Federal Courts Sound The Alarm Against RECAP; Worried About PACER Profits
from the and-that's-how-it-goes dept
We've been excited to see what would happen with the RECAP Firefox extension, which is being used to help free up public domain court documents that have been locked up behind the PACER paywall. However, there were also questions about how the folks who run and/or benefit from PACER would react. We now have at least part of the answer: bogus scare tactics. Paul Alan Levy alerts us to the fact that the Federal Court system, which profits from PACER, has started sending out scare notices to try to keep lawyers from using RECAP:The court would like to make CM/ECF filers aware of certain security concerns relating to a software application or "plug-in" called RECAP, which was designed to enable the sharing of court documents on the Internet.I especially like the "scare quotes" around "open-source." Of course, I'm not quite sure why the fact that the extension is open source makes it any more vulnerable to being "modified for benign or malicious purposes." Either way, looks like the Federal Courts don't like competition eating away at their PACER profits.
Once a user loads RECAP, documents that he or she subsequently accesses via PACER are automatically sent to a public Internet repository. Other RECAP/PACER users are then able to see whether documents are available from the Internet repository. At this time, RECAP does not appear to provide users with access to restricted or sealed documents.
Please be aware that RECAP is "open-source" software, which means it can be freely obtained by anyone with Internet access and could possibly be modified for benign or malicious purposes. This raises the possibility that the software could be used for facilitating unauthorized access to restricted or sealed documents. Accordingly, CM/ECF filers are reminded to be diligent about their computer security and document redaction practices to ensure that documents and sensitive information are not inadvertently shared or compromised.
The court and the Administrative Office of the U.S. Courts will continue to analyze the implications of RECAP or related-software and advise you of any ongoing or further concerns.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: legal documents, pacer, public domain, recap
Reader Comments
Subscribe: RSS
View by: Time | Thread
Open source is teh evil
[ link to this | view in chronology ]
Re: Open source is teh evil
[ link to this | view in chronology ]
Re: Open source is teh evil
[ link to this | view in chronology ]
Re: Re: Open source is teh evil
[ link to this | view in chronology ]
Ed Felten's Team of Mavericks
Of course. You see, the plugin was developed by the real simpleton team surrounding Ed Felten. And, to make matters worse, those guys are always researching Government Transparency, finding vulnerabilities with DRM, voting machines and hard drive encryption, commenting on the three-strikes laws.
Those Ed Felten followers... They are such a nefarious group of people. How dare they think this way!
http://www.techdirt.com/search.php?q=Ed+Felten
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
2. How do we know that this hasn't already happened?
[ link to this | view in chronology ]
Re: Re:
And you think such a thing couldn't possible happen to PACER? I've got news for you.
[ link to this | view in chronology ]
-------------------------------
(https://www.recapthelaw.org/2009/08/20/a-note-on-recaps-c ommitment-to-privacy/)
We’re confident that RECAP maintains the security model set up by the courts, and that it will never upload documents while a user is logged into CM/ECF. The code is open source, so anyone with concerns is welcome to inspect it for themselves. We’d like to work with the judiciary in the coming weeks to ensure they understand how RECAP protects privacy and security, and to incorporate any further enhancements they might suggest. In the meantime, users can continue using RECAP with the knowledge that it’s designed with privacy as our top priority.
Update: A final reason users should be comfortable with using RECAP is that the extension’s operation is extremely transparent. The little “R” icon in the lower-right-hand corner of every browser window turns blue when RECAP is enabled (which should only happen when you’re logged into PACER) and grey when it’s disabled (which should happen when you’re logged into CM/ECF). We don’t think you’ll ever see a blue icon when you’re browsing CM/ECF, but if you do, you should immediately disable recap and let us know about it so we can investigate the problem. In addition, RECAP notifies you about every document it uploads (unless you choose to turn this feature off). Again, you should never see an upload notification while you’re on an CM/ECF page, but if you do you can contact us and we’ll delete that document from our database. So you don’t have to take our word for it when we say RECAP won’t upload CM/ECF documents, you can monitor what it’s doing and verify for yourself.
-------------------------------
So you might be sensationalizing the news a bit here and the "scare quotes" are not really scare quotes but to identify the name of the program ...
[ link to this | view in chronology ]
Re:
Heh, see what I did there? I put quotes around "court" for no reason, as if to imply that they are something less than an actual court.
[ link to this | view in chronology ]
Executables can always be altered
[ link to this | view in chronology ]
Re: Executables can always be altered
[ link to this | view in chronology ]
Re: Re: Executables can always be altered
Does what you posted refute anything in the Fred McTaker post?
Or are you implying that the WARNING was a fake put there by nefarious users.
[ link to this | view in chronology ]
Re: Re: Re: Executables can always be altered
"That's why the open source community advocates cryptographic signing ALL applications, open source or otherwise, so that you can independently confirm that the source and binaries came from a trusted provider."
But how do you know the information on RECAP came from Pacer and not someone posing as RECAP pretending the data came from PACER?
[ link to this | view in chronology ]
Re: Re: Re: Re: Executables can always be altered
That's a problem that only the courts can solve... by signing the documents in the first place. There has been a push to get them to do this, but they have been resistant.
[ link to this | view in chronology ]
Re: Re: Re: Re: Executables can always be altered
You are asking a valid question, however it is unrelated to the post to which you responded.
[ link to this | view in chronology ]
Re: Re: Re: Re: Executables can always be altered
But how do you know the information on PACER came from Pacer and not someone posing as PACER pretending the data came from PACER?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Executables can always be altered
[ link to this | view in chronology ]
Legitimate concerns?
