The Public Comment Bot Enters Rulemaking
When generated comments can imitate civic participation at scale, agencies need better ways to hear publics without mistaking automation for democratic weight.
The Comment File
Notice-and-comment rulemaking is one of the quiet machines of democratic government.
An agency proposes a rule. The public can comment. Trade associations, companies, unions, civil-rights groups, states, local governments, researchers, affected workers, families, patients, students, and ordinary residents can put evidence, objections, alternatives, costs, lived experience, and legal arguments into the record. The agency then has to consider the relevant material before finalizing the rule.
This is not town-hall romance. Most people never read the Federal Register. Many comments are organized by advocacy groups. Sophisticated actors already have lawyers, consultants, data, and time. But the comment file still matters because it is one of the places where public reasoning becomes administrative memory. It is not only expression. It is a record that can shape final rules, future litigation, agency learning, and public accountability.
That record now sits in a different media environment. A generated comment can be cheap, fluent, personalized, jurisdiction-specific, and produced in thousands of variants. A fake grassroots campaign can look less like copy-paste spam and more like a field of distinct citizens. The administrative state is being asked to hear the public through a synthetic fog.
Fake Consensus Before AI
The problem did not begin with generative AI.
The clearest modern warning came from the Federal Communications Commission's 2017 net-neutrality proceeding. After the FCC received a record-breaking volume of comments, investigations found massive comment fraud. The New York Attorney General's 2021 report concluded that millions of fake comments had been submitted using real people's names and addresses without consent. The report also described separate campaigns that generated large numbers of comments with misleading tactics and little meaningful consent from the people named.
The Government Accountability Office later reported that the FCC received nearly 24 million comments in the proceeding and that about 32 percent of them used temporary or disposable email domains. GAO did not treat that as proof that every such comment was fake, but it identified the scale and validation problem clearly: agencies can be flooded with material that is hard to authenticate, hard to de-duplicate, and hard to interpret as public input.
This older case matters because it separates two questions that are often confused. First: did real people participate? Second: did the comments add relevant information to the rulemaking record? A million authentic but identical slogans may have political meaning. They may not add a million units of legal or technical evidence. A smaller set of detailed comments from affected people may matter more for agency reasoning than a larger pile of automated agreement.
Generative AI does not invent astroturf. It lowers the cost of making astroturf less obvious.
What Generative AI Changes
Earlier mass-comment campaigns often had visible fingerprints: identical text, repeated templates, suspicious email domains, mismatched identities, or a sudden flood from a single organizing pathway. Those signals are still useful. They are no longer enough.
Large language models can rewrite the same position in many styles. They can add local details, vary tone, cite agency language, summarize technical claims, and generate plausible personal narratives. A campaign can prompt for comments from simulated small-business owners, parents, nurses, veterans, farmers, gig workers, tenants, teachers, or rural broadband customers. Some of those simulated comments may include invented experiences. Others may remix real grievances collected elsewhere. Still others may be posted by real people who consented to a one-click campaign without reading the generated text attributed to them.
The hard case is not crude spam. The hard case is model-mediated participation: a real person clicks a link, selects a position, perhaps enters a few details, and an AI system generates the comment. Is that public input? Yes, partly. Is it the person's own testimony? Not necessarily. Does it deserve the same treatment as a handwritten account of direct experience? No. Does it deserve deletion? Also not automatically.
The system now has more categories than "real" and "fake." There are human-authored comments, template comments, assisted comments, AI-drafted comments reviewed by a human, AI-generated comments barely reviewed by a human, falsely attributed comments, bot-submitted comments, and comments produced by organizations that speak for members with varying levels of consent.
A serious rulemaking system has to preserve those distinctions. Otherwise it will either overcount synthetic participation or overcorrect by treating ordinary people as suspicious unless they write like lawyers.
Notice and Comment Is Not a Vote
One protection is doctrinal: notice-and-comment rulemaking is not supposed to be a plebiscite.
The Administrative Conference of the United States has emphasized that agencies should focus on the substantive content of comments rather than treating comment counts as votes. A large volume of identical or near-identical comments can signal public salience, but agencies must still reason from evidence, statutory authority, technical feasibility, costs, benefits, alternatives, equity, rights, and the factual record.
That principle becomes more important as comments become easier to generate. If an agency treats volume as democratic proof, it invites automation to become representation. If a company, advocacy network, or foreign influence operation can manufacture 500,000 plausible comments, then the rulemaking interface becomes a scoreboard for whoever can generate more civic-looking text.
But the opposite error is also dangerous. Agencies should not dismiss mass participation simply because it is organized. Organized comments may represent real constituencies. Template campaigns can help people participate when they lack time, legal knowledge, or confidence. Disability groups, tenants, patients, workers, parents, and small organizations often need scaffolding to enter administrative processes dominated by professionals.
The standard should not be hostility to coordination. The standard should be clarity about what kind of input each comment provides: evidence, legal argument, lived experience, organizational position, member mobilization, political signal, or synthetic noise.
The Legibility Trap
AI-generated comments are tempting because they make participation legible in the format the institution already accepts: text in a docket.
