Skip to content

A Note on RECAP’s Commitment to Privacy

2009 August 20
by recapthelaw

We’ve gotten our first official reaction from the judiciary, in the form of a statement on the New Mexico Bankruptcy court’s website. It contains two important points about the PACER terms of use, and a misleading statement about privacy that we want to correct.

First, the good news: the court acknowledges the point we’ve made before: use of RECAP is consistent with the law and the PACER terms of use. The only potential exception is if you’ve received a fee waiver for PACER. In that case, use of RECAP could violate the terms of the fee waiver, which reads: “Any transfer of data obtained as the result of a fee exemption is prohibited unless expressly authorized by the court.” We’re not lawyers, so we don’t know if the court’s interpretation is correct, but we encourage our users to honor the terms of the fee waiver.

Now, an important correction. The statement raises the concern that RECAP could compromise sealed or private documents that attorneys access via the CM/ECF, the system attorneys use for electronic filing and retrieval of documents in pending cases. Protecting privacy is our top priority, and we specifically designed RECAP to safeguard the privacy of CM/ECF documents. As we describe
in our privacy FAQ
, RECAP is carefully designed not to upload documents from the CM/ECF system. When a user logs into the CM/ECF system, a cookie is set on the user’s browser that’s different from the cookie that’s set when a user is logged into the public PACER system. RECAP monitors for this cookie and automatically deactivates itself whenever the user is logged into CM/ECF. We tested this thoroughly, with some CM/ECF users, before we released the public beta.

We’re confident that RECAP maintains the security model set up by the courts, and that it will never upload documents while a user is logged into CM/ECF. The code is open source, so anyone with concerns is welcome to inspect it for themselves. We’d like to work with the judiciary in the coming weeks to ensure they understand how RECAP protects privacy and security, and to incorporate any further enhancements they might suggest. In the meantime, users can continue using RECAP with the knowledge that it’s designed with privacy as our top priority.

Update: A final reason users should be comfortable with using RECAP is that the extension’s operation is extremely transparent. The little “R” icon in the lower-right-hand corner of every browser window turns blue when RECAP is enabled (which should only happen when you’re logged into PACER) and grey when it’s disabled (which should happen when you’re logged into CM/ECF). We don’t think you’ll ever see a blue icon when you’re browsing CM/ECF, but if you do, you should immediately disable recap and let us know about it so we can investigate the problem. In addition, RECAP notifies you about every document it uploads (unless you choose to turn this feature off). Again, you should never see an upload notification while you’re on an CM/ECF page, but if you do you can contact us and we’ll delete that document from our database. So you don’t have to take our word for it when we say RECAP won’t upload CM/ECF documents, you can monitor what it’s doing and verify for yourself.

20 Responses leave one →
  1. Anonymous permalink
    August 20, 2009

    ED Texas also released the following statement this afternoon:

    NOTICE FOR CM/ECF FILERS

    The court would like to make CM/ECF filers aware of certain security concerns relating to a software application or “plug-in” called RECAP, which was designed by a group from Princeton University to enable the sharing of court documents on the Internet. Once a user loads RECAP, documents that he or she subsequently accesses via PACER are automatically sent to a public Internet repository. Other RECAP/PACER users are then able to see whether documents are available from the Internet repository. RECAP captures District and Bankruptcy Court documents, but has not yet incorporated Appellate Court functionality. At this time, RECAP does not appear to provide users with access to restricted or sealed documents. Please be aware that RECAP is “open-source” software, which can be freely obtained by anyone with Internet access and modified for benign or malicious purposes, such as facilitating unauthorized access to restricted or sealed documents. Accordingly, CM/ECF filers are reminded to be diligent about their computer security practices to ensure that documents are not inadvertently shared or compromised.

    The court and the Administrative Office of the U.S. Courts will continue to analyze the implications of RECAP or related-software and advise you of any ongoing or further concerns.

    NOTICE FOR PACER FEE-EXEMPT USERS

    The court would like to remind fee-exempt PACER users of the terms of the exemption and of potential issues associated with a new software application called RECAP. It was designed by a group from Princeton University to enable the sharing of court documents on the Internet. Once a user loads RECAP, documents that he or she subsequently accesses via PACER are automatically sent to a public Internet repository. Other RECAP/PACER users are then able to see whether documents are available from the Internet repository.

