Abuses of the Federal Notice-and-Comment Rulemaking Process

After the Federal Communications Commission received nearly 24 million comments in the course of just one rulemaking proceeding in 2017 and its website crashed due to the volume of comments submitted simultaneously, the Permanent Subcommittee on Investigations initiated a review of federal commenting systems to understand their flaws and develop recommendations to improve them. The Subcommittee  found:

• Most federal agencies lack appropriate processes to address allegations that people have submitted comments under fraudulent identities.
• The FCC’s process for addressing comments submitted under false identities potentially causes additional harm to victims of identity theft and the comment process as a whole.
• None of the commenting federal systems examined use CAPTCHA or other technology to ensure that real people, instead of bots, are submitting comments to rulemaking dockets.
• Agencies do not have consistent policies regarding the screening and posting of comments.

The Subcommittee's staff made the following recommendations:

1. Congress should amend the E-Government Act of 2002 to clarify that agencies should not accept or post abusive, profane, or threatening comments; irrelevant comments; or comments submitted under a false identity. Comments containing threats or abusive language, irrelevant comments, or comments sent from a fake identity should not remain available for public viewing.
2. Congress should consider amending the APA to provide guidance to agencies on the degree to which they should consider the volume of comments they receive in favor of or against a proposed rule.
3. In coordination with the Office of Information and Regulatory Affairs (“OIRA”), executive branch and independent agencies should develop standard protocols for reviewing and posting submitted comments and provide agency personnel with appropriate training on those protocols. Those protocols should address threats, abusive language, personally identifiable information, duplicate comments, and comments submitted under false identities. Agencies should make those protocols public to ensure commenters understand their responsibilities.
4. The E-Rulemaking Program Executive Steering Committee, FCC, and SEC should develop uniform and appropriate limits on duplicative comments and technological means to reduce the number of duplicate comments in their dockets. They should require commenters to submit individual comments directly through their platforms and develop policies to encourage organizations to collect signatures on one comment, rather than submitting thousands of individual identical comments.
5. The E-Rulemaking Program Executive Steering Committee, FCC, and SEC should consider using technology like CAPTCHA to ensure that only real human beings are commenting on rules.
6. Federal comment platforms should allow commenters the option to submit anonymously or under their real names, but not under false identities. If commenters enter a name, the platforms should require commenters to confirm that the name is their own and that they understand that criminal penalties may attach if they falsify their identity.
7. Federal agencies should refer allegations of identity theft to the appropriate law enforcement agencies.