Introduction

From April to October of 2017, the Federal Communications Commission (FCC) received a record-breaking 22 million submissions on its public comment website, offering public input on the regulatory proposal to repeal net neutrality protections under Title II of the Communications Act [1][2]. Net neutrality refers to Internet service providers giving access to all Internet content without favoring or blocking particular websites. Federal law requires comments from potentially affected individuals, businesses, and organizations to be taken into account by federal agencies in decision-making (though the degree to which any agency has to consider public comments is not clear) [2]. The 22 million submitted comments about net neutrality included about 5 million comments that supported net neutrality and about 17 million that supported its repeal, and, in a December 2017 decision, the FCC voted 3-2 to repeal net neutrality [3].

On its face, the FCC comment period represented an effective exercise in democratic accountability: a federal agency asked for public input, the agency received a large number of public comments, and the agency seemingly took the public comments into account to make its final decision.

However, soon after the end of the public comment period, researchers alleged that hundreds of thousands of the comments were submitted under fake names, some stolen and others completely fabricated [2]. Comments came from email addresses, street addresses, and postal codes stolen from unwitting victims, constituting countless instances of identity theft [4].

Subsequent text analysis found that only 800,000 (less than 4%) of the comments submitted were likely to be truly unique and authentic [1][5]. Computer programs that automated Internet tasks (bots) using simple search-and-replace techniques were responsible for generating and submitting the overwhelming majority of the 22 million comments, and those comments were lopsided, being part of coordinated campaigns to support net neutrality repeal; twenty comment duplication campaigns alone accounted for 17 million of the 22 million comments [1].

Most of the fake comments submitted were easily detectable based on content. Figure 1 shows five bot-generated comments that include five parallel sentences. These comments were created through synonym replacement, a relatively unsophisticated method of text generation using search-and-replace.

Figure 1 shows five examples of sentences built from eight sentence components, each with three near-term options; the method was to build comments that were many sentences long. The interchangeable near-terms can be found in the upper panel of Figure 1. For example, each sentence from this model begins with “I strongly”, “I want to”, or “I’d like to”. The near-term options used to build combinations for one sentence in Figure 1 were taken directly from just one FCC commenting campaign (comprising 1.3 million comments) discovered and dissected by Jeff Kao [1]. Given only the near-term options in Figure 1, 38 = 6561 variations of this same sentence could be created.

Synonym replacement helped generate the largest clusters of bot-submitted comments during the FCC public comment period on repeal of net neutrality regulations [1]. As such, the comments generated by a bot could be identified retroactively.

Figure 1. Example Synonym Replacement Used to Build Sentences in Large FCC Public Comment Campaign. The figure shows five examples of sentences (bottom panel) built from eight sentence components, each with three near-term options (top panel). The near-term options used to build combinations for one sentence were taken directly from just one FCC commenting campaign (comprising 1.3 million comments) discovered and dissected by Jeff Kao [1]. Given only the near-term options shown, 38 = 6561 variations of this same sentence could be created.

In reality, it seems that more than 99% of the likely unique, authentic comments supported net neutrality and protested its repeal [1], and if so, public sentiment was diluted and reversed by the multitude of fake comments submitted.

Afterwards, researchers were able to use text analysis to plausibly discern original comments from fake comments, but what if text analysis was unable to distinguish? What if fake comments could be so much like original human speech that millions of these deepfake comments could not be discerned?

For several years now, artificial intelligence (AI) has enabled bots to effectively generate speech convincingly enough to deceive humans into believing another human—rather than a computer—actually wrote the text [6]. These methods have continued to improve, and more powerful models are publicly available for personal use (e.g., [7]). The expansion of highly convincing natural-language generation, or “deepfake text,” makes it nearly impossible to distinguish whether online speech originated from human or computer.

Many public comment websites, such as regulations.gov, simply provide a text box for the comment, an option to upload a file attachment and a submit button (Figure 2). This simplicity makes it easy for members of the public to provide input, but does it leave the public comment process susceptible to automated attack and influence? Can deepfake comments be submitted at scale and accepted as human comments?