    A fee exemption applies only for limited purposes. Any transfer of data obtained as the result of a fee exemption is prohibited unless expressly authorized by the court. Therefore, fee exempt PACER users must refrain from the use of RECAP.

    The prohibition on transfer of information received without fee is not intended to bar a quote or reference to information received as a result of a fee exemption in a scholarly or other similar work.

  2. Anonymous permalink
    August 21, 2009

    The Southern District of Illinois has also chimed in, with:

    “PLEASE NOTE: The full implications of using RECAP or related software are as yet unknown, including whether restricted documents could be inadvertantly made available on the public Internet. CM/ECF filers must exercise caution and responsibility if using such software.”

    I guess the courts should get busy figuring out whether they actually think this is a threat. It’s interesting that they seem to be afraid of this foreign concept of “open source” in which any citizen can build tools for accessing and redistributing public information.

  3. August 21, 2009

    Ladies/Gentlemen–

    Is it possible for your organization to digitally sign the plug-in, i.e. the xpi file? If so, it would help to validate authenticity, that the plug-in has not been tampered and set aside some of the apparent concerns over ‘open source’, albeit open source or proprietary does not preclude tampering with either.

    If the xpi file cannot be signed, creation of an exe installation app that contains the xpi file could be done. While this latter approach would add an additional layer and possible user inconvenience [Firefox not recognizing it automatically and thus installing the plug-in automatically upon download] … I believe it may be of benefit to address any concerns, including the security/integrity, that the courts may have.

    Thanks.

    • admin permalink
      August 21, 2009

      The xpi is indeed signed. Does it not show you that the author is “Princeton Center for Information Technology Policy” when you install it? You can also look inside the xpi itself (it is just a zip file) to see the signature files.

  4. August 21, 2009

    Damn it. The exe file can and should be digitally signed.

    Add an edit feature, maybe … monkeys make mistakes.

  5. August 21, 2009

    Thanks for the response.

    During installation, it does show the author.

    Is that sufficient? How does anyone validate or know that the extension has been digitally signed and the file has not been tampered? Does that constitute sufficient notice or user ability to validate… just the appearance of the author during installation that is apparently tied to a digital signature? Such is new to me that during installation of any Firefox extension, presence of the author’s name indicates a presence of a digital signature.

    I don’t know. It is not a traditional method used to validate authenticity as I am aware of checking/validating software and/or documents.

    • admin permalink
      August 21, 2009

      Sadly, this is the only indication that Firefox gives that the extension has been signed. It’s not very well documented by the Firefox folks. Ideally, it would show you more details about the certificate in that window. We’ll take some more time to see if there’s some other way that you can independently check the signature status. We should probably add a FAQ about this.

  6. August 21, 2009

    Thanks.

    The only reason that I have brought this up is the district courts seem to be concerned about use of ‘open source’ or at least a trend may be developing that the courts are concerned about security.

    So how does or can that concern, which I believe to be legitimate particularly when the importance of ‘integrity’ is factored into the federal judiciary, get ‘pancaked’?

    The devil is always in the details but things to work efficiently must be kept simple and stupid.

    Then again, I could be creating a mountain out of a speck of dust. Liaison between Recap and the Judicial Conference?

  7. Schlomo McGill permalink
    August 21, 2009

    The courts are neither unfamiliar with nor “afraid” of open source. Both PACER and CM/ECF are written using open source tools and open source concepts. What there is some concern about is the authenticity of the RECAP extension. As soon as the source is available, it will be subject to imitation and use for other ends than the CITP intended. Imagine a plugin (or extension) that looks and acts exactly the same, but infects PDF documents with a trojan, for example.

    For what it’s worth, I ran the numbers today and it turns out that if RECAP were perfectly successful (every download went to the archive and every user took advantage of the archive), the PACER fees would have to go up from $0.08 per page to about $35/page. That should lower the costs of litigation, huh?

  8. Anonymous permalink
    August 22, 2009

    Public Citizen’s Consumer Law & Policy Blog:
    Federal court using scare tactics to block sharing of public records
    by Paul Levy

    It appears that the US Courts, concerned about competition from software that offers the possibility of widespread free access to documents filed on federal judicial dockets, for which the public would otherwise have to pay the courts at the rate of 8 cents a page, are ready to resort to scare tactics to discourage lawyers from using that software.

