Judiciary Addresses Cybersecurity Breach: Extra Safeguards to Protect Sensitive Court Records
After the recent disclosure of widespread cybersecurity breaches of both private sector and government computer systems, federal courts are immediately adding new security procedures to protect highly sensitive confidential documents filed with the courts.
“The federal Judiciary’s foremost concern must be the integrity of and public trust in the operation and administration of its courts,” James C. Duff, Secretary of the Judicial Conference of the United States, the Judiciary’s national policy-making body, said in a January 6, 2021, communication to the courts.
In mid-December, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an emergency directive regarding “a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors.” The Administrative Office of the U.S. Courts (AO) immediately notified courts of this development and in response, the Judiciary has suspended all national and local use of this IT network monitoring and management tool.
The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings. An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation. Due to the nature of the attacks, the review of this matter and its impact is ongoing.
Under the new procedures announced today, highly sensitive court documents (HSDs) filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system. These sealed HSDs will not be uploaded to CM/ECF. This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not available to the public.
If they have not done so already, courts will issue standing or general orders regarding these new procedures. While they are intended to apply to all HSDs filed with a court, not all currently sealed filings should be considered an HSD. It is anticipated that court orders will address the type of filings a court does and does not consider to be HSDs. For example, most documents similar to and including presentence reports, pretrial release reports, pleadings related to cooperation in most criminal cases, Social Security records, administrative immigration records, and sealed filings in many civil cases likely would not be sufficiently sensitive to require HSD treatment and could continue to be sealed in CM/ECF as necessary. Each court’s standing or general order or equivalent procedure should address the types of filings it does and does not consider to be HSDs. Courts will work with their local bar regarding implementation of the new case filing procedures.
“The federal Judiciary has long applied a strong presumption in favor of public access to documents,” Duff said. “Court rules and orders should presume that every document filed in or by a court will be in the public domain, unless the court orders it to be sealed, and that documents should be sealed only when necessary,” Duff said in his January 6 memo to the courts.
“We fully appreciate the practical implications of taking these steps and the administrative burden they will place on courts, yet any such burdens are outweighed by the need to preserve the confidentiality of sealed filings that are at risk of compromise.”
The Judicial Conference and its committees will continue to consider and develop policy and guidance when necessary and the AO will continue to provide the courts with support and resources as they address this critical matter.