Figure 2. Typical public comment submission form on regulations.gov provides a text box for the comment, an ability to attach an optional file, and a submit (or continue) button.

Background

The Public Comment Process

Most federal agencies have rule-making authority to establish regulations that determine how legislation is executed. This authority comes from the 1946 Administrative Procedure Act (APA). After notice for a proposed rule is published by a federal agency, under the APA, “the agency shall give interested persons an opportunity to participate in the rule making through submission of written data, views, or arguments” [8]. Following a public comment period of no less than thirty days, the agency must consider each relevant comment. The agency is not required to take specific regulatory action because of any one comment; however, along with the final rule, the agency must publish analysis of relevant materials and justification of decisions made in light of comments received [9].

… As explained by the Attorney General Frank Murphy in a 1941 report that laid a foundation for the APA, “knowledge is rarely complete, and it [an agency] must always learn the frequently clashing viewpoints of those whom its regulations will affect…Participation by these groups [of people affected by regulations] in the rule-making process is essential in order to permit administrative agencies to inform themselves and to afford adequate safeguards to private interests” [10].

The E-Government Act of 2002 now requires public comment periods be accessible for submission online [11], and Executive Order 13563 under the Obama Administration determined each agency must provide a meaningful opportunity to comment on proposed regulation through the Internet for a period generally at least sixty days in length [12].

Today, notices of proposed rulemaking appear on FederalRegister.gov or other public facing platforms, direct commenters to appropriate websites for online public comment submission. Several agencies maintain their own platforms, but the majority of the 221 federal agencies and agency subdivisions solicit online public comment through Regulations.gov [10].

The online comment submission process on regulations.gov is relatively simple and user-friendly. Figure 2 shows the standard form for public comment submission. As described earlier, commenters must populate a submission box and have the option to attach files for longer comments. Agencies may ask for personally identifying information (not shown), may offer the option to submit anonymously or both. After clicking “Continue,” commenters see a preview of their comment and must check a box affirming they read and understand this statement: “You are filing a document into an official docket. Any personal information included in your comment and/or uploaded attachment(s) may be publicly viewable on the web.” After clicking a “Submit Comment” button, the comment becomes an official part of public record.

On October 24th, 2019, the Permanent Subcommittee on Investigations in the U.S. Senate released a comprehensive report detailing its findings from investigation of over a dozen federal agencies into the problem of federal public comment abuse [10].

Though there is no way to know the role bots currently play in online public comment periods across federal agencies, there have been clear instances of bot interference in the past and other forms of abuse that constitute identity theft, reduce public comment efficacy, waste agency time and resources, and disrupt rulemaking [10]. As an example, Elvis Presley commented on proposed FCC regulations ten times posthumously (Figure 3).

Figure 3. Five of Ten Comments Submitted During FCC Public Comment Period Under the Name “Elvis Presley” [10].

The APA and E-Government Act give some leeway. A federal agency can disregard clearly abusive comments. An agency could disregard comments that were clearly submitted under a fake name or are clearly inappropriate, irrelevant, nonsensical, or duplicative. But, how could a federal agency disregard bot comments if they are believably human and relevant to the proposed rule?

Bots, Turing Tests and Deepfake Text

“Bot” is a colloquial term that generalizes to any software application that automates tasks on the Internet [13]. Bots are now relatively cheap and easy to build and run. In 2018, bots comprised 37.9% of all Internet traffic, and over half of this activity originated from bots conducting improper or malicious tasks [14]. With the continued improvement of accessible sophisticated AI methods, bots are increasingly able to simulate more human activity online. Agents apply bots to automate an expansive range of tasks: purchasing concert tickets, content scraping and data aggregation, committing Ecommerce fraud, posting on social media, and an innumerable number of others—ranging from helpful to malicious.

In 1950, when asked whether computers could behave like humans, Alan Turing introduced the notion of a “Turing Test” [15]. In its most general form, a computer program passes the Turing Test if it can convincingly perform like a human in conversation. Early instantiations of the test limited the scope and means of conversation and some computer programs passed. In 2014, a computer chat program by the name of “Eugene Goostman” convinced 33% of judges it was a human 13-year-old boy in a more generalized version of the test [16]. Since then, computer chat programs have continued to improve, and even commercial products, including Google Duplex, have emerged, mimicking human speech over the phone [17].

