Cobell v. Norton, CIV.A.96-1285 RCL.

• Decision Date: 28 July 2003
• Docket Number: No. CIV.A.96-1285 RCL.,CIV.A.96-1285 RCL.
• Citation: 274 F.Supp.2d 111
• Parties: Elouise Pepion COBELL, et al., Plaintiffs, v. Gale A. NORTON, Secretary of the Interior, et al., Defendants.
• Court: U.S. District Court — District of Columbia

274 F.Supp.2d 111

Elouise Pepion COBELL, et al., Plaintiffs, v. Gale A. NORTON, Secretary of the Interior, et al., Defendants.

No. CIV.A.96-1285 RCL.

United States District Court, District of Columbia.

July 28, 2003.

Keith M. Harper, Lorna K. Babby, Native American Rights Fund, Washington, DC, Robert Meyer Peregoy, Ronan, MT, Elliott H Levitas, Kilpatrick Stockton, LLP, Washington, DC, Dennis Marc Gingold, Mark Kester Brown, Washington, DC, for Plaintiffs.

Robert D. Luskin, Patton BoggS LLP, Washington, DC, Tom C. Clark, U.S. Department Of Justice Land & Natural Resources Division, Washington, DC, Susan Virginia Cook, U.S. Department Of Justice Environment & Natural Resources Division, Washington, DC, Brian L. Ferrell, Andrew M. Eschen U.S. Department Of Justice, Washington, DC, Charles Walter Findlay, III, Sarah D. Himmelhoch United States Department Of Justice Environment and Natural Resources, Washington, DC, Sandra Marguerite Schraibman, U.S. Department Of Justice Federal Programs Branch, Washington, DC, Connie S. Lundgren, Washington, DC, John Charles Cruden, U.S. Department Of Justice Environment & Natural Resources Division, Annandale, VA, for Defendants.

MEMORANDUM OPINION

LAMBERTH, District Judge.

This matter comes before the Court on plaintiffs' motion for a preliminary injunction to ensure the protection of individual Indian trust data [2116-2], which was filed on June 26, 2003. Upon consideration of plaintiffs' motion, defendants' brief in opposition thereto, the oral arguments of counsel, and the applicable law, the Court finds that plaintiffs' motion should be granted.

Prior to entering a preliminary injunction, this Court is required to provide written findings in support of its conclusion that such an injunction should be entered. Accordingly, the Court will relate the events leading up to the present opinion in some detail.

I. PROCEDURAL BACKGROUND

A. Events Preceding the Entry of the December 17, 2001 Consent Order

In the April 2001 issue of Government Executive magazine, then-Chief Information Officer of the Bureau of Indian Affairs Dominic Nessi observed: "For all practical purposes, we have no security, we have no infrastructure, .... Our entire network has no firewalls on it. I don't like running a network that can be breached by a high school kid. I don't like running a program that is out of compliance with federal statutes, especially when I have no ability to put it into compliance." Katherine McIntire Peters, Trail of Troubles, GOVERNMENT EXECUTIVE, April 1, 2001, at 100.¹ This Court thereafter ordered the Special Master in this case, Alan Balaran, to investigate the, integrity of the computer security systems in the custody or control of the Interior Department that might house individual Indian trust data. The Interior defendants raised no objection to this order and did not seek to challenge its implementation before this Court or on appeal. On November 14, 2001, the Special Master filed a 154-page report entitled "Report and Recommendation of the Special Master Regarding the Security of Trust Data at the Department of the Interior" ("Trust Data Security Report"). The conclusion of the report stated: "It is the recommendation of the Special Master that the Court intervene and assume direct oversight of those systems housing Indian trust data. Without such direct oversight, the threat to records crucial to the welfare of hundreds of thousands of IIM beneficiaries will continue unchecked." Trust Data Security Report at 154. The infirmities uncovered in the November 14, 2001 Report of the Special Master have never been questioned. See Cobell v. Norton, 334 F.3d 1128, 1149 (D.C.Cir.2003), nor appealed.

