Reuters
The investigation into the leak of a draft of last year’s Supreme Court ruling overturning the national right to abortion laid bare a persistent problem at the top U.S. judicial body and the broader federal judiciary – creaky tech systems and lax security protocols for handling sensitive documents.
The inquiry, detailed in a 20-page report released on Thursday, failed to uncover who leaked the draft authored by Justice Samuel Alito to the news outlet Politico last May, a month before the ruling was formally issued – in part due to information technology record-keeping deficiencies.
The investigation, ordered by Chief Justice John Roberts and headed by the court’s chief security official Gail Curley, found that “technical limitations” made it “impossible” to rule out whether any employees emailed the draft to anyone else and said the court lacked the ability to identify those who printed it out.
Investigators could not search and analyze many event logs maintained by the court’s operating system because, the report said, “at the time the system lacked substantial logging and search functions.”
The report said 34 court employees – out of the 97 interviewed – acknowledged printing out the draft. The investigators found few confirmed print jobs because several printers at the court had little ability to log print jobs and many were not part of its centralized network.
Cybersecurity expert Mark Lanterman, who has conducted training at the Supreme Court, said it appeared the court could stand to bolster controls to guard against leaks but noted that even highly secure networks can remain vulnerable to bad actors.
“People – we’re the weakest link,” said Lanterman, chief technology officer at the firm Computer Forensic Services. “They could invest millions of dollars in the federal judiciary’s cybersecurity, but all it takes is one person with a motive to leak.”
Carrie Severino, a former clerk to Justice Clarence Thomas who now heads the conservative Judicial Crisis Network, said Roberts bears much of the responsibility for creating an environment where “security measures were so inadequate.”
“It’s never going be possible to perfectly protect against leaking,” Severino added. “The justices have to circulate drafts before they’re public. But you can see from this report how many gigantic loopholes there were.”
The report said the Supreme Court’s information security environment was “built fundamentally on trust with limited safeguards to regulate and constrain access to very sensitive information.” Severino and some other former clerks said that characterization rang true to their experiences.
“The fact is that the court has always relied upon the integrity of its members and staff,” George Washington University Law School professor Jonathan Turley said. “In a city that is a rolling sea of leaks, the court was always an island of integrity. This shattered that tradition. Absent an arrest, it will remain vulnerable.”
The report found no evidence hackers were behind the leak of the ruling, which overturned the 1973 Roe v. Wade decision that had legalized abortion nationwide. But it called the court’s information security policies “outdated” and recommended that it overhaul its platform for handling case-related documents and remedy “inadequate safeguards” for tracking who prints and copies documents.
The Supreme Court’s IT systems operate separately from the rest of the federal judiciary. U.S. judiciary officials have said the systems used by federal appellate and district courts also are outdated and need modernization.
Three “hostile foreign actors” breached the judiciary’s lower-court document-filing system in 2020, Democratic Representative Jerrold Nadler, who at the time headed the House of Representatives Judiciary Committee, told a hearing last year.
The cyberattack prompt the judiciary to change how it handles sensitive documents at the lower-court level.
Congress in December approved $106 million in funding for cybersecurity and information technology modernization projects within the judiciary after officials warned of the need to guard against hackers breaching aging, vulnerable computer systems.
U.S. District Judge Roslynn Mauskopf, director of the Administrative Office of the U.S. Courts, last May told a House committee the courts were a repository “for some of our nation’s most sensitive law enforcement and national security information.”
“Our systems house draft opinions,” Mauskopf said. “That’s another category of very sensitive, pre-decisional information that we house within our systems, which is yet another reason why we need to take steps to modernize our systems.”
Reuters