The Turing Test has been adapted to work in reverse for online bots. Because bots comprise so much Internet traffic, websites that only want human participation challenge website visitors to a kind of reverse Turing Test: the website asks a visitor to complete a task or answer a question that a human can easily do but a bot cannot. In 2003, Luis von Ahn and his colleagues termed this idea as a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) and launched image CAPTCHAs specifically for websites because image understanding was done poorly by computers [18]. Figure 4 shows a sample of CAPTCHAs used on state government websites. Google purchased the rights to the now popular image CAPTCHA system in 2009 [19] and has further developed CAPTCHA technology. Today, Google offers CAPTCHA services at no charge, and the latest version uses web browsing history as part of the test to decide whether an image challenge will even commence.

Figure 4. Examples of CAPTCHAs found on state government websites (a) Connecticut [20], (b) Delaware [21], (c) Ohio [22], and (d) Nebraska [23].

“Deepfake text” is a term I introduced earlier in this writing as an advanced from of text generation. Perhaps the earliest form of text generation was mail merge. Given a template of a letter and a list of addresses, a computer program generated individualized letters by replacing addresses in the template. The more general approach of search-and-replace is also easy to do, generating new text by replacing occurrences of strings in structure text with equivalent substitutes. Systems based on this approach wrote weather predictions, jokes, and more.

In May 2019, an AI research lab named OpenAI produced a text generation system that writes convincing fake reviews, fake news articles and even poetry [24]. The approach is simple. The researchers trained a neural network on phrase and writing structure associations using over eight million documents, totaling 40GB of content found on the Internet [25][26]. Now, given a few prompt words, a snippet of text, a passage from some writing, or something similar, the system will predict (or generate) the next words at length into a news article, short story or a poem (see a demonstration [27]). Researchers can use a publicly available version to further train the model on provided text to have the system generate new versions of similar text [26].

Methods

1. Federal Public comment website

An example of a public comment website is one for the Idaho Medicaid Reform Waiver. It accepts comments from October 3 to November 2, 2019 for the Centers for Medicare and Medicaid services (CMS) at Medicaid.gov (https://public.medicaid.gov/ connect.ti/ public.comments/ answerQuestionnaire? qid=1902435) [28].

Medicaid is a public health insurance program that provides health care coverage for low-income individuals and families as well as individuals with disabilities. It covers greater than seventy million Americans yearly [29]. Medicaid is structured as a jointly financed partnership between states and CMS [29].

If a given state would like to transform the structure of its Medicaid program in a way that opposes federal guidelines, then it must submit a waiver application to CMS requesting approval for a state-led demonstration, experiment, or pilot to test the given innovation. The procedures and parameters for state-led Medicaid demonstration waivers are outlined in Section 1115 of the Social Security Act [29]. The CMS decision on a Section 1115 Waiver requires separate state and federal public comment periods, and the State must include in its final waiver application a report on issues raised by the public and how public comments were taken into account for their final waiver [30].

If a Section 1115 demonstration would not advance the objectives of Medicaid, then CMS is required to reject the application. As such, if public comments offer relevant evidence that a Section 1115 demonstration would not further the objectives of Medicaid, CMS is required to reject the application. In fact, a lack of State consideration of comments that expose subversion of Medicaid objectives has already led to the courts blocking CMS decisions in three states [31][32][33].

The State of Idaho submitted a waiver to CMS to enact similar provisions as those struck down in Kentucky, Arkansas, and New Hampshire. [28]. The public comment submission form notes the following disclaimer: “We reserve the discretion to delete comments that are generally understood as any of the following: obscene, profane, threatening, contain personal identifiable information, or otherwise inappropriate” [34].

2. OpenAI’s GPT-2 natural language processing framework

For the computational architecture, the lowest-level GPT-2 model trained on 124 million parameters is available. The exact code used for retrieving and finetuning the model was published publicly and freely by Max Woolf in Colab, a Jupyter Notebook environment hosted by Google [7].

