WASHINGTON, DC—If Federal Communications Commission Chairman Ajit Pai actually allowed the weight of public comments on the FCC's proposed changes to network neutrality regulations to sway (or confirm) his position, he seems to have given more credence to the "opinions" of spam-generating software "bots" than actual citizens, researchers have found.

At the Shmoocon information security conference on Saturday, Leah Figueroa, lead data engineer at the data analytics software company Gravwell, presented a detailed analysis of the public comments submitted to the FCC regarding network neutrality. Applying filters to the more than 22 million comments submitted to the FCC, Figueroa and her team attempted to identify which comments were submitted by real US citizens—and which were generated by bulk-uploading bots.

At the end of September, Figueroa said, she and her team pulled in all of the submitted comments from the FCC site and applied a series of analytical steps to separate "organic" comments—those most likely to have been submitted by actual human beings—from comments submitted by automated systems ("bots") using faked personal data.

Organic comments included ones submitted through the bulk-processing interface provided by the FCC via a third-party webpage (comments that include those gathered by Last Week Tonight host John Oliver). But others submitted through the API didn't match normal human behavior and had signs of fraudulent data.

The Gravwell team began by looking at the time stamps associated with submissions.

"The first of the exploratory data analyses showed some anomalies in how comments were submitted," Figueroa said. The pattern of submissions revealed by analysis "does not mimic normal human behavior, something we would see if the comments were being submitted honestly," she explained. Hundreds of thousands of comments were being filed with the same time stamps.

"Another hallmark of bot submission," Figueroa said, was a "steady rate" of submission that didn't match human patterns of behavior, "and the contact_email field being in all-caps [all capital letters]. "The all-caps addresses, indicating the emails were likely either generated by a program or pulled from a database, matched up with other hallmarks of bot-submitted comments about 99% of the time."

In some cases, it was clear that email addresses used for the submissions were fake. For instance, Figueroa noted that more than one million bulk submissions used email addresses associated with the domain pornhub.com. Another sign that these submissions used fake email addresses was the frequency with which the submissions opted out of email acknowledgement of their comment—since any response email would have bounced.

Other submissions included repeats of an email address, which included some of the comments submitted through Oliver's site (about 1,000 comments used the email address john_oliver@yahoo.com). Other questionable submissions came from misconfigured bots—7,000 used the address example@example.com and another thousand used the email address of a developer in India who left his email in a (now removed) script on GitHub.

Only 17.4 percent of the comments submitted were unique; in one case, the same comment was uploaded over one million times. In many cases, artifacts of database merge templates or programmatically generated text were found in submissions—waves of submissions from "people" living in the state of "{STATE}" were uploaded just before torrents of comment submissions by bots.

Of those comments that were clearly submitted directly to the FCC (rather than through a bulk upload system), the vast majority favored network neutrality. And while "the majority of the raw total number of comments fall into the anti-neutrality camp," Figueroa said, the majority of the comments that were likely organic—including those submitted through another system—were in favor of network neutrality.