The leak of an explosive draft abortion opinion has the United States Supreme Court considering whether to make sweeping changes to its traditional working habits.
Companies are fighting document leaks by taking measures such as putting identifiable marks on paper, disabling USB ports on laptops, and checking employees’ USB drives. But the particularly small and secretive high court has so far been able to protect draft opinions from real-time public scrutiny without using a full range of high-tech tools.
“The court has always relied on its ability to trust the small group of people who have access to inside information,” said Kermit Roosevelt, a professor at the Carey Law School at the University of Pennsylvania. “Once that trust is broken, there is no easy replacement or turning back.”
The Marshal of the Court has launched an investigation which will likely involve looking at what future steps the court can take to avoid such violations. But Chief Justice John Roberts could struggle to institute court-wide changes unless the rest of the justices agree.
“The court is probably behind on security measures,” Roosevelt said, “but I’m not sure what improvements could be implemented. It would be difficult for administrators to change a judge’s behavior.
Judges have used certain measures, such as the use of two separate computer systems, one internal and one external, to try to prevent private communications or draft notices from becoming public, Stephen Wermiel said , a professor at the American University Washington College of Law.
But Wermiel said the systems fall short of what exists at many other secure facilities. “It’s an institution that works on trust,” he said. “Security stems from the notion that there is good faith and trust in place.”
The leak shows the court needs to consider safeguards for sensitive digital assets, said Megan Stifel, director of strategy at the Institute for Security and Technology and founder of Silicon Harbor Consultants.
“The Court’s draft opinions, especially on matters as sensitive as this, should enjoy the highest protections,” she said.
The Supreme Court did not respond to a request for comment for this story.
The opinion leak project was a type of “exfiltration” or smuggling of data the likes of which companies, law firms and governments are increasingly battling, said technology security consultant Jeff Stollman business and government information.
If the court isn’t already tracking every piece of paper that’s copied into the building or carried outside, Stollman said, judges have options.
Judges could each use paper that has unique watermarks, so each piece is identifiable as coming from a certain office, Stollman said.
The court could use paper containing “taggers,” which are invisible microchemical marks that trigger internal alarms or alerts if documents are carried outside the building, Stollman said.
Disabling laptop USB ports would prevent clerks, judges and court staff from copying files containing draft opinions onto small portable USB devices.
Brian Fitzpatricka law professor at Vanderbilt University who worked for Justice Antonin Scalia in 2001 and 2002, said that when he was in court, everything was on paper.
Draft notices would be sent to chambers inside envelopes carried by couriers, as would letters regarding those drafts, Fitzpatrick said.
Computers were used in Fitzpatrick’s time to draft the material, but they were not connected to the internet. Each room had a specific computer with Internet access, but that was separate from the computer where the clerks did their jobs, Fitzpatrick said.
The court has strict rules governing the use of computers and access to documents, said Jonathan Turley, a law professor at George Washington University.
This includes the use of burn bags, a technique often employed in the national security context, in which hard copies of sensitive documents are shredded or incinerated, he said.
The court also places limits on bringing cellphones and computers into its facilities, Turley said.
For digital files, there would be a record of accessing or printing a notice, he said. If a document were printed or copied, it would be possible for investigators to determine which machine was used.
Even if the court tightens its draft notice procedures, leaks could prove difficult to prevent altogether.
“Maybe you can set up something where written opinions are harder to copy and get out of court, but you can’t control what goes between the clerk’s ears, can you? ” Todd Peppers, a law professor at Washington and Lee University, said. “They can go out and call a reporter and verbally explain what’s happening the next day.”
Implementing potentially intrusive security reforms “would be a sea change in the way the court does business,” Wermiel said.
Adding security measures such as pat-downs and/or limiting clerks’ use of phones would change the character of the Supreme Court, Roosevelt said.
“A court where there is an atmosphere of pervasive suspicion and surveillance would be bad,” he said.
Turley said writing legal opinions relies on repeated back and forth, which makes it difficult to lock down document sharing without hampering the court’s ability to function.
“It’s not a national security facility,” he said. “The nature of the work requires a collaborative effort between judges and clerks.”
The Supreme Court’s data security comes down to trusting its staff to uphold institutional privacy standards, said Jon Callas, director of technology projects at the nonprofit Electronic Frontier Foundation.
The leak represents “a breach of standards”, he said. “It’s different from a violation of operating procedures.”
“With help from Jordan Rubin.