    As recently announced, RECAP is a Firefox plug-in that automatically downloads to a free, public archive all documents that a lawyer or other consumer uses when obtaining paid access to court documents on the PACER web sites maintained by federal trial and appellate courts. At the same time, users of RECAP can tell whether the documents that they are trying to access have already been downloaded to the public archive by another RECAP user; if so, the user can avoid the $.08 per page charge that the user would otherwise pay to view the document on the judicial electronic docket. These are public documents — if RECAP is willing to maintain them and make them available for free, the courts have no business stopping them.

    In this regard, we are advised that the court system is charging far more than the cost of maintaining is electronic dockets as the fee for viewing and downloading documents. Because PACER has become a profit center for the courts, when Public Citizen lawyers decided to adopt RECAP for our own downloads, we recognized the possibility that the courts might take some action to protect their revenue source.We did not have long to wait. I received the following shot across RECAP’s bow in the form of a notice to all ECF filers sent today by the United States District Court for the Eastern District of Michigan:

    The court would like to make CM/ECF filers aware of certain security concerns relating to a software application or “plug-in” called RECAP, which was designed to enable the sharing of court documents on the Internet.

    Once a user loads RECAP, documents that he or she subsequently accesses via PACER are automatically sent to a public Internet repository. Other RECAP/PACER users are then able to see whether documents are available from the Internet repository. At this time, RECAP does not appear to provide users with access to restricted or sealed documents.

    Please be aware that RECAP is “open-source” software, which means it can be freely obtained by anyone with Internet access and could possibly be modified for benign or malicious purposes. This raises the possibility that the software could be used for facilitating unauthorized access to restricted or sealed documents. Accordingly, CM/ECF filers are reminded to be diligent about their computer security and document redaction practices to ensure that documents and sensitive information are not inadvertently shared or compromised.

    The court and the Administrative Office of the U.S. Courts will continue to analyze the implications of RECAP or related-software and advise you of any ongoing or further concerns.

    In other words, the courts’ experts have not been able to find any present security concerns, but they want users to worry that “open source” software is more vulnerable to malign modifications. Be afraid. Be VERY afraid.

    There is one aspect of this warning from the Eastern District of Michigan that does bear consideration, in light of the point made about RECAP by Eric Turkewitz that the free availability of PACER documents makes it easier to obtain private information that is often included in court filings. It is certainly true that public availability of these documents — especially if the RECAP archive will be searchable — will significantly increase the consequences of filings that inadvertently disclose private information such as social security numbers and exact birth dates that Federal Rule 5.2 requires to be redacted from electronic filings and only submitted in paper form if it is essential that the information be provided to the court. The rise of RECAP should give lawyers an added incentive to be careful about their redactions to comply with Rule 5.2.

  9. Anonymous permalink
    August 23, 2009

    The AO language posted by Anonymous above was sent out to all of the courts and to Federal Defender organizations as two “Sample Notices”. Apparently ED Texas just removed the word “SAMPLE” and forwarded it along.

  10. August 23, 2009

    The rhetoric as indicated by the above referenced Levy blog article and now, the notice issued by administrative offices of the federal courts, which I believe to be premature, needs to be scaled back. I worry of territorial battle lines being drawn and this entire thing turning into a mess. Too many benefits and too much common ground exist for that to develop.

  11. Anonymous permalink
    August 25, 2009

    N.D. Georgia (to all e-filers):

    ANNOUNCEMENT

    The purpose of this e-mail is to provide you with information about a software application or plug-in called RECAP. There has been widespread coverage about this software in the media. The Administrative Office of the US Courts is examining how the software operates to ascertain whether there are policy or security implications. The Court cautions all CM/ECF filers that the full implications of using RECAP or related-software are as yet unknown, including whether restricted documents could be inadvertently made available on the public Internet. Please check our website for more details as they are available.
    NDGA System Admin.

  12. Concerned..... permalink
    August 25, 2009

    “We Don’t Think…… But if you do find yourself accessing files you shouldn’t, contact us???????” Are you kidding me!!!

    Currently, anyone who has a credit card (not just attorneys) and is willing to pay the 8 cents/page to access documents on PACER can do so. While the majority of the users are on the “up & up” – I am sure that there are just as many who are just cruising to see what they can find to help them with the equivalent of electronic “breaking & entering”. Do you think that kind of person will advise you that they obtained information that they shouldn’t have – so that RECAP can fix the error???