3. Prior submitted comments

In order for GPT-2 to produce text relevant to a Medicaid reform waiver, it needs prior samples to use as training data for finetuning the model. Public comments that had been submitted in response to prior Section 1115 Medicaid Reform Waivers can be used. CMS publishes each public comment they receive on Medicaid.gov and allows download of all submitted comments by waiver. Directly from Medicaid.gov, every comment can be downloaded from twenty-one public comment periods across waivers in over a dozen states (Arkansas, Alabama, Arizona, Indiana, Kentucky, Michigan, Mississippi, Montana, New Hampshire, Ohio, Oklahoma, South Carolina, South Dakota, Tennessee, Utah, Virginia, and Wisconsin).

Studies and Predicted Events

Desired Outcome

The envisioned result is for the managers of federal public comment websites to construct the websites in such a manner that bot submissions either do not occur or are identified once submitted. As a design statement, the goal is for these federal managers to:

Two primary studies can help improve and inform decision-makers about the current situation with federal public comment websites and a multitude of related studies can help navigate towards possible solutions.

Study 1. Deepfake Submissions

A study might generate and submit topical deepfake comments to a federal public comment website to demonstrate that the submissions would be received in volume and then be withdrawn from the comment process.

Study 2. Deepfake Comments Turing Test

A study might generate topical deepfake comments for submission to a federal public comment website, but instead of submitting them, runs a test on Amazon Mechanical Turk to see how well humans can distinguish deepfake comments from other comments submitted.

Study 3. (Related) Detecting Deepfake Comments Using Its Training Data

Generate topical deepfake comments for submission to a federal comment server, as usual, using a training dataset of prior comments on the same topic. Then, analyze the deepfake and submitted comments in comparison to the original training data to see whether the deepfake comments can be inferred as deepfakes based on knowledge of the training data used.

Study 4. (Related) Bots Challenges reCAPTCHA

Google reCAPTCHA can be added to federal public comment websites in order to help prevent bots from making massive submissions. The latest version uses the history of the computer’s browser to determine whether the submission is likely from a bot. Reportedly bots can fool reCAPTCHA and browsing history is one piece of this [35]. If so, how can this be done with few resources? Write some cloud simulation programs to see if a bot that establishes a browsing history can convince Google’s reCAPTCHA that it is a human. Use one IP address on a host with multiple IP addresses.

Study 5. (Related) Outside Verification Vulnerability to Bots

The idea of outside verification for a comment submitter involves the federal public comments website sending a private code to an email address or phone number and requiring the sent code be entered with the submission. Survey the availability of email addresses and Internet phone numbers that could be used by a bot to automate submissions that required outside verification.

It also may have to be shown that the email account/phone number creation and use steps could be automated. For example, Gmail accounts require two-step verification (and probably have a reCAPTCHA on account creation), so you would not be able to easily integrate their use in your code for making 1-million accounts to submit 1,000,000 different comments.

Study 6. (Related) Legal Requirements for Government Collection of Personal Information

The idea of outside verification (see Study 5 above) would require members of the public who submit comments to provide personally identifying information –namely, an email address or a phone number. Perform a review of the legal requirements for federal public comment websites and for the privacy of personal information collected by federal agencies to see whether federal public comment servers can require personally identifying information, and if so, what additional requirements exist for federal agencies to collect personally identifying information at websites.

Study 7. (Related) Google and Facebook Authentication Demonstration

Many websites allow visitors to authenticate themselves to the website using their credentials at other established websites such as Google or Facebook. If the government were to do something similar for federal public comment websites, then the website could know that authenticated (known) people submitted those comments. Build a website that uses authentication from Google and Facebook and analyze whether the authentication can be provided without the host of the website actually learning or knowing the person’s Facebook or Google identity.

This study might also incorporate a modified Step 5 to be convincing. If someone can just make a bunch of dummy FB and Google accounts, then they could pass this.

Study 8. (Related) Federal Authentication Website Demonstration

A variant of Study 7 above in which a website is built that allows people to register at the website, and after confirming their identity, use the website to authenticate themselves to other websites. This study would involve constructing the two websites (authenticator and a website that uses the authentication) and then performing a security analysis.

