An organization called the Free Law Project has identified a serious vulnerability in PACER, the federal courts’ online filing system. The bug permits cross-site forgery, essentially a method of capturing another user’s account information, and utilizing that information to access documents. The original account owner would be charged, but might not know it until the account statement arrives weeks later. PACER fees, which are currently 10 cents per page with a maximum of $3.00 per document, can quickly add up.
Early stories also stated that another vulnerability would allow hackers to file documents through other people’s account, compromising the integrity of the entire justice system. PACER administrators, however, have denied that fraudulent filing was possible. The cross-site forgery issue has apparently also been addressed.
For those interested in the specific technical details of the bug, the Free Law Project has posted what it shared with the courts here.
Almost 30 years after the PACER system was implemented for the federal district courts, and more than 15 years after district court dockets were placed on the web, the U.S. Supreme Court has announced that it will adopt its own electronic filing system. The system goes into effect this November.
The Court’s announcement states that “Once the system is in place, virtually all new filings will be accessible without cost to the public and legal community.” I read that to mean that reviewing and downloading docket materials will be free, which would be an improvement on the costly PACER system. Let’s hope that is what is intended.
In April, attorneys for several watchdog groups filed a class action lawsuit in the U.S. District Court for the District of Columbia, arguing that the court’s Public Access to Court Electronic Records (PACER) system overcharged the public for access to court records starting in April 2010.
The lawsuit seeks “an unspecified amount of damages that ‘are found to exceed the amount authorized by law,’ as well as attorney fees.” Court documents and further details on the suit from the class action attorneys can be found here.
I was notified by email that I am a member of the plaintiff class, based on periodic PACER research I have conducted since 2010. And I have been critical of high PACER fees in the past, especially when PACER is used purely for academic research. But this is a pretty silly lawsuit. The class action attorneys will make a tidy sum from any settlement, and the actual affected members will likely get nothing of consequence. I would much prefer to see the courts offer PACER as a free research service, or otherwise develop a sensible, tiered payment system.