A law partner I knew had a standing requirement that his secretary power on his computer before he got to the office every day. This was not just a show of power - he did not know where to find the button. And lawyers routinely violate their firms' software installation policies. The court system is right to be concerned that mere lawyers may not understand all of the implications of installing new software.
[ link to this | view in chronology ]
Re: Legitimate concerns?
Now let me get this straight, you're claiming that he could use a computer, yet he couldn't press a power button? Uh huh, sure. I bet he made her turn on his office lights too because he was too dumb to operate the light switch, huh?
[ link to this | view in chronology ]
Re: Legitimate concerns?
pandora's box, cat out of the bag, etc
[ link to this | view in chronology ]
People think it is safe, but honestly, it is easy to put a modified versions of this open source tool online and get people to use it.
[ link to this | view in chronology ]
Re:
However, if you are dumb enough to NOT download the OFFICIAL plug-in, from the OFFICIAL WEBSITE but from this random pop-up you see while you were surfing those _____ sites...
Then you probably deserve it.
It's basic Internet 101 really.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
For you to say that it wouldn't be difficult, I assume you are able to do this sort of thing. So do it.
"It also wouldn't be difficult to have it log and forward all your https accesses to a third party."
And after getting the thing to do all this, let's see you get us to install that filthy mod- from the official site, no less.
"People think it is safe, but honestly, it is easy to put a modified versions of this open source tool online and get people to use it."
Can't do it? Then don't say it. FUD for the Gods!
[ link to this | view in chronology ]
with you on all but one point...
The Federal Court System doesn't actually call the shots with PACER and the monies it generates. Congress determines what PACER charges and what money, if any, the Federal Courts get from PACER. This is actually true for all the money the Federal Court System gets. So, PACER could generate a kabillion dollars and it wouldn't make much difference. Congresspeople would just direct it some place else and cut their budget again...
[ link to this | view in chronology ]
Re: with you on all but one point...
http://pacer.uscourts.gov/faq.html#GP8
In fact, there is increasing evidence that the Courts have begun to use PACER as a profit center to support costs other than Electronic Public Access.
http://www.nextgov.com/nextgov/ng_20090819_1886.php
You *might* be able to argue that Congress didn't appropriate funds to pay for PACER, but of course the Courts haven't asked for it. Congress, on the other hand, explicitly told the Courts in 2002 that they should move to no-fee access.
[ link to this | view in chronology ]
Re: Re: with you on all but one point...
[ link to this | view in chronology ]
Re: Re: Re: with you on all but one point...
Where it goes, what it funds, what is the purpose of some law that was passed under noble pretexts; all of that could just be a bunch of smoke and mirrors to confuse you. The assumption you want to make is that the laws are configured to extract as much money away from you as possible and you want to see how well that assumption explains the laws in place. Test every law with that assumption and see how well it explains them. This includes laws to ban things, like banning competing products to reduce competition (because less competition extracts more money away from you) under health and safety or environmental pretexts. It includes laws to ban software under the pretexts of security or national security (ie: peer to peer software maybe?).
[ link to this | view in chronology ]
Re: Re: Re: with you on all but one point...
You are not correct about the money going into a fund that Congress has to give back. The money goes into the Judiciary Information Technology Fund that the Courts control and have the discretion to spend from without fiscal year limitation. Programs other than PACER are paid for out of this fund, and monies other than PACER fees are deposited into it... but it is all within the Judiciary and decided by them.
You are partially correct that Congress sets the Judiciary's budget. In reality, the Courts propose a budget that is submitted to the President and must be passed along to Congress *without change* (a special condition they fought for), then Congress and the Judiciary debate whether the requests are reasonable, and once the funds are allocated the Judiciary makes the finer-grained decisions. You might feel that the Courts do not have a strong enough position in this process, but it's the same process that all branches of government go through (that's why they call it the "power of the purse").
The reality is that the Courts have not asked for money to pay for PACER, and they appear to actually be making a profit off of the service. The path of least resistance is the status quo. Unfortunately, this may not be the best thing for the public.
[ link to this | view in chronology ]
Re: Re: Re: Re: with you on all but one point...
Am I perhaps unaware of the judiciary having been given some form of a statutory exemption from the doctrine?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Yeh right
[ link to this | view in chronology ]
[ link to this | view in chronology ]
We have apparently missed the clue-train again.
How? RECAP does not access PACER. Someone would have to post the "restricted or sealed" documents after accessing them in the PACER fashion, which would require no code (and no RECAP FF extension) whatsoever. This doesn't make sense, and simply calls to attention how clueless the judiciary is.
The Feds might have some legitimate concerns or warnings, but they were too stupid to voice those. (Simply rephrasing their statement minus the OSS or RECAP comments would have worked, as would have simply questioning the guarantee of provenance.)
[ link to this | view in chronology ]
As If
ROTFL!!! As if "closed-source" software couldn't be modified for malicious purposes. Whoever said this must have never heard of Windows and botnets.
[ link to this | view in chronology ]
Everybody need not sign up to RECAP
Also, you are not going to get sign up's for RECAP just for uploading. A person installs the application initially to download documents. Then when he gets sufficiently comfortable with the application, and it is useful, he will start uploading documents.
At that point, you will not have computer nitwits operating the system, and they can ensure that they take required security measures.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Free Pacer Dockets
[ link to this | view in chronology ]