Federal Courts Sound The Alarm Against RECAP; Worried About PACER Profits

from the and-that's-how-it-goes dept

We’ve been excited to see what would happen with the RECAP Firefox extension, which is being used to help free up public domain court documents that have been locked up behind the PACER paywall. However, there were also questions about how the folks who run and/or benefit from PACER would react. We now have at least part of the answer: bogus scare tactics. Paul Alan Levy alerts us to the fact that the Federal Court system, which profits from PACER, has started sending out scare notices to try to keep lawyers from using RECAP:

The court would like to make CM/ECF filers aware of certain security concerns relating to a software application or “plug-in” called RECAP, which was designed to enable the sharing of court documents on the Internet.

Once a user loads RECAP, documents that he or she subsequently accesses via PACER are automatically sent to a public Internet repository. Other RECAP/PACER users are then able to see whether documents are available from the Internet repository. At this time, RECAP does not appear to provide users with access to restricted or sealed documents.

Please be aware that RECAP is “open-source” software, which means it can be freely obtained by anyone with Internet access and could possibly be modified for benign or malicious purposes. This raises the possibility that the software could be used for facilitating unauthorized access to restricted or sealed documents. Accordingly, CM/ECF filers are reminded to be diligent about their computer security and document redaction practices to ensure that documents and sensitive information are not inadvertently shared or compromised.

The court and the Administrative Office of the U.S. Courts will continue to analyze the implications of RECAP or related-software and advise you of any ongoing or further concerns.

I especially like the “scare quotes” around “open-source.” Of course, I’m not quite sure why the fact that the extension is open source makes it any more vulnerable to being “modified for benign or malicious purposes.” Either way, looks like the Federal Courts don’t like competition eating away at their PACER profits.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Federal Courts Sound The Alarm Against RECAP; Worried About PACER Profits”

Subscribe: RSS Leave a comment
41 Comments
Anonymous Coward says:

Ed Felten's Team of Mavericks

Scare quotes around open-source?

Of course. You see, the plugin was developed by the real simpleton team surrounding Ed Felten. And, to make matters worse, those guys are always researching Government Transparency, finding vulnerabilities with DRM, voting machines and hard drive encryption, commenting on the three-strikes laws.

Those Ed Felten followers… They are such a nefarious group of people. How dare they think this way!

http://www.techdirt.com/search.php?q=Ed+Felten

PrometheeFeu (profile) says:

Apparently, someone believes that open-source means anyone can modify the software and replace the currently distributed version. That is simply not accurate. Almost all open source projects have a person or a group of people in charge of vetting modifications to the software. Now, there is nothing stopping somebody from making changes and distribution their version on their own website, but as long as you get the software from the official project website, you will only get the vetted versions. And guess what? The people that vet and develop are no more and no less liable than a normal corporation that would develop bad software. I trust open source projects that are well maintained because unlike closed source software, there is a guy out there reviewing the code who does not have an incentive to sell the product to me. Let’s imagine the software tester at Microsoft finds out Windows is buggy… Who does he report it to? You? Or the guy whose interest it is that you buy the software. Conflict of interest anyone?

Kazi says:

Actually, they are just concerned about this:

——————————-
(https://www.recapthelaw.org/2009/08/20/a-note-on-recaps-commitment-to-privacy/)
We’re confident that RECAP maintains the security model set up by the courts, and that it will never upload documents while a user is logged into CM/ECF. The code is open source, so anyone with concerns is welcome to inspect it for themselves. We’d like to work with the judiciary in the coming weeks to ensure they understand how RECAP protects privacy and security, and to incorporate any further enhancements they might suggest. In the meantime, users can continue using RECAP with the knowledge that it’s designed with privacy as our top priority.

Update: A final reason users should be comfortable with using RECAP is that the extension’s operation is extremely transparent. The little “R” icon in the lower-right-hand corner of every browser window turns blue when RECAP is enabled (which should only happen when you’re logged into PACER) and grey when it’s disabled (which should happen when you’re logged into CM/ECF). We don’t think you’ll ever see a blue icon when you’re browsing CM/ECF, but if you do, you should immediately disable recap and let us know about it so we can investigate the problem. In addition, RECAP notifies you about every document it uploads (unless you choose to turn this feature off). Again, you should never see an upload notification while you’re on an CM/ECF page, but if you do you can contact us and we’ll delete that document from our database. So you don’t have to take our word for it when we say RECAP won’t upload CM/ECF documents, you can monitor what it’s doing and verify for yourself.
——————————-

So you might be sensationalizing the news a bit here and the “scare quotes” are not really scare quotes but to identify the name of the program …

Ryan says:

Re: Re:

Concerned about what? That excerpt just reinforces the argument that RECAP is as safe as anything else. Additionally, the quotes from the federal “court” release are around “open-source”, not “RECAP”.

Heh, see what I did there? I put quotes around “court” for no reason, as if to imply that they are something less than an actual court.

