and instructive.
No, you are mistaken. I've always had this sig.
(Score: 2) by urza9814 on Wednesday August 02 2017, @07:34PM
...which is why my comment didn't mention privacy or anonymity.
What I was trying to get at is that we have a right to petition *the government*, not a right to make our complaints about the government known to a selected third party. It doesn't necessarily have to be private or anonymous, but it does have to be direct. They can't outsource their complaints department.
Yeah, they're *probably* extremely incompetent, Hanlon's razor and all...
But if they were extremely malicious, would they do anything different? That'd be a hell of a strategy if one WANTED to subvert the existing system. Build it poorly, let it fail predictably, and tell the general public it failed because it was "attacked". It's not even a lie really, so you won't get any soundbites from "cybersecurity experts" contradicting them. It *was* attacked, it was just the normal attacks that any major website has to withstand.
And it's not really an online voting system, it's an online comment/email system. Not much different than the contact form that damn near every government agency or official has had on their website for years. It's a solved problem; the only difficult part is where you draw the line to prevent rejection of valid submissions. But worst case you can give a 'print comments' button and a fallback snail mail address to send them in.