A federal authentication website could have a bunch of other uses in addition to public comment. Perhaps people need to gain authentication before completing the census? There are a lot of different ways the government interacts with individuals from the public (and civil servants) online, and this could be a sort of “soft” national identifier for the Internet. De facto, Google and Facebook are acting as this for a lot of different private websites currently (as noted in Study 7). Why not have the government run one for public life as well?

Study 9. (Related) Legal Review for a Federal Government Authentication Server

A variant of Study 8 above that conducts a legal analysis of barriers to and requirements for the federal government to host its own authentication server.

Study 10. (Related) Analysis of Identity Problems with Using a Federal Authentication Server

A variant of Study 8 above that examines the pros and cons of the federal government providing its own authentication server and includes a survey of the identity problems that could be solved by the federal government having its own authentication server.

Predicted Events

Suppose studies (Study 1 and Study 2) were done that showed that deepfake comments could be submitted to a federal public comment server in volume, and once submitted, could not be distinguished from humans. Such a study would raise the question of how to design a federal public comment website that can thwart bot submission while remaining practically useful and legally permissible (Study 6, Study 8, Study 9, and Study 10).

The decision-makers most likely to respond to a such a study are the managers in federal agencies who are responsible for federal public comment websites, along with the journalists, advocacy groups, and members of the U.S. Senate who are already engaged on this topic. (See Appendix B.)

Journalists primarily want to write attention-grabbing stories and are already writing about this topic, so the studies would likely garner media attention. Federal agency managers want journalists to write stories about its good work so agencies will be quick to host hearings and hold workshops on ways to improve public comment servers once the media attention is unavoidable. Similarly, U.S. Senators want journalists to write stories to help with re-election, so it is not surprising that media did write stories about the recently released Senate report on federal public comment servers.

Journalists primarily want to write attention-grabbing stories and are already writing about this topic, so the studies would likely garner media attention. Federal agency managers want journalists to write stories about its good work so agencies will be quick to host hearings and hold workshops on ways to improve public comment servers once the media attention is unavoidable. Similarly, U.S. Senators want journalists to write stories to help with re-election, so it is not surprising that media did write stories about the recently released Senate report on federal public comment servers.

The media attention spawned from the studies would further motivate members of the U.S. Senate and the federal managers to continue actions underway but would expand coverage to include deepfake comments. (See Appendix B.) Further, if some of the related studies are done, their results could help shape the nature of solutions.

Eventually, the managers will propose a revision to federal public comment servers, even if none of the proposed studies are done. Sufficient political will and attention already exists to motivate action, unless managers cannot decide what to do. For these reasons, the proposed and related studies are timely in helping understand the nature of the problem and the space of possible solutions.

Discussion

In summary, the proposed and related studies could further the opportunity for change that currently exists. Study 1 and Study 2 could help broaden the understanding that deepfakes are possible and if submitted, cannot be distinguished from human submissions. The proposed related studies help shape and improve understanding of possible solutions.

Of course, a scientific study (Study 1 and Study 2) may reveal the opposite: that after the FCC incident, federal public comment websites now thwart bots from making volumes of submissions or once submitted, bot submissions, even deepfake ones, can be submitted. In this case, media attention would still appear to promote how federal managers have solved the problem quickly and so effectively that even deepfake submissions are not allowed. However, in this case, the proposed related studies would be of limited value, mostly academic in nature, if sufficient solutions already exist.

