A top Democratic lawmaker is urging U.S. Supreme Court Chief Justice John Roberts to address the federal court system’s decades-long failure to secure Americans’ most sensitive personal information in court filings.
“Federal court rules — required by Congress — mandate that court filings be scrubbed of personal information before they are publicly available,” Sen. Ron Wyden, D. Ore., wrote Thursday in a letter to Roberts, first shared with CyberScoop. “These rules are not being followed, the courts are not enforcing them, and as a result, each year tens of thousands of Americans are exposed to needless privacy violations.”
The letter follows a recent report by the court system’s top policy-making body showing that the body has been inconsistent in enforcing existing privacy rules and enacting new ones. For instance, the recent report cites a 2015 study, which found that of the nearly 4 million documents posted during a one-month period in 2013, nearly 5,500 included “one or more un-redacted SSNs.”
Wyden notes that “If these statistics are representative of the problem, it would mean that the courts have made available to the public roughly half a million documents containing personal data since 2015.”
The federal courts system’s research agency has made no subsequent reports available on the number of exposed SSNs. Another federal courts committee responsible for rule-making decided no changes were needed in light of the 2015 study’s results.
Social Security numbers aren’t the only data at risk of exposure by poor privacy enforcement. Current rules require federal courts to redact the following before publication online: all but the last four digits of an individual’s SSN, month and date of birth, all but initials of a minor’s name, all but the last four digits of a financial-account number and all but the city and state of an individual’s home address in criminal cases.
That level of personal information could be a treasure trove for bad actors looking to pull off scams involving identity theft or to stalk exposed individuals. “If federal courts cannot address this issue, quickly, Congress will be forced to act,” Wyden wrote.
The June report is the first privacy report the Judicial Conference has filed to Congress since 2011, despite a Congressional mandate to do so every two years. Congress passed legislation in 2002 requiring that federal courts to make court records available online, issuing alongside it an order that the Judicial Conference create rules protection personal information included in the documents.
“Senator Wyden is urging the courts to enforce their existing rules, which require the protection of sensitive personal information,” Wyden spokesman Keith Chu told CyberScoop in an email. “The courts should also update those rules, as required by the Open Courts Act, and add additional protections so that people don’t risk their privacy when they access the legal system.
The letter is just the latest blasting of the federal courts systems handling of sensitive data by Congress.
House Judiciary Chairman Rep.Jerry Nadler, D-N.Y., revealed in a House Judiciary Committee hearing last month that the committee learned in March of a U.S. federal court system faced a cybersecurity breach in late 2020. It’s unclear what cases may have been exposed by the breach.