Federal courts go low-tech for sensitive documents following SolarWinds hack
The list of companies and agencies discovering that they’ve been affected by the SolarWinds hack is still growing, and they’re working with a big unknown: how far the hackers got into their systems. The federal judiciary system is likely now one of them (via The Wall Street Journal), and it isn’t taking any chances. It’s worried enough that court workers will now have to physically deliver sensitive documents, despite the ongoing pandemic.
The judiciary’s new procedures sound rather intense:
Under the new procedures announced today, highly sensitive court documents (HSDs) filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system. These sealed HSDs will not be uploaded to CM/ECF.
The message here is clear: the judiciary does not want its most sensitive documents on the system until it figures out what the hackers have done to it, and it’s willing to add quite a bit of friction to the process of filing the documents. They can no longer just send them through the internet; they’ll have to hand-deliver actual paper or USB sticks.
We fully appreciate the practical implications of taking these steps and the administrative burden they will place on courts, yet any such burdens are outweighed by the need to preserve the confidentiality of sealed filings that are at risk of compromise.
The documents in question are not necessarily the regular sealed records of everyday court proceedings. The Wall Street Journal article points out that the HSDs could contain detailed explanations of how investigators work a case, as well as information on people who could currently be under surveillance. Knowing this information could help someone avoid detection or investigation, which is why it’s so important to keep it secure.
While the measures show that the judiciary feels it can’t trust its existing networks, the public’s access to court records won’t be changing. Any records that would’ve been publicly available will still be uploaded to the Case Management and Electronic Case Files system.
The list of companies and agencies discovering that they’ve been affected by the SolarWinds hack is still growing, and they’re working with a big unknown: how far the hackers got into their systems. The federal judiciary system is likely now one of them (via The Wall Street Journal), and it…
