Last week, the United States Courts' website announced that it would be adding safeguards to its Case Management/Electronic Case Files system (CM/ECF) in light of the Russia sponsored SolarWinds Orion hack.  In the interim, documents deemed highly sensitive court documents (HSDs) must be delivered by hand to the respective court's clerk's office in the form of paper or on a thumb drive.  The fact that the Courts are taking a swift response to this preditor is great (although it took about three weeks from when the Department of Homeland's Cybersecurity and Infrastructure Security Agency issued its Emergency Directive 21-01); but the response seems to be lacking.

My first question is, what are we supposed to do about the HSD already in the system?  What protections has/are the Courts going to place on these documents NOW?  Has any of this information been compromised?  Do attorneys have an ethical (by bar association standards or not) obligation to inform their clients that their HSDs filed under seal may have been compromised.  This is guidance the Courts should have already provided us!

My next question is, what exactly is an HSD?  The notice provides what an HSD is not "…most documents similar to and including presentence reports, pretrial release reports, pleadings related to cooperation in most criminal cases, Social Security records, administrative immigration records, and sealed filings in many civil cases…".  Yet from its supplemental notice two days later, "closely held trade secrets, confidential government enforcement information or similarly sensitive information…" are documents to be considered HSD.  But, why are social security, immigration papers, social security numbers, dates of birth, sealed divorced paperwork, sealed medical information, banking & investment information, inter alia, not identified as HSD?  Granted, these types of documents may not be related to national security. But it could still cause people financial harm, e.g., draining of accounts or creation of new accounts, or public embarrassment or blackmail using private information, e.g., personal medical information, private settlement agreements, or financial documentation.

I respect that this is a fluid situation.  There will not be a perfect one-size-fits-all solution.  But the general public is concerned about their Protected Personal Information, not whether a company has a trade secret revealed or if a criminal pleas bargain is exposed.  Further, attorneys are left in the dark about what to do about their client's potential exposure!

IMHO this just reflects how far behind the government is when it comes to technology and its practical use today.

MTC.