References

1. Kao J. More than a Million Pro-Repeal Net Neutrality Comments were Likely Faked. Hacker Noon. November 22, 2017. https://hackernoon.com/more-than-a-million-pro-repeal-net-neutrality-comments-were-likely-faked-e9f0e3ed36a6
2. Shneiderman ET. An Open Letter to the FCC. Medium. November 21, 2017. https://medium.com/@NewYorkStateAG/an-open-letter-to-the-fcc-b867a763850a
3. Fung B. The FCC just voted to repeal its net neutrality rules, in a sweeping act of deregulation. Washington Post. December 14, 2014. https://www.washingtonpost.com/news/the-switch/wp/2017/12/14/the-fcc-is-expected-to-repeal-its-net-neutrality-rules-today-in-a-sweeping-act-of-deregulation/
4. Lecher C, Robertson A, Brandom R. Anti-net neutrality spammers are impersonating real people to flood FCC comments. The Verge. May 10, 2017. https://www.theverge.com/2017/5/10/15610744/anti-net-neutrality-fake-comments-identities
5. Singel R. Filtering Out the Bots: What Americans Actually Told the FCC about Net Neutrality Repeal. The Center for Internet and Society at Stanford Law School. October 2018. https://cyberlaw.stanford.edu/files/blogs/FilteringOutTheBotsUnique2017NetNeutralityComments1024Update.pdf
6. Warwick K, Shah H. Can machines think? A report on Turing test experiments at the Royal Society. Journal of Experimental & Theoretical Artificial Intelligence. June 29, 2015. https://www.tandfonline.com/doi/pdf/10.1080/0952813X.2015.1055826?needAccess=true
7. Woolf M. Train a GPT-2 Text-Generating Model w/ GPU For Free. August 28, 2019. https://colab.research.google.com/drive/1VLG8e7YSEwypxU-noRNhsv5dW4NfTGce#scrollTo=0-LRex8lfv1g&forceEdit=true&sandboxMode=true
8. Administrative Procedure Act. National Archives. June 11, 1946. https://www.archives.gov/federal-register/laws/administrative-procedure
9. Notice and Comment. Justia. April 2018. https://www.justia.com/administrative-law/ rulemaking-writing-agency-regulations/notice-and-comment/
10. Abuses of the Federal Notice-and-Comment Rulemaking Process. United States Senate Permanent Subcommittee on Investigations. October 24, 2019. https://www.portman.senate.gov/sites/default/files/2019-10/2019.10.24%20PSI%20Report%20-%20Abuses%20of%20the%20Federal%20Notice-and-Comment%20Rulemaking%20Process.pdf
11. H.R.2458 - E-Government Act of 2002. Congressional Record. November 15, 2002. https://www.congress.gov/bill/107th-congress/house-bill/02458
12. President Obama B. Executive Order 13563 -- Improving Regulation and Regulatory Review. White House Archives. January 18, 2011. https://obamawhitehouse.archives.gov/the-press-office/2011/01/18/executive-order-13563-improving-regulation-and-regulatory-review
13. Dunham K, Melnick J. Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet. August 6, 2008.
14. 2019 Bad Bot Report. Distil Networks. 2019. https://resources.distilnetworks.com/white-paper-reports/bad-bot-report-2019
15. Turing AM. Computing Machinery and Intelligence. Mind. October 1, 1950. https://academic.oup.com/mind/article/LIX/236/433/986238
16. Turing Test Success Marks Milestone in Computing History. University of Reading. June 8, 2014. http://www.reading.ac.uk/news-archive/press-releases/pr583836.html
17. Chen BX, Metz C. Google’s Duplex Uses A.I. to Mimic Humans (Sometimes). The New York Times. May 22, 2019. https://www.nytimes.com/2019/05/22/technology/personaltech/ai-google-duplex.html
18. Von Ahn L, Blum M, Hopper N and Langford J. CAPTCHA: Using Hard AI Problems for Security. International Conference on the Theory and Applications of Cryptographic Techniques. Eurocrypt 2003. http://www.captcha.net/captcha_crypt.pdf
19. Google acquires reCAPTCHA. Google Official Blog. Septmber 16, 2009. https://googleblog.blogspot.com/2009/09/teaching-computers-to-read-google.html
20. Connecticut State website for changing voter information online. Accessed 2016. https://voterregistration.ct.gov/OLVR/registerDetails.do (See also https://techscience.org/a/2017090601/)
21. Delaware. State website for changing voter information online. Accessed 2016. https://ivote.de.gov/voterlogin.aspx (See also https://techscience.org/a/2017090601/)
22. Ohio. State website for changing voter information online. Accessed 2016. https://olvr.sos.state.oh.us/ovru/Modify.aspx (See also https://techscience.org/a/2017090601/)
23. Nebraska. State website for changing voter information online. Accessed 2016. https://www.nebraska.gov/apps-sos-voter-registration/ (See also https://techscience.org/a/2017090601/)
24. Geitgey A. Faking the News with Natural Language Processing and GPT-2. Medium. September 27, 2019. https://medium.com/@ageitgey/deepfaking-the-news-with-nlp-and-transformer-models-5e057ebd697d
25. Radford A, Wu J, Child R, Luan D, Amodei D, Sutskever I. Open AI. February 2019. https://d4mucfpksywv.cloudfront.net/better-language-models/language_models_are_unsupervised_multitask_learners.pdf
26. Solaiman I, Clark J, Brundage M. GPT-2: 1.5B Release. OpenAI. November 5, 2019. https://openai.com/blog/gpt-2-1-5b-release/
27. King A. Talk to Transformer. (Demonstration of OpenAI’s model GPT-2) https://talktotransformer.com/
28. Idaho Medicaid Reform Waiver. Idaho Department of Health and Welfare. September 27, 2019. https://www.medicaid.gov/Medicaid-CHIP-Program-Information/By-Topics/Waivers/1115/downloads/id/id-medicaid-reform-pa.pdf
29. About Section 1115 Demonstrations. Centers for Medicare and Medicaid Services. Accessed October 31, 2019. https://www.medicaid.gov/medicaid/section-1115-demo/about-1115/index.html
30. 1115 Transparency Requirements. Centers for Medicare and Medicaid Services. Accessed October 31, 2019. https://www.medicaid.gov/medicaid/section-1115-demo/transparency/index.html
31. Judge Boasberg JE. Ronnie Maurice Stewart, et al. v. Alex M. Azar II, et al. June 29, 2018. United States District Court for the District of Columbia. https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2018cv0152-74
32. Judge Boasberg JE. Charles Gresham, et al. v. Alex M. Azar II, et al. March 27, 2018. United States District Court for the District of Columbia. https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2018cv1900-58
33. Judge Boasberg JE. Samuel Philbrick, et al. v. Alex M. Azar II, et al. July 29, 2019. United States District Court for the District of Columbia. https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2019cv0773-47
34. Summary of Responses: Idaho Medicaid Reform Waiver. Centers for Medicare & Medicaid Services. October 3, 2019. https://public.medicaid.gov/connect.ti/public.comments/questionnaireResults?qid=1902435
35. Sivakorn S, Polakis J and Keromytis A. I’m not a human: Breaking the Google reCAPTCHA. Black Hat ASIA. 2016. https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf
36. Regulations.gov Beta Website. November 2019. https://beta.regulations.gov/faq?type=beta

