The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

House Hearing about Cyberattacks on Judiciary

"We are vulnerable."


Last week, I speculated that the Politico leak may have come from a cyberattack. Yesterday, the House Appropriations Subcommittee held a hearing on cyberattacks. Two judges warned that the judiciary is "vulnerable."

Judge Amy St. Eve (CA7) stated in her testimony:

In recent months we have discussed at length with the Subcommittee our need for additional resources to address the sharp increase in the number of cyber-attacks on Judiciary IT systems, and our need to modernize aging legacy applications critical to court operations and public access to court records. These cyber-attacks on the branch are increasing in both frequency and sophistication. Because of the sensitivity of the information, I am constrained in what I can say in this setting about vulnerabilities and cyber-attacks on the Judicial Branch, and we have shared some of that information with this Subcommittee's leadership. The Judiciary is clearly a high-value target for nation-state bad actors and cyber-criminals seeking to disrupt the administration of justice in the United States. 

I cannot overstate the gravity of the broad impacts across our society of cyber-attacks on the Judicial Branch. These attacks pose risks to our entire justice system, including civil and criminal court proceedings, law enforcement and national security investigations planned or underway, and trade secrets for businesses involved in bankruptcy proceedings or patent and trademark litigation. But more broadly, cyber-attacks on the branch are an attack on our democracy itself, seeking to sow distrust in the institutions of American government at home and abroad.

My post from last week made many of these similar points–in particular, highlighting how a cyberattack was a (successful) effort to "show distrust." Mission accomplished.

Reuters discussed the hearing.

"We are vulnerable," said St. Eve, a member of the Chicago-based 7th U.S. Circuit Court of Appeals and chair of the Judicial Conference of the United States' budget committee.

While St. Eve said she would not detail those vulnerabilities in a public setting, U.S. District Judge Roslynn Mauskopf, the director of the Administrative Office of the U.S. Courts, noted there had been a "sharp increase" in cyberattacks targeting the judiciary.

"I cannot overstate the gravity of the broad impacts across our society of cyber attacks on the judicial branch," she said. "These attacks pose risks to our entire justice system and more broadly are an attack on our democracy itself."

Mauskopf said that while the judiciary is not alone in needing to modernize its systems, it is a repository "for some of our nation's most sensitive law enforcement and national security information," which needs protection.

Judge Mauskopf addressed, indirectly, risks facing draft opinions:

She emphasized that point after Republican Representative Steve Womack of Arkansas asked about the judiciary's ability to guard against leaks like that of the U.S. Supreme Court draft opinion showing the court is poised to overturn the 1973 Roe v. Wade decision that protected abortion rights nationwide.

"Our systems house draft opinions," Mauskopf said. "That's another category of very sensitive, pre-decisional information that we house within our systems, which is yet another reason why we need to take steps to modernize our systems."

If the leak came from a cyberattack, the Supreme Court Marshal is out of her league. Her resources are insufficient. Only DOJ has the expertise to investigate such a sophisticated breach.

I still do not think a law clerk leaked this document. At this point, any law clerk willing to take on this burden would have confessed to his or her Justice, noisily resigned, and agreed to an interview on MSNBC to blow the whistle on our theocratic Supreme Court. Staying quiet now will simply put other clerks and staff through an unjustified inquisition. My thinking remains that this document likely came from some non-clerk who had access to the document, or some cyberattack.