The leak of a bombshell draft abortion opinion has left the U.S. Supreme Court confronting whether to make radical changes to its tradition-laced work habits.
Companies fight document leaks by taking steps such as placing identifiable marks on paper, disabling laptop USB ports and checking employee thumb drives. But the uniquely small and secretive high court has, until now, been able to keep draft opinions from real-time public scrutiny without using a full array of high-tech tools.
“The court has always relied on being able to trust the small group of people who have access to inside information,” said Kermit Roosevelt, a professor at the University of Pennsylvania Carey Law School. “Once that trust is broken, there’s no easy replacement or way back.”
The Marshal of the Court has launched an investigation that will likely involve consideration of future steps the court can take to avoid such breaches. But Chief Justice John Roberts might have a tough time instituting any court-wide changes unless the rest of the justices agree.
“The court probably is behind the times on security measures,” Roosevelt said, “but I’m not sure what improvements could be implemented. It would be hard for administrators to change the behavior of a justice.”
The justices have employed some measures, such as using two distinct computer systems, one internal and one external, to try to prevent private communications or draft opinions from becoming public, said Stephen Wermiel, a professor at American University Washington College of Law.
But Wermiel said the systems fall short of what exists at many other secure facilities. “This is an institution that operates on trust,” he said. “Security derives from the notion that there is good faith and trust in place.”
The leak shows the court needs to examine safeguards for sensitive digital assets, said Megan Stifel, chief strategy officer for the Institute for Security and Technology and founder of Silicon Harbor Consultants.
“Draft opinions of the court, particularly on issues as sensitive as this, should be given the highest protections,” she said.
The Supreme Court did not respond to a request for comment for this story.
The draft opinion leak was a type of data “exfiltration,” or smuggling, the likes of which corporations, law firms and governments are increasingly battling, said Jeff Stollman, a corporate and government information technology security consultant.
If the court isn’t already tracking each piece of paper that’s copied in the building, or carried outside of it, Stollman said, the justices have options.
The justices each could use paper that possesses unique watermarks, so that each piece is identifiable as coming from a certain office, Stollman said.
The court could use paper that includes “taggants,” which are invisible, micro-chemical markings that set off alarms or internal alerts if documents are carried outside the building, Stollman said.
Disabling laptop USB ports would prevent clerks, justices and court staff from copying files that contain draft opinions onto small, portable USB devices.
Brian Fitzpatrick, a law professor at Vanderbilt University who clerked for Justice Antonin Scalia in 2001 and 2002, said that when he was at the court, everything was circulated in a hard copy.
Draft opinions would be sent to chambers inside envelopes carried by messengers, as would letters about those drafts, Fitzpatrick said.
Computers were used during Fitzpatrick’s time to draft the material, but they weren’t connected to the internet. Each chamber had a specific computer with internet access, but that was separate from the computer where clerks did their work, Fitzpatrick said.
The court has strict rules governing computer use and document access, said Jonathan Turley, a law professor at George Washington University.
That includes the use of burn bags, a technique often employed in the national security context, in which paper copies of sensitive documents are shredded or incinerated, he said.
The court also imposes limits on bringing cell phones and computers into its facilities, Turley said.
For digital files, there would be a record of accessing an opinion or printing it out, he said. If a document was printed or copied, it would be possible for investigators to figure out which machine was used.
Even if the court tightens up their draft opinion procedures, leaks could prove hard to prevent totally.
“Maybe you can put something in place where written opinions are harder to copy and take out the court, but you can’t control what goes on between the law clerk’s ears, right?” Todd Peppers, a law professor of practice at Washington and Lee University, said. “They can walk out and call a reporter and verbally explain what’s happening the next day.”
Implementing potentially intrusive security reforms “would be such a radical change in how the court does business,” Wermiel said.
Adding security measures such as pat-downs, and or putting limits on clerks’ use of phones, would change the character of the Supreme Court, Roosevelt said.
“A court that’s an atmosphere of pervasive suspicion and surveillance would be bad,” he said.
Turley said drafting legal opinions relies on a repeated back-and-forth, making it difficult to lock down document-sharing without impeding the court’s ability to function.
“This is not a national security installation,” he said. “The nature of the work requires a collaborative effort between justices and clerks.”
The Supreme Court’s data security comes down to trust in its staff to uphold institutional norms around confidentiality, said Jon Callas, director of technology projects at the nonprofit Electronic Frontier Foundation.
The leak represents “a violation of norms,” he said. “That’s different than a violation of operational procedures.”
— With assistance from Jordan Rubin.