Fred McTaker (profile) says:

Executables can always be altered

The worry that executables can be altered by nefarious third parties isn’t limited to open source applications at all. Plenty of trojans/malware come in the form of altered proprietary (no public source access whatsoever) executables and drivers. This is where the whole term “trojan” came from – short for Trojan Horse, where in this case the horse is made of an application you know and love instead of wood, like Windows drivers or notepad.exe. That’s why the open source community advocates cryptographic signing ALL applications, open source or otherwise, so that you can independently confirm that the source and binaries came from a trusted provider. So giving a warning, about confirming that applications came from a trusted source, isn’t bad on its own. The assumption that such precautions should only apply to open source applications is complete FUD-mongering.

Anonymous Coward says:

Re: Re: Re: Executables can always be altered

Fred McTaker said

“That’s why the open source community advocates cryptographic signing ALL applications, open source or otherwise, so that you can independently confirm that the source and binaries came from a trusted provider.”

But how do you know the information on RECAP came from Pacer and not someone posing as RECAP pretending the data came from PACER?

Anonymous Coward says:

Re: Re: Re:2 Executables can always be altered

“But how do you know the information on RECAP came from Pacer and not someone posing as RECAP pretending the data came from PACER?”

That’s a problem that only the courts can solve… by signing the documents in the first place. There has been a push to get them to do this, but they have been resistant.

Anonymous Coward says:

Re: Re: Re:2 Executables can always be altered

But how do you know the information on RECAP came from Pacer and not someone posing as RECAP pretending the data came from PACER?

But how do you know the information on PACER came from Pacer and not someone posing as PACER pretending the data came from PACER?

Matt (profile) says:

Legitimate concerns?

It is possible that the court system has some legit concerns. Going to CM/ECF and PACER is scary, in part because some documents get (appropriately) sealed or even stricken entirely _after_ filing. With paper, it was unlikely that a doc that should have been sealed would be released to broad distribution before that happened. With PACER, it is less unlikely. With RECAP, it is still less unlikely. This can be a huge concern in circuits, like the 9th, that are unforgiving about the loss of privilege in the face of inadvertent disclosure. Add to that the concern that a dumb or ill-informed lawyer could install a trojan RECAP.

A law partner I knew had a standing requirement that his secretary power on his computer before he got to the office every day. This was not just a show of power – he did not know where to find the button. And lawyers routinely violate their firms’ software installation policies. The court system is right to be concerned that mere lawyers may not understand all of the implications of installing new software.

Anonymous Coward says:

Re: Legitimate concerns?

A law partner I knew had a standing requirement that his secretary power on his computer before he got to the office every day. This was not just a show of power – he did not know where to find the button.

Now let me get this straight, you’re claiming that he could use a computer, yet he couldn’t press a power button? Uh huh, sure. I bet he made her turn on his office lights too because he was too dumb to operate the light switch, huh?

Anonymous Coward says:

I wouldn’t be difficult for someone to take this plugin, tack on some extra code, and turn it into a keylogger or similar. It also wouldn’t be difficult to have it log and forward all your https accesses to a third party.

People think it is safe, but honestly, it is easy to put a modified versions of this open source tool online and get people to use it.

Ben Zayb says:

Re: Re:

“I wouldn’t be difficult for someone to take this plugin, tack on some extra code, and turn it into a keylogger or similar.”

For you to say that it wouldn’t be difficult, I assume you are able to do this sort of thing. So do it.

“It also wouldn’t be difficult to have it log and forward all your https accesses to a third party.”

And after getting the thing to do all this, let’s see you get us to install that filthy mod- from the official site, no less.

“People think it is safe, but honestly, it is easy to put a modified versions of this open source tool online and get people to use it.”

Can’t do it? Then don’t say it. FUD for the Gods!

duane (profile) says:

with you on all but one point...

“Either way, looks like the Federal Courts don’t like competition eating away at their PACER profits.”

The Federal Court System doesn’t actually call the shots with PACER and the monies it generates. Congress determines what PACER charges and what money, if any, the Federal Courts get from PACER. This is actually true for all the money the Federal Court System gets. So, PACER could generate a kabillion dollars and it wouldn’t make much difference. Congresspeople would just direct it some place else and cut their budget again…

Anonymous Coward says:

Re: with you on all but one point...

That’s not true. Congress delegated the authority to charge fees to the Courts.

http://pacer.uscourts.gov/faq.html#GP8

In fact, there is increasing evidence that the Courts have begun to use PACER as a profit center to support costs other than Electronic Public Access.

http://www.nextgov.com/nextgov/ng_20090819_1886.php

You *might* be able to argue that Congress didn’t appropriate funds to pay for PACER, but of course the Courts haven’t asked for it. Congress, on the other hand, explicitly told the Courts in 2002 that they should move to no-fee access.

Anonymous Coward says:

Re: Re: with you on all but one point...

