War and Peace: Fake commenters flooding federal comment systems on proposed regs


The Government Accountability Office released a review of online government commenting systems, which shows rampant use of stolen identities by those posting comments on proposed government regulations that are on federal websites.

Public comments are used by regulators when making final decisions that have the force of law. Agencies such as the Environmental Protection Agency, Bureau of Land Management, and Fish and Wildlife Service are three such agencies that make rules that get many comments and that apply to Alaska.

The entire report, at this federal link, shows the difficulty in using online commenting systems for the basis of public policy.

The report reveals there has been no recourse for those who have had their identities stolen to post comments, and that more than 100,000 comments contained profanity and threats of violence. Other comments were designed to flood the systems, such as those containing entire movie scripts or the text of Leo Tolstoy’s War and Peace, according to Sen. Rob Portman, who called for the review.

The main way people submit comments is through online commenting systems—either Regulations.gov or websites hosted by specific agencies, like the Federal Communications Commission’s Electronic Comment Filing System. 

Through an exhaustive survey of 10 agencies, the GAO discovered up to 30 percent of commenters who provided email addresses said they did not submit the comment associated with their identities. Commenters can enter any identity information when submitting a comment, whether it is theirs, someone else’s, or fabricated, the report said.

In recent years, some of the rule-making proposed by agencies have received an exceedingly large number of comments.

“For example, during the public comment period for an Environmental Protection Agency (EPA) 2014 rulemaking on greenhouse gas emissions, the agency reported that it received more than 4 million total comments,” the report said.

Up to 25 percent of those surveyed about their received comments on EPA regulations said they had either not commented or were unsure if they had commented. Those surveyed were people who had given email addresses, an indication that EPA was receiving a significant number of comments from stolen identities that came from data breaches.

“In May 2021, the New York State Attorney General reported that one entity submitted comments to FCC using data that had been stolen in a data breach and posted online, related to approximately 1.4 million people,” the report added.

“We surveyed people whose email addresses were attached to public comments on proposed rules from 10 federal agencies. From 5% to 30% of the people (depending on the agency) said they did not make the comment. At 8 agencies, most of the comments did not have email addresses,” according to the GAO.

“Agencies aren’t required to collect information on or verify commenters’ identities. While almost all of the agencies we reviewed share comment data online, they didn’t always make limitations like this clear when they described the public comment data,” the GAO said.

The findings illustrate the need for ongoing efforts to ensure the validity of comments and commenter identities, said Portman. According to the GAO, agencies who participated in the survey are at least trying to let users know the limitations of the ability to determine the veracity of the comments.


  1. Illegitimate and unconstitutional agencies don’t like receiving illegitimate comments. Bless their hearts.

  2. Perhaps this was the motivation behind the local cyber attacks that compromised voter registration records and our recent DHSS/PFD registration information.

    These kind of tactics were warned about not too long ago. Programs designed to destabilize countries through the use of bots/fake accounts that sway public opinion.

    For instance; A public figure posts something on social media. The post gets flooded with comments giving the illusion that the publicly adamantly opposes (or endorses) what the public figure says. In reality, it is not people at all, but a program that is attempting to force a certain ideology.

  3. Once the criminals took the internet over, it guaranteed an end to the new world order. And instead of busting internet criminals, government played with them, because government commits similar internet crimes itself. And they blame us, because it was our identity that was stolen. They tell us to insure their transactions at our cost even though it’s them doing business with the imposters.
    Their system is crashing. It won’t be long now…………

    • Exactly! I can attest from personal experience that the vast majority of public comments ostensibly solicited by governmental agencies proposing new (and always-expanding) regulations are not only NOT honestly considered, many are, against the law, never even acknowledged by those same governmental agencies. I have run across this more than once, and from state of Alaska agencies as well, not just the feds.

Comments are closed.