    I am sure that the RECAP people would be all for the open architecture until one of them are involved in litigation and the ‘open source’ backfires on them – releasing their private info.

    Until someone can assure all involved that this system protects everyone in every circumstance – I am not comfortable with the “We Don’t Think” product support stance!

    • admin permalink
      August 25, 2009

      Ha, we actually debated this language internally. We have a high degree of confidence that RECAP preserves the security model set up by the courts (and this may now be confirmed by the courts). However, we wanted to remain open to the possibility that we missed something in our months of testing, and we wanted to make clear that even in this unlikely scenario there is a clear notification and remedy.

  13. August 26, 2009

    I note that the U.S. District Court for the District of New Mexico doesn’t even have a tab to select “Written Opinion,” i.e., the ‘free’ documents. What basis is there for each of the districts to handle the PACER option in varying ways?

  14. August 27, 2009

    Southern District of Florida:

    quote

    The court would like to make CM/ECF filers aware of certain security concerns relating to a software application or “plug-in” called RECAP, which was designed by a group from Princeton University to enable the sharing of court documents on the Internet.

    Once a user loads RECAP, documents that he or she subsequently accesses via PACER are automatically sent to a public Internet repository. Other RECAP/PACER users are then able to see whether documents are available from the Internet repository. RECAP captures District and Bankruptcy Court documents, but has not yet incorporated Appellate Court functionality. At this time, RECAP does not appear to provide users with access to restricted or sealed documents. Please be aware that RECAP is “open-source” software, which can be freely obtained by anyone with Internet access and modified for benign or malicious purposes, such as facilitating unauthorized access to restricted or sealed documents. Accordingly, CM/ECF filers are reminded to be diligent about their computer security practices to ensure that documents are not inadvertently shared or compromised.

    The court and the Administrative Office of the U.S. Courts will continue to analyze the implications of RECAP or related-software and advise you of any ongoing or further concerns.

    /quote

    Translated from its native scare tactics English, this would appear to be “be afraid because this is OSS and bad people could engineer it to crack sealed files.”

    I’m looking forward to trying RECAP and seeing it in action.

    Brad Patrick
    Tampa, FL

  15. Hugh Tedder permalink
    August 28, 2009

    Here’s the Southern District of Mississippi’s response to RECAP:

    The court would like to make CM/ECF filers aware of certain security concerns relating to a software application or “plug-in” called RECAP, which was designed by a group from Princeton
    University to enable the sharing of court documents on the Internet.

    Once a user loads RECAP, documents that he or she subsequently accesses via PACER are automatically sent to a public Internet repository. Other RECAP/PACER users are then able to see whether documents are available from the Internet repository. RECAP captures District and Bankruptcy Court documents, but has not yet incorporated Appellate Court functionality. At this time, RECAP does not appear to provide users with access to restricted or sealed documents.

    Please be aware that RECAP is “open-source” software, which can be freely obtained by anyone with Internet access and modified for benign or malicious purposes, such as facilitating unauthorized access to restricted or sealed documents.

    Accordingly, CM/ECF filers are reminded to be diligent about their computer security practices to ensure that documents are not inadvertently shared or compromised.
    The court and the Administrative Office of the U.S. Courts will continue to analyze the implications of RECAP or related-software and advise you of any ongoing or further concerns.

  16. Neal Goldfarb permalink
    August 28, 2009

    Regarding the supposed risk that Recap could enable access to “sealed or restricted” documents:

    Sealed documents aren’t supposed to be on Pacer in the first place. Rather, hard copies of any sealed document are supposed to be physically filed with the clerk. All that’s supposed to be filed electronically is a notice describing the document that was filed under seal.

    So the only way that a sealed document could be available on Pacer is if someone screwed up — either a filing lawyer improperly filed the sealed document via ECF or someone in the clerk’s office put the document up. Recap obviously can’t be blamed for any of that.

    However, it seems to me that Recap does create some added risk in that it perpetuates the mistake. If a sealed document shows up on Pacer, the court can take it down, but if the document has already been uploaded to Recap, it will still be there.

    This suggests that maybe the courts should figure out a way to notify Recap whenever a sealed document is inadvertently posted on Pacer and then removed, so that Recap could remove it from the Archive.

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS