If you’re one of the many people filing comments on the Federal Communications Commission plan to gut net neutrality rules, be aware that your e-mail address and any other information you submit could be made public.

There’s nothing nefarious going on, but the FCC’s privacy policy could lead people to believe that e-mail addresses will be kept secret if they file comments on FCC proceedings. The commission’s privacy policy has a section titled “Comments,” which says the following (emphasis ours):

Prior to commenting, you will be prompted to login, either by providing your e-mail address, or by linking your comment to an existing account on a popular website such as Google, Facebook, Flickr, Instagram or Twitter. While your e-mail address will not be made public, if you login with a social media service, your picture, as well as a link to your profile will be posted alongside your comment.

However, this privacy policy applies not to comments on FCC proceedings but to comments on blog posts, such as those posted by Chairman Ajit Pai. When you go to submit comments on the net neutrality plan—or any other FCC proceeding—you are told the following: “You are filing a document into an official FCC proceeding. All information submitted, including names and addresses, will be publicly available via the web.”

Unlike name and home address, e-mail address is not a required field. But if you submit an e-mail—which allows you to get an e-mail confirmation that your comment was received—it would be made public.

This isn't a new policy, and it applies to all proceedings, not just the net neutrality one. But with the net neutrality plan attracting more comments than any previous FCC proposal in history (nearly 5 million so far), it's a good time to go over what information is made public when you file comments.

Conservative group used e-mails in analysis of comments

It wouldn’t be immediately obvious to people perusing the docket that e-mail addresses are being made public. Clicking on comments in the list shows you the commenter’s name and home address, but not e-mail address. But you can find those e-mail addresses by searching the FCC’s API. You can see an example search at this link. People’s e-mail addresses are listed after the term, “contact_email.”

The API is used by anyone who wants to analyze net neutrality comments in bulk. For example, the conservative National Legal and Policy Center (NLPC) recently used names and e-mail addresses when it released an analysis, saying that “One-Fifth of Pro-Net Neutrality FCC Public Comments Are Fake.”

“More than 465,322 pro-net neutrality comment submissions (close to 20 percent of all pro-net neutrality comments filed) were made in which either the filers’ names were being submitted with the e-mail address of an obviously different person or in which the same e-mail address was used to file multiple comments—in some cases thousands of times,” the group said.

Pro-net neutrality group Fight for the Future pointed this out to Ars last week and suggested that the FCC revealing e-mail addresses might violate the FCC’s own privacy policy that says, “your e-mail address will not be made public.”

We contacted the NLPC, and the group confirmed that it “used the publicly available API and you can pull the e-mail addresses through the API.”

We also contacted the FCC, which told us that “the general privacy policy pertains to blog comments, communications and queries with the website, etc. So when you post a comment on the blog, your e-mail address is not revealed. When you communicate with the webmasters, your e-mail is not publicly revealed.”

By contrast, the warning you get before submitting comments into public dockets that “All information submitted… will be publicly available via the web” should make it clear to people that their e-mail addresses will be made public if they choose to submit them, the FCC says.

In the comment system, “it’s clearly disclosed that all information submitted will become public—and in the review screen where you verify information before final submission, the warning appears again, along with the information you have submitted, including your e-mail address if you have provided it. The e-mail address is not a required field though,” an FCC spokesperson said.

“Confusing, but probably unintentional”

Still, Fight for the Future Campaign Director Evan Greer thinks the FCC’s general privacy policy could be more clear about the fact that its promise of e-mail address confidentiality does not apply to the comment system.

“This strikes me as confusing, but probably unintentional,” Greer told Ars. “That said, if the result is that millions of people's e-mail addresses are exposed without them realizing that is going to happen, that seems pretty bad and like something they should be concerned about. It seems like it would be worth them updating their privacy policy and/or making it more clear on the comment submission form that your e-mail address will be visible.”

Separately, Fight for the Future has been trying to convince the FCC to remove anti-net neutrality comments that were submitted by spam bots and attached to names and addresses drawn from data breaches. Victims of this impersonation sent a letter to Pai urging him to take action, but there has been no change.

So far, 4.98 million comments have been filed on the net neutrality proceeding. The FCC is taking comments until August 16 and will make a final decision sometime after that.

As a side note, the FCC’s main page for directing people to the net neutrality docket had a broken link at the top for at least a few days. If you had clicked the link that’s supposed to go to the docket, you would instead have gotten a “Page not found” error. We notified the FCC public relations team about this five days ago and again today, and it has finally been fixed.

You can also get to the docket directly at this link, by searching the Electronic Comment Filing System for proceeding 17-108, or by using John Oliver’s gofccyourself.com link.