Actually if you read more about the entire system you’ll note that Congress actually directed the Courts to charge for the services. Later, with one hand they passed the e-gov act and directed things to be free, but with the other they still directed there to be charges for this sort of stuff. Typical government maneuvering.

Also, the Court system doesn’t set its own budget, Congress does. Congress gives money to the Court system. Whatever money the courts make it goes into a fund that then Congress has to give back to it. If there is such a concern about the Courts raking in the dough, surely the fact that they have to give it all up for someone else to decide what to do with it might temper that concern. I can assure you the Court’s budget is nothing but lean — less than two tenths of the entire budget or about 6.2 billion dollars for all the federal court systems.

Finally, the “other” costs is sort of a loose definition. As the monies are going to improve electronic documentation and things of that nature. Seen one way, the monies are being used not for their original intent. Seen another, they are.

Welcome to public administration.

Anonymous Coward says:

Re: Re: Re: with you on all but one point...

The government tries to configure the laws in such a way as to extract as much money as possible away from you. If you work with that assumption lots of things make a lot more sense. It’s not about “where the money goes, who gets it, what it’s going to fund” it’s about extracting as much money as possible away from you.

Where it goes, what it funds, what is the purpose of some law that was passed under noble pretexts; all of that could just be a bunch of smoke and mirrors to confuse you. The assumption you want to make is that the laws are configured to extract as much money away from you as possible and you want to see how well that assumption explains the laws in place. Test every law with that assumption and see how well it explains them. This includes laws to ban things, like banning competing products to reduce competition (because less competition extracts more money away from you) under health and safety or environmental pretexts. It includes laws to ban software under the pretexts of security or national security (ie: peer to peer software maybe?).

Anonymous Coward says:

Re: Re: Re: with you on all but one point...

You are correct that at the inception of PACER, Congress directed the Courts to charge in order to support the system. The E-Government Act revised this language to say that the courts may only charge to the extent necessary, and clearly stated Congress’ concern with the fact that the Courts were charging more than the cost of disseminating the information. They also made clear their intent that the Courts move toward a free system. This is quite clear.

You are not correct about the money going into a fund that Congress has to give back. The money goes into the Judiciary Information Technology Fund that the Courts control and have the discretion to spend from without fiscal year limitation. Programs other than PACER are paid for out of this fund, and monies other than PACER fees are deposited into it… but it is all within the Judiciary and decided by them.

You are partially correct that Congress sets the Judiciary’s budget. In reality, the Courts propose a budget that is submitted to the President and must be passed along to Congress *without change* (a special condition they fought for), then Congress and the Judiciary debate whether the requests are reasonable, and once the funds are allocated the Judiciary makes the finer-grained decisions. You might feel that the Courts do not have a strong enough position in this process, but it’s the same process that all branches of government go through (that’s why they call it the “power of the purse”).

The reality is that the Courts have not asked for money to pay for PACER, and they appear to actually be making a profit off of the service. The path of least resistance is the status quo. Unfortunately, this may not be the best thing for the public.

Anonymous Coward says:

Re: Re: Re:2 with you on all but one point...

I do have to wonder if by receiving more funds than needed to run the PACER system, and then utilizing these additional funds for purposes other than running the PACER system, the judiciary may unwittingly be at the cusp of violating the longstanding doctrine and rule of law that excess funds may not be used for the augmentation of appropriated funds, the so-called “unauthorized augmentation of appropriated funds”? All such excess funds are by law required to be transferred to the US General Fund.

Am I perhaps unaware of the judiciary having been given some form of a statutory exemption from the doctrine?

orbitalinsertion (profile) says:

We have apparently missed the clue-train again.

…access and could possibly be modified for benign or malicious purposes. This raises the possibility that the software could be used for facilitating unauthorized access to restricted or sealed documents.

How? RECAP does not access PACER. Someone would have to post the “restricted or sealed” documents after accessing them in the PACER fashion, which would require no code (and no RECAP FF extension) whatsoever. This doesn’t make sense, and simply calls to attention how clueless the judiciary is.

The Feds might have some legitimate concerns or warnings, but they were too stupid to voice those. (Simply rephrasing their statement minus the OSS or RECAP comments would have worked, as would have simply questioning the guarantee of provenance.)

Ben Zayb says:

As If

“Please be aware that RECAP is “open-source” software, which means it can be freely obtained by anyone with Internet access and could possibly be modified for benign or malicious purposes.”

ROTFL!!! As if “closed-source” software couldn’t be modified for malicious purposes. Whoever said this must have never heard of Windows and botnets.

ranon says:

Everybody need not sign up to RECAP

Everybody need not sign up to RECAP. All that is required is for one person to upload a document and it will be available to all.

Also, you are not going to get sign up’s for RECAP just for uploading. A person installs the application initially to download documents. Then when he gets sufficiently comfortable with the application, and it is useful, he will start uploading documents.

At that point, you will not have computer nitwits operating the system, and they can ensure that they take required security measures.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...