Share this page!

Free Law Project ⚖ Profile picture
Twitter logo
14 Oct, 10 tweets, 3 min read
Today is a two-steps-forward-one-step-back day for the Judiciary. They finally took our 2017 advice and established a policy for good guys to report security problems in their websites. This is really good — in principle, anyway. uscourts.gov/news/2021/10/1…
The general idea is that online systems are always under attack, so you want to encourage good hackers by saying things like:
1. These are the rules for trying to break our stuff
2. If you break those rules, here's what we'll do
3. If you don't break those rules, you're a friend
Sometimes you even have a "bug bounty," where you say, "If you find a problem and tell us, we'll give you money." Most of the Internet giants do this. Some will pay LOTS of money for a vulnerability. Great. Our policy is here: free.law/vulnerability-…
Earlier this year, our policy exposed a vulnerability in the Python programming language that we reported and they fixed. These policies are great.

Unfortunately, the Judiciary has some problems with theirs.
First, it has the tiniest scope you can imagine: Three websites, one of which doesn't exist. Notably absent? Any website that matters, like, say, PACER! Image
Second, the policy seems to be administered by a third party (this is fine), but their website doesn't work (this is not fine). The policy is here: uscourts.responsibledisclosure.com. This website doesn't work: responsibledisclosure.com. 🤦
Third, questions about the policy go to support@responsibledisclosure.com. That's weird. Shouldn't they *not* go to a third party, and instead go to the Judiciary?
An org with a $7B/year budget should do better, but, OK, fine.

We also have some concerns about the language of the policy, but we'll leave those details to others.

The scope should grow over time, and, frankly, it doesn't matter that much who is running your VDP.
Two steps forward and one step back.

(We really want good things for the Judiciary!)
Let's see if this helps: Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Free Law Project ⚖

Free Law Project ⚖ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @FreeLawProject

Free Law Project ⚖ Profile picture
28 Sep
Four years in the making, today we are announcing a new one-of-a-kind database containing the investment and conflict information for every federal judge. Spanning 17 years, this database was extracted from over 250,000 pages of judicial financial records. free.law/2021/09/28/ann…
In tandem with developing this new data, we collaborated with a team of investigative journalists at The Wall Street Journal.

They spent the past several months diving into the data. The first of their groundbreaking reports is out today: wsj.com/articles/131-f…
To build this database, we collected over 27,000 financial disclosure forms filed by federal judges, magistrates, and justices. We are releasing over 1.5M investment transactions, 29,000 reimbursements, 1,700 gifts, and more. Details here: courtlistener.com/coverage/finan…
Read 11 tweets
Free Law Project ⚖ Profile picture
26 May
Big new feature today: Tagging! You can now use tags on CourtListener to create private or public collections of dockets! courtlistener.com/help/tags/
We plan to allow you to tag documents or other resources soon. At launch you can tag dockets however you please, and then create detailed webpages for your tags. The help text has the details: courtlistener.com/help/tags/
In addition to this great new feature, we've got a few bonus features. First, CourtListener just got faster. You should notice it a bit, particularly on slower connections.
Read 7 tweets
Free Law Project ⚖ Profile picture
25 May
The judicial branch commissioned @18F to do an 11-week study of PACER/CM/ECF. The result is a monumental leap forward in the effort to fix the PACER problem. Finally, we have some details about what's happening with this vital resource. A few notes…
First, if you're in the legal, technology, or government space, you should read this thing. From technology to contracting to how PACER/CM/ECF works, we've never seen so many best practices in one place. Dip this document in bronze so it'll last forever: free.law/pdf/pacer-path…
Now, some highlights (but go read it!). First, the bottom line: "The judiciary should build a new system."
Read 11 tweets
Free Law Project ⚖ Profile picture
15 Sep 20
The House Judicial Committee just came out strongly in favor of the "Free PACER" bill. The quotes are just incredible. We'll put some here....
Nadler: "Judiciary records systems have long lagged behind modern standards of accessibility and openness."

"It is a disservice that in today's digital age the public's access to public records and public proceedings is so resource-intensive and burdensome."
More Nadler: "This does not reflect the modern standards the public deserves"

"it is indfensible that the public must pay fees...to know what is happening in their own courts."
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @FreeLawProject has new unrolls!

Check out other threads from @FreeLawProject!

Read all threads by @FreeLawProject

:(