Public Report Reveals Outdated Technology at the Supreme Court
On May 2, 2022, Politico reported it had obtained a draft of the Supreme Court’s long-anticipated Dobbs opinion, overruling Roe v. Wade’s guarantee of federal constitutional protection of abortion rights. In a press release the next day, the Court confirmed the authenticity of the leaked opinion and Chief Justice Roberts proclaimed to have “directed the Marshal of the Court to launch an investigation into the source of the leak.”
Just last week, the Supreme Court finally published its public report on this investigation. In the wake of this release, instead of focusing on the still-unknown leaker, it is the Court that is getting slammed by the media. Headlines have focused on the “special treatment” Justices received during the investigation, the Court’s failure to disclose its financial relationship with the expert brought in to independently validate its investigation (former Homeland Security Secretary Michael Chertoff), and the Court’s failure to uncover the leaker’s identity. One thing perhaps not being criticized enough is the insufficient security at the Highest Court of the Land, which allowed the draft to get out in the first place.
An epic failure of legal technology at the most important legal institution in the country is certainly eyebrow-raising, and the public report reveals the shocking ineptitude of the Court’s document security. The report disclosed, “It is unlikely that the public disclosure was caused by a hack of the Court’s IT systems. The Court’s IT department did not find any indications of a hack.” The report also included admissions that the Court’s information security policies are “outdated” and its safeguards for tracking copies of sensitive documents are “inadequate.”
What Can Be Done to Prevent Similar Leaks in the Future?
Having failed to expose the Dobbs leaker, what can the Supreme Court do to prevent similar incidents from occurring in the future? The Court is already purportedly tightening its security. Although not mentioned directly in the public statement, Chertoff said in his accompanying letter that the Court had “already taken steps to increase security and tightened controls regarding sensitive documents.” His letter’s attestation to the thoroughness of the Dobbs inquiry, however, may emphasize the level of inadequacy of the Court’s technological safeguards more than anything. His recommendation in connection with his review of the investigation included four specific measures:
- Restricting the distribution of hard copy versions of sensitive documents;
- Restricting the email distribution for sensitive documents;
- Utilizing information rights management (IRM) tools to better control how sensitive documents are used, edited and shared; and
- Limit the access of sensitive information on outside mobile devices.
One reading these recommendations might be struck by their obviousness; why did the head of the judicial branch allow employees to access confidential documents on personal cell phones or create hard copies unrestricted in the first place?
With word of Mike Pence joining the ranks of alleged classified document thieves Joe Biden and Donald Trump, it appears it isn’t the only branch that has astonishingly lax security for those at the top. Taken together, these incidents suggest that the convenience of the country’s leaders has taken precedence over national security for some time in the United States. Perhaps they should take a page out of the books of leading law firms, which spend millions of dollars annually implementing cutting-edge security measures to protect their client’s confidential information.
Meanwhile, over in the legislative branch, the so-called “Leak and Lose Act” has been proposed by Rep. William Timmons in the House. The Act would implement a $5,000 fine and a lifetime ban from the federal court system for Supreme Court employees found to have leaked opinions. One would be hard-pressed to imagine, however, how a deterrence-based solution is much of a solution if violators cannot be caught due to outdated legal tech.