The SolarWinds hack, which affected software used by federal, state and local governments, may set back efforts for public access to federal court records.
The vulnerability in SolarWinds products resulted in an “apparent compromise” of “highly sensitive non-public documents,” such as sealed filings, submitted through the federal court’s electronic filing system. In response, federal courts have announced that they will only accept highly sensitive documents (HSDs) in paper form or via a “secure electronic device” that can be added to a “secure stand-alone computer system.”
The courts do not have a standing definition of what constitutes a highly sensitive document. In fact, the administrative body for the federal judiciary has directed each federal court to “address the types of filings it does and does not consider to be HSDs.” This patchwork approach could lead to inconsistencies from court to court.
The announcement could also have consequences for access to information about sealed documents. Several suits are pending in different federal courts seeking access to basic docket information about government applications to conduct electronic surveillance under the Pen Register Act and Stored Communications Act. Docket information provides, at the very least, transparency about the fact that the government is applying for such authority, and on what type of authority it is relying, even if courts determine that the underlying documents should remain sealed.
Among other things, advocates seek real-time access to this information as applications are filed, and electronic docketing is undoubtedly the least administratively burdensome way to accomplish real-time docketing. The chief judge of the federal district court in Washington, D.C. — where one such case that Reporters Committee attorneys are litigating, In re Leopold, is pending — has issued an order defining HSDs in a way that should not affect public access to electronic surveillance applications filed pursuant to the Pen Register Act or Stored Communications Act. But, as described above, other district courts may define the term differently. As such, changes to filing and docketing procedures being made by courts in response to the SolarWinds hack could delay efforts to increase transparency of electronic surveillance records.
Instead of this route, the judiciary could focus on making its electronic filing system more secure. It could also require parties to file limited docket information electronically, even if the underlying document will not be filed electronically. These actions would facilitate both transparency and security.
The Technology and Press Freedom Project at the Reporters Committee for Freedom of the Press uses integrated advocacy — combining the law, policy analysis, and public education — to defend and promote press rights on issues at the intersection of technology and press freedom, such as reporter-source confidentiality protections, electronic surveillance law and policy, and content regulation online and in other media. TPFP is directed by Reporters Committee attorney Gabe Rottman. He works with Stanton Foundation National Security/Free Press Legal Fellow Grayson Clary and Technology and Press Freedom Project Legal Fellow Mailyn Fidler.