The opinion of the court was delivered by: Alan L. Balaran Special Master
FIRST STATUS REPORT OF THE SPECIAL MASTER REGARDING THE SHUTDOWN AND RECONNECTION OF COMPUTER SYSTEMS AT THE DEPARTMENT OF THE INTERIOR
Following plaintiffs' May 17, 2001 filing of their Consolidated Motion for an Emergency Temporary Restraining Order and Motion for a Preliminary Injunction and Motion for Order to Show Cause Why Secretary Norton, Her Employees and Counsel Should Not Be Held in Contempt, the Court instructed the Special Master to investigate possible computer security breaches at the Department of Interior's Office of Information Resources Management. On November 14, 2001, the Special Master filed his Report and Recommendation of the Special Master Regarding the Security of Trust Data at the Department of the Interior ("Special Master Report") chronicling Interior's history of compliance with its fiduciary duty to safeguard and secure individual Indian trust data. The Special Master concluded that Interior was "in derogation of court order, common-law, and statutory and regulatory directives" and that it "demonstrated a pattern of neglect that has threatened, and continues to threaten, the integrity of trust data upon which Indian beneficiaries depend." Special Master Report at 152. The Special Master, as a result of these findings, recommended that the Court "intervene and assume direct oversight .of those systems housing Indian trust data." Id.
The plaintiffs subsequently renewed their motion for a temporary restraining order and, on December 4, 2001, orally moved the Court to order the disconnection of Interior's information technology systems until individual Indian trust data could be. secured. At the Court's direction, plaintiffs filed an Emergency Alternative Motion for a Temporary Restraining Order on December 4, 2001 asking that "defendants immediately disconnect from the Internet all information technology systems which provide access to individual Indian trust data." Following a hearing convened on December 5, 2001, the Court granted plaintiffs' motion and ordered: (1) "that defendants shall immediately disconnect from the Internet all information technology systems that house or provide access to individual Indian trust data"; and (2) "that defendants shall immediately disconnect from the Internet all computer within the custody and control of the Department of the Interior, its employees and contractors, that have access to individual Indian trust data." Temporary Restraining Order at 2.
On December 8, 2001, the Court granted defendants' December 7, 2001 Motion for Partial Relief which allowed the United States Geological Service ("USGS") to provide real-time. dissemination of information about floods and droughts and to reconnect the National Interagency Fire Center ("NIFC") to allow BIA/NIFC to respond to fire emergencies.*fn1 In its motion, Interior stated that it "believe[d] that these and other problems would be correctable if Interior is permitted to reconnect to the Internet any information technology system that does not house individual Indian trust data and that does not provide access to individual Indian trust data, even if it did satisfy one of these criteria when the Temporary Restraining Order was entered." Motion for Partial Relief at 3.*fn2 The only condition placed by the Court on its Order Providing Partial Relief from Temporary Restraining Order was that Interior reconnect its systems "within 24 hours of notice to the Special Master and plaintiffs' counsel with appropriate documentation." Order at 1.
On December 17, 2001, the Court entered a Consent Order that, in part, preserved the injunctive relief granted by the temporary restraining order and, in part, offered Interior several vehicles by which technology systems could be: (1) operated on a stand alone basis if disconnected from the Internet; (2) reconnected to the Internet upon successfully demonstrating that such systems did not house or provide access to individual Indian trust data; (3) reconnected to the Internet for specific, limited periods of time in order to facilitate the testing of system security or the payment of individual Indian trust monies; or (4) reconnected to the Internet on a permanent basis if it could be demonstrated that adequate security was provided for individual Indian trust data.
The Consent Order also provided that "Interior Defendants may reconnect to the Internet any information technology system that does not house individual Indian trust data and that does not provide access to individual trust data seventy-two hours (72) after providing actual notice with appropriate documentation to the Special Master and Plaintiffs' counsel or immediately upon concurrences of the Special Master,"(Consent Order at 5-6) and required Interior to secure the approval of the Special Master prior to reconnecting any of the Information Technology ("IT") systems impacted by the Court's Order.
On January 10, 2002, Department of the Interior Assistant Secretary Neal McCaleb published a letter to "Tribal Leaders" outlining Interior's efforts to reconnect those computer systems that were shut down pursuant to the Court's December 5, 2001 Temporary Restraining Order and in accordance with the terms of the Court's December 17, 2001 Order ("McCaleb Memorandum").*fn3 On that same date, Interior published its "US Department of the Interior Impacts of Shutdown of Internet Access as of January 10, 2002" ("Impacts Report"). According to Assistant Deputy Secretary Jim Cason, "[t]he Reports are used to "to secure restoration of this service [and to] inform OMB and Hill officials and to respond to media inquiries about how we are dealing with these restrictions." Memorandum from Tim Cason to Distribution (Subject: "Impacts of Internet Shutdown at the Department of the Interior.").
This status report is to provide the Court with information that may not be contained in Interior statements to the tribes and the media in an effort to create a more complete record.
As an overarching matter, statements contained in the Impacts Report and the McCaleb Memorandum make no mention of the predicate conditions that led to the Court's December 5, 2001 injunction, i.e., the abysmal state of IT security and the vulnerabilities that have long impacted the security of Indian trust data and that have been institutionally ignored until the Court took direct action on December 5, 2001 and shut down Interior's computer systems. The Court's order is presented, not as one directly emanating from Interior's negligence, but rather as one that generically "stemmed from ongoing litigation regarding Indian trust funds." Impacts of Electronic Shutdown (Cover Page):
A brief analysis of Interior's Impacts Report and a discussion of the current status of Interior's reconnection efforts, as summarized in the McCaleb Memorandum follows:
January 10 2002 Impacts Report.*fn4
The January 10, 2002 Impacts Report categorizes the consequences to Interior systems resulting from the Court's injunction as follows: "Emergency (Public Health and Safety);" "Noncompliance with Laws or Regulations;" "Economic Impacts;" and "Other Impacts." This report will be limited to analyzing the "Emergency (Public Health and Safety)" impacts.*fn5
The Impacts Report describes the December S, 2001 injunction as having dire consequences such as lost access to critical law enforcement databases, the inability of law enforcement operations to receive terrorist threat warnings and the significantly impaired ability of law enforcement personnel to access in-house criminal case management systems. What is not mentioned is that, on December 23, 2001, the Special Master approved Interior's December 21, 2001 request to reconnect of the Law Enforcement. computer systems. The Impacts Report's only acknowledgment of the reconnection is the following statement: "As of December 31, 2001, DOI's Watch Office has been able to reconnect its e-mail system." (Emphasis added.) The delay between the December 23 approval date and the December 31 reconnection date is ...