Appendix

Appendix A

Key Conflict in this Study

American Society versus the U.S. Government is the key conflict in this study.

*The public comment process also cannot overburden the government; i.e. They are not overburdened—time, resources, money—by the public comment process “to the extent feasible”. (Exec Ord 13563).

Appendix B

Decision-Makers Projected Response to the Proposed Study

A. Journalists versus U.S. Senate

*A new-and-improved Regulations.gov is also just being launched. From what I can tell, cybersecurity has not been a consideration in the reconstruction of the website…more just to look prettier and be more usable. May be a useless indirect countermeasure to look like they are “improving tech” [36].

B. Journalists versus Managers

Appendix C

Project Response Timeline

Projected responses are below. Time flows downwards. Events up to the proposed study have already occurred.

* Managers refers to the government officials responsible for federal public comment websites.

Appendix D

Helper Model Opportunity for Change

(a) Predicted events all occur, foretells change but does not guarantee or assert that the change will include deepfake or be among the most optimal ways to maintain usability.

(b) The opportunity for change and engagement with decision-makers already existed before the proposed studies are conducted. Even without the proposed studies, the opportunity and likelihood for change exists. So proposed studies can help define and shape the scope and nature of change.

(c) If change does not happen, it would be because the managers do not know how to make effective change. So, proposed studies address scope and nature of change needed.

Citation

Weiss, Max. Investigation Plan: Deepfake Submissions on Federal Public Comment Servers. Public Interest Investigations. 2020013001. January 29, 2020. Version . https://techscience.org/researchnetwork/investigations/2020013001