Wyden bill would require digital signatures for sensitive court orders

Sen. Ron Wyden walks past the Senate Chambers at the U.S. Capitol on July 21, 2021 in Washington, D.C. (Photo by Anna Moneymaker/Getty Images)

Share

Written by

Miscreants have leveraged counterfeit court documents to authorize wiretaps on romantic interests or dupe Google into removing embarrassing links from search results, among other instances of fraud, in recent years.

Sen. Ron Wyden on Wednesday is unveiling bipartisan legislation to counter that kind of forgery by requiring federal, state and tribal courts to use digital signatures — which rely on encryption technology — for orders that authorize surveillance, domain seizures and online content removal.

The legislation, first reported by CyberScoop, also directs the National Institute for Standards and Technology to develop standards for court order digital signatures within two years, for federal courts to test out the technology and then for state and tribal courts to adopt it within four years after the rules are finished. The senator said the bill aims to curb opportunities for fraud by forcing the use of digital signatures, which are rapidly surging in popularity.

“There are a lot of hard problems when it comes to tech policy – this isn’t one of them,” Wyden, an Oregon Democrat, said. “Our bill will shut down the scam artists and fraudsters that have abused the insecure court order system, by using time-tested technology that is widely deployed elsewhere in the government. This bipartisan legislation will improve confidence in the legal system and ensure only legitimate court orders are executed.”

Wyden’s Senate cosponsors include Thom Tillis, R-N.C., and Sheldon Whitehouse, D-R.I.

In 2018, a court found a former New York county prosecutor guilty of authorizing illegal wiretaps on a love interest — a male police detective — as well as a female colleague. The prosecutor “physically cut a copy of each judge’s signature from a legitimate document and taped the signature onto the fraudulent documents she had created” and then submitted them to cell phone providers, according to court documents.

A 2019 CBS News investigation that examined thousands of requests for Google to remove online content found 60 documents with of forged signatures that imitated judges’ orders. Some requests used the counterfeits to seek relatively innocuous takedowns, like restaurants seeking to erase bad reviews. But two were from child sex offender who wanted to bury information about their crimes.

Wyden’s legislation authorizes “such sums as are necessary” to carry out the bill, like aid to state and tribal courts, leaving specific dollar figures to congressional appropriators who set federal spending levels.

Telecommunications and technology companies that refuse to comply with court orders that lack authorized digital signatures would receive legal immunity for doing so.

Digital signature requirements are common within the federal government, the legislation notes. For instance, last fiscal year’s annual defense policy bill authorized the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to issue administrative subpoenas to internet service providers when it finds critical infrastructure security vulnerabilities but can’t locate the owner.

That law required that the CISA subpoenas be ‘‘’authenticated with a cryptographic digital signature’ and that subpoenas lacking such a digital signature ‘shall not be considered to be valid by the recipient 10 of such subpoena,'” the legislation reads.

The use of digital signatures in legal proceedings rose during with the onset of Covid-19 as courts conducted less business in person.

Backers of the Wyden-Tillis-Whitehouse proposal include Public Citizen, Free Law Project and Yelp.

“Just as the Internet needs more security, our judicial system does, too,” UCLA law professor Eugene Volokh said in support of the Wyden measure. “This bill would help stem the flood of forged court orders that unscrupulous actors have used to try to manipulate Internet service providers and search engines.”

-In this Story-

Congress, Cybersecurity and Infrastructure Security Agency (CISA), encryption, Google, Ron Wyden, surveillance, telecommunications
TwitterFacebookLinkedInRedditGmail