US court system ditches electronic filing, goes paper-only for sensitive documents following SolarWinds hack

Lawyers required to hand in dead-tree copies. No, seriously


The US court system has banned the electronic submission of legal documents in sensitive cases out of concern that Russian hackers have compromised the filing system.

In an extraordinary order handed down to all federal courts late last week – here's an example [PDF] – any documents that “contain information that is likely to be of interest to the intelligence service of a foreign government” will now have to be physically printed out and provided in a physical format.

The decision follows concerns last month that as a result of the SolarWinds fiasco – in which suspected Kremlin spies gained access to the networks of multiple US government departments via backdoored IT tools – the court system itself may have been hacked, making Highly Sensitive Documents (HSDs) accessible.

Typically those documents are filed through the court system’s electronic filing system but are sealed, requiring specific login access. Despite the online system’s shortcomings (it is clunky, has a dreadful search function and a horribly outdated UI), it has proven an extremely useful resource and allows for quick provision and access to documents.

But, as the notice says: “In response to recent disclosures of wide-spread breaches of both private sector and government computer systems, federal courts are immediately adding new security procedures to protect highly sensitive documents filed with the courts.”

The new rules don’t apply to whole cases but to any documents that would be viewed as HSDs. They typically involve “national security, foreign sovereign interests, criminal activity related to cybersecurity or terrorism, investigation of public officials, the reputational interests of the United States, and extremely sensitive commercial information likely to be of interest to foreign powers.”

In other words, stuff you don’t want the Russians, or Chinese, or North Koreans, or whoever, reading. That means sensitive wiretap details will go paper as well as any pleadings or offers to cooperate, and so on.

Slow progess

It’s a sign of just how deeply the hackers, who tampered with SolarWinds' Orion suite, managed to penetrate US networks that the court system has taken on a massive additional burden – something that is almost certain to slow the progress of a significant number of cases.

The Administrative Office of US Courts confirmed its defenses had been breached in January, joining a long list of other US government organizations and Fortune 500 companies that were compromised for anywhere up to six months after installing the tainted tools.

US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents

READ MORE

As a result, lawyers involved in such cases will have to print out any highly sensitive documents and then hand-deliver them to the courthouse.

Those documents will then be uploaded to a computer at the courthouse that isn’t connected to any network. And lawyers will then have to travel to the court and to that computer to gain access to the docs. Something which is, of course, made even harder thanks to COVID-19 pandemic protocols.

Aside from that, however, security experts are now worried about the potential impact of the Russian government having copies of thousands of highly sensitive non-public documents. Access to large quantities of information on ongoing cases, including who the US government is monitoring and any deals people may be cutting, would be a treasure trove for a foreign intelligence agency.

It is not thought however that access was gained to the most sensitive US court – the secretive FISA aka Foreign Intelligence Surveillance Court – which runs its own system that is not connected to other networks. ®

Similar topics

Narrower topics


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022