How secure will the online court be?

deprivation of liberty

OK, I should begin this post by saying that I am not au fait with the technicalities of the proposed online court, and much of what I am about to say may therefore be complete rubbish, but something I read recently set off some concerns about just how secure the ‘court’ will be.

What I read recently was an article in a legal journal about an event in July inviting teams “to design various tools to support online courts – for example, tools to help litigants structure their legal arguments, organise their documents, negotiate settlements without advisers, as well as systems that will promote ‘open justice’ and machine learning solutions that will help analyse all the data generated by the online courts”. Now, I have no problem at all with that, but what triggered my concerns was the name given to the event. It is called a ‘hackathon’.

I realise of course that that name relates to the activities that will be taking place at the event, but it is closely related to ‘hacking’, which is something the online court will certainly not want to be subjected to.

Before I go on I should also say that I am sure that those tasked with the job of designing and building the online court are fully aware of the security issues, and are doing everything they can to deal with them. However, my point is that, as we see regularly in the news, no online system can ever be 100 per cent secure. If a company with the resources of Yahoo (for instance) cannot prevent its website from being hacked, what chance has HM Courts & Tribunals Service (HMCTS) got, with its increasingly limited resources? And it would hardly be the first time that a government agency website has been hacked.

So just what could happen if the online court was hacked? Well, there are no doubt many different types of website hack, but I’ll give three examples.

The first is the simple denial of service hack, whereby the website is bombarded with traffic from multiple sources (usually other computers that have been infected with a virus), thereby making the website unavailable to users. Now, such attacks may not involve the obtaining of data from the ‘victim’ site (more of which in a moment), but obviously it could be a very serious issue for users if the online court site is taken down for any length of time, particularly if it is at a sensitive juncture in the proceedings.

The second type of hack is the one whereby the hacker gets access to the site and alters it in some way. It is very easy, for example, to imagine some fathers’ rights group hacking into a family court website to broadcast its ‘propaganda’. That probably wouldn’t be too serious, as it would be obvious and could no doubt be removed quickly. But what if the alteration was more subtle, and wasn’t quickly spotted? Misinformation placed on the site could again have serious consequences for users.

And then there is the hack whereby users’ data is stolen. The loss of personal data such as addresses, telephone numbers and bank details is serious enough, but the documentation filed in a family law case can obviously be extremely sensitive. What guarantees could HMCTS provide that that documentation will be secure? As I indicated above, I don’t think that there can ever be a 100 per cent guarantee.

If that is correct, then it would surely only be a matter of time before users’ data is stolen from the online court. It may take a few years, but it is going to happen. What makes me even more concerned is that the move towards an online court is obviously being driven to a large degree by the financial savings that it promises when compared to bricks and mortar courts, and it would be no surprise if corners were cut in the haste to secure those savings. After all, the past record of the courts and other agencies such as the Child Support Agency with computerisation hardly inspires confidence.

In short, there are clear benefits to be had from an online court system. I won’t deny that. But there are also risks. Are we prepared to take those risks?

Of course we will take them. The online court is happening, and there is nothing anyone can say or do to stop it. As I indicated at the start of the post, I don’t know what is being done to make it secure. Maybe my worries are misplaced. I certainly hope so.

Photo by DeclanTM via Flickr under a Creative Commons licence.

John Bolch

John Bolch often wonders how he ever became a family lawyer. He no longer practises, but has instead earned a reputation as one of the UK's best-known family law bloggers.

View more from this author

3 comments

Brian - May 10, 2017 at 7:45pm

If the CTS are like every other branch of the civil service I’ll give it 3 months before it gets hacked and data is stolen. MOD lost data, CMS do it like its sand running through fingers. I’m not sure the dottering old farts on the bench could cope without a pen and stacks of paper they don’t read anyway!!!!

spinner - May 10, 2017 at 11:00pm

I was going to go through this article and point out the ridiculous errors the author has made but it’s maybe easier to just say to anyone reading this please don’t take it seriously this guy know’s nothing about computer security or software development and he has completely misunderstood what are some quite basic terms for anyone involved in this area.

John Bolch - May 11, 2017 at 10:26am

So you are saying that the system will be 100% secure?

Leave a comment