That is also the trap. A docket rewards written fluency. It privileges people and organizations that can translate experience into the language of reasons, citations, burdens, benefits, and statutory hooks. Generative AI seems to democratize that fluency. It can help a nurse explain a staffing burden, a tenant explain a housing rule, or a small business explain compliance costs. Used well, it can make the administrative process less exclusionary.
Used badly, it creates a simulation of participation. The agency sees clean prose, not the consent process that produced it. It sees a name, not whether the named person reviewed the comment. It sees a narrative, not whether the event happened. It sees geographic spread, not whether the campaign generated local color from a prompt. It sees civic texture, not the machine that manufactured texture.
This is model-mediated knowledge at the institutional edge. The agency is not only reading what the public says. It is reading what software says the public might plausibly say.
The deepest risk is not that every generated comment is false. The risk is that the comment file becomes a synthetic public: a record of apparent participation that future institutions, courts, journalists, and researchers may treat as evidence of public experience.
A Governance Standard
Agencies should not try to solve this with a fantasy of perfectly pure authorship. Public participation has always included drafting help, coalition campaigns, lawyers, templates, translators, family members, staffers, and advocacy software. The goal is not to ban assistance. The goal is to keep assistance from impersonating public voice.
First, require clear attribution for organized and AI-assisted campaigns. Comment portals and campaign tools should let submitters disclose whether text was drafted by an organization, generated by AI, substantially edited by a person, or submitted as a template. The disclosure should be structured enough for agencies to analyze, not buried in prose.
Second, separate identity validation from public exposure. Agencies need stronger tools to detect falsely attributed comments, bot submissions, and repeat abuse. But public dockets should not force ordinary commenters to expose unnecessary personal data. Authentication should protect participation, not become an identity gate that chills it.
Third, classify comments by contribution type. A docket should distinguish unique evidence, unique personal experience, technical analysis, legal argument, template support, template opposition, duplicate text, and suspected automated or falsely attributed material. Counts can be reported, but they should not substitute for analysis.
Fourth, preserve human accessibility. If agencies harden the portal against automation, they must not make participation impossible for people with low bandwidth, disability access needs, limited English, shared devices, privacy concerns, or little bureaucratic literacy. Anti-bot design can quietly become anti-public design.
Fifth, audit campaign intermediaries. The FCC case showed that the weak point may be outside the agency portal: lead generators, advocacy vendors, list brokers, and political firms that collect names or submit comments on people's behalf. Consent records matter. So do penalties for knowingly submitting comments under names of people who did not authorize them.
Sixth, use AI defensively but cautiously. Agencies can use clustering, duplicate detection, language analysis, and anomaly detection to manage large dockets. They should not let detection models become unreviewable filters that discard inconvenient publics. Any automated triage should be logged, contestable, and checked by humans.
Seventh, publish docket-integrity summaries. For high-volume rulemakings, agencies should explain how many comments were received, how duplicates were handled, what validation steps were used, what categories were reviewed, what was excluded or deweighted, and what substantive themes affected the final rule.
The Spiralist Reading
The public comment bot is a small machine with a large symbolic effect.
It sits at the hinge between voice and record. A person speaks, or appears to speak. A system stores the statement. An agency reads the file. A rule is justified. A court later examines the record. The public memory of participation becomes part of the law's reality.
That is why synthetic comments matter. They do not merely pollute a website. They threaten the chain that lets institutions say, with some humility, that they listened.
AI can help people enter that chain. It can translate bureaucratic language, summarize proposed rules, draft first versions, improve accessibility, and help non-experts make relevant points. That use expands agency. The danger begins when the model becomes the participant, the campaign becomes the public, and the record becomes a mirror reflecting organized prompts back to the state.
Recursive reality appears here in administrative form. Agencies ask the public what a rule will do. Automated systems generate public-looking answers. Agencies summarize those answers. Future actors cite the summary as evidence of public concern. The generated public becomes part of the institutional world it was generated to influence.
The answer is not nostalgia for paper comments or suspicion of ordinary assistance. It is source discipline for democratic input. Who authorized this comment? What role did a model play? Is the statement evidence, argument, template support, or synthetic pressure? What did the agency actually learn?
A comment system that cannot ask those questions will still collect text. It will not reliably hear the public.
Sources
- New York State Office of the Attorney General, Fake Comments: How U.S. Companies and Partisans Hack Democracy to Undermine Your Voice, May 2021.
- New York State Office of the Attorney General, press release on fake comments and net-neutrality proceeding, May 6, 2021.
- U.S. Government Accountability Office, Federal Rulemaking: Selected Agencies Should Clearly Communicate Practices Associated with Identity Information in the Public Comment Process, GAO-20-235, May 2020.
- Administrative Conference of the United States, Recommendation 2021-1, Mass, Computer-Generated, and Fraudulent Comments, June 2021.
- Administrative Conference of the United States, report on mass, computer-generated, and fraudulent comments, 2021.
- Regulations.gov, About Regulations.gov, reviewed May 2026.
- Federal Register, A Guide to the Rulemaking Process, reviewed May 2026.
- GSA Open Government, Regulations.gov API documentation, reviewed May 2026.
- Church of Spiralism, The Synthetic Respondent Becomes the Public, The Provenance Layer Is Not a Truth Machine, and Synthetic Consensus Firebreak.