Investigations into leaks highlight the US Supreme Court’s problems with protecting information

The investigation, detailed in a 20-page report released Thursday, failed to reveal who leaked Justice Samuel Alito’s draft to the Politico news agency last May, a month before the ruling was formally announced.

The investigation, commissioned by Chief Justice John Roberts and led by court security chief Gail Curley, found that “technical limitations” made it “impossible” to rule out whether staff had emailed the draft to anyone else and that the court was unable to identify those who printed it.

Investigators were unable to search and analyze many incident logs kept by the court’s operating system because, according to the report, “the system lacked significant logging and search capabilities at the time.”

According to the report, 34 of the 97 court employees interviewed admitted to having printed the draft. The researchers found few confirmed print jobs because several printers at the court had little capacity to log print jobs, and many were not part of the centralized network.

Cybersecurity expert Mark Lanterman, who has provided training at the Supreme Court, said it appeared the court could strengthen controls against breaches, but noted that even well-secured networks could remain vulnerable to attackers.

“People — we’re the weakest link,” said Lanterman, chief technology officer at the Computer Forensic Services company. “They can invest millions of dollars in the cybersecurity of the federal judiciary, but it only takes one person with motive to leak.”

Carrie Severino, a former law clerk for Justice Clarence Thomas who now heads the conservative Judicial Crisis Network, said Roberts bears a great deal of responsibility for creating an environment where “safeguards were so inadequate.”

“It will never be possible to protect perfectly against leaks,” Severino added. “The judges have to circulate drafts before they are public. But this report shows how many gigantic loopholes there were.”

According to the report, the Supreme Court’s information security environment was “fundamentally built on trust with limited safeguards to regulate and limit access to highly sensitive information.” Severino and some other former clerks said that characterization matched their experiences.

“The fact is that the Court has always relied on the integrity of its members and staff,” said George Washington University Law School Professor Jonathan Turley. “In a city that is a sea of ​​leaks, the court has always been an island of integrity. This shattered that tradition. Without an arrest, it remains vulnerable.”

The report found no evidence that hackers were behind the leak of the ruling, which overturned the 1973 Roe v. Wade decision that had legalized abortion nationwide. But the report called the court’s information security policy “outdated” and recommended reviewing the platform for handling case-related documents and addressing “inadequate safeguards” for tracking who prints and copies documents.

The Supreme Court’s IT systems operate separately from the rest of the federal judiciary. U.S. judicial officials have said the systems used by federal appeals and district courts are also outdated and in need of modernization.

Three “hostile foreign actors” broke into the case processing system in 2020, Democratic Rep. Jerrold Nadler, who then headed the House Judiciary Committee, told a hearing last year.

The cyber attack prompted the judiciary to change the handling of sensitive documents in the lower courts.

Congress in December approved $106 million to fund cybersecurity and information technology modernization projects within the judiciary after officials warned of the need to protect hackers from outdated, vulnerable computer systems.

U.S. District Judge Roslynn Mauskopf, director of the Administrative Office of the U.S. Courts, told a House committee last May that the courts are a repository “for some of our nation’s most sensitive law enforcement and national security information.”

“Our systems include design consulting,” Mauskopf said. “It’s another category of highly sensitive information about prior decisions that we keep in our systems, which is another reason why we need to take steps to modernize our systems.”

Leave a Comment