Saturday, February 4, 2023

Supremely Bad Security

Turns out not only is The Great Supreme Court Dodds Decision Leak™ still without a chief suspect because it's almost certainly one of the conservative justices (or a spouse like Ginni Thomas) who is being ignored because of the political fallout, trying to even track the method of the leak is also extremely difficult because document security at SCOTUS is "middle school teacher's lounge" level.
 
Long before the leak of a draft opinion reversing Roe v. Wade, some Supreme Court justices often used personal email accounts for sensitive transmissions instead of secure servers set up to guard such information, among other security lapses not made public in the court’s report on the investigation last month.

New details revealed to CNN by multiple sources familiar with the court’s operations offer an even more detailed picture of yearslong lax internal procedures that could have endangered security, led to the leak and hindered an investigation into the culprit.

Supreme Court employees also used printers that didn’t produce logs – or were able to print sensitive documents off-site without tracking – and “burn bags” meant to ensure the safe destruction of materials were left open and unattended in hallways.

“This has been going on for years,” one former employee said.

The problem with the justices’ use of emails persisted in part because some justices were slow to adopt to the technology and some court employees were nervous about confronting them to urge them to take precautions, one person said. Such behavior meant that justices weren’t setting an example to take security seriously.

The justices were “not masters of information security protocol,” one former court employee told CNN.

In a statement attached to the final report, the court called the leak a “grave assault” on the court’s legitimacy and the marshal of the court issued a road map to improve security.

The report and the new revelations of weak protocols come as the court is trying to protect its own legitimacy after an embarrassing leak and allegations (prompted by the recent rash of high profile cases breaking along familiar ideological lines) that it has simply become another political branch. The 20-page report and its still secret “Annex A” raised some questions as to whether the entire investigation should have been outsourced to someone without close ties to the court.

Former Secretary of Homeland Security Michael Chertoff reviewed and endorsed the Supreme Court’s internal investigation into the leak. However, the court did not disclose Chertoff had been paid at least $1 million in recent years to perform security assessments for the court.

The court declined to comment.
 
Printer logs not tracking print jobs and open document disposal "burn bags" left in public areas are the kind of things that your company's Security IAM (Identity & Access Management) folks fired on the spot, but I suspect that "Security so bad that anyone could be a suspect" is a feature of SCOTUS, not a bug.

Also, it's entrirely possible that Michael Chertoff has been ripping off SCOTUS for years, or simply taking the equivalent of an "outside contractor job" as a working bribe to keep security that lax.

Lot to investigate here, but who's going to do it? Biden can't, and Republicans in Congress won't because they know what the truth is.

No comments:

Post a Comment