On December 5, 2001, this Court entered a temporary restraining order mandating that the Interior Department "immediately disconnect from the Internet all information technology systems that house or provide access to individual Indian trust data" and "immediately disconnect from the Internet all computers within the custody and control of the Department of the Interior, its employees and contractors, that have access to individual Indian trust data." The order was amended the next day, following a hearing.

On December 17, 2001, with the consent of the Interior defendants, the Court entered a consent decree entitled "Consent Order Regarding Information Technology Security" ("the Consent Order"), which modified the temporary restraining order.² The Consent Order mandated, inter alia, that "Interior shall not reconnect any information technology system to the Internet without the concurrence of the Special Master as provided herein" and that

the Special Master shall verify compliance with this Consent Order and may conduct interviews with Interior personnel or contractors or conduct site visits wherever information technology systems or individual Indian trust data is housed or accessed. Each party will have the opportunity to have at least one counsel present at such interviews or site visits, and any additional personnel permitted by the Special Master. The Special Master will provide notice to counsel for both parties in advance of such interviews or site visits, but such notice may be limited to the minimum necessary for counsel to make arrangements to attend. Unless expressly permitted by the Special Mater in writing, counsel shall not inform their clients or any third parties about such interviews or site visits in advance[.] [emphasis added]

B. The Events Preceding the Entry of the June 27, 2003 Temporary Restraining Order

On April 24, 2003, the Special Master sent a letter to Justice Department attorney Glenn Gillett, a member of the Interior defendants' litigation team. The letter stated that on April 9, the Security Assistance Group ("SAG") appointed by the Special Master to verify the Interior Department's compliance with the Consent Order had discovered that a server operated by Interior's Office of Surface Mining ("the OSM server"), a system that housed individual Indian trust data, was accessible from the Internet. The Special Master further reported:

On Apr 18, 2003 SAG conducted a Nessus security scanning test on OSM servers and identified a vulnerability on [the OSM server] that would allow remote unauthorized users to grab copies of files from the file system on the server[.]

On Apr 21, 2003 SAG performed additional tests on this server to ensure that the vulnerability did not reflect a "false positive" finding. Results of those tests verified the existence of a vulnerability.

The Special Master further stated that on April 22, SAG drafted a plan for further testing in accordance with the protocols developed by the Special Master and the Interior Department ("the Rules of Engagement"), and e-mailed this test plan to the Special Master, Interior Department employee Roger Mahach, Interior Department contractor Jon Pettyjohn, and Justice Department attorney John Warshawsky. The Rules of Engagement identify the last three individuals as "Trusted Points of Contact" who were to be contacted by the Special Master prior to undertaking penetration testing of Interior Department computer systems. The Special Master further stated that on April 23, when SAG began their tests, they were unable to establish any communication with the OSM server, notwithstanding the fact that the server had been operational for the two weeks prior to April 23. The letter concluded: "It is my concern that someone at OSM shut down [the OSM server] less [than] 24 hours after it was identified by SAG. Kindly provide me with a list of all OSM employees who were made privy to SAG's efforts in this matter."

Gillett replied to the Special Master the same day. In his letter, Gillett informed the Special Master:

In response to your letter ..., the response is that all trusted points of contact mentioned in your letter deny telling any OSM employees about the testing. Additionally, I asked Hord Tipton [another Trusted Point of Contact] if he informed any OSM employees and he said "no."

I asked Roy Morrison of OSM about the status of the referenced server. He informed me (after making inquiries), that OSM experienced a "cable failure" on April 23, 2003.

I hope this reply is satisfactory.

The Special Master replied on May 6, 2003, informing Gillett that his response,

while helpful, does not fully answer the question. My concern is whether any OSM employees with access to [the OSM server], e.g.,, the system administrator and/or network engineer, was aware that the Special Master, or his agents, was scanning the server in issue. Kindly provide me with a list of employees with such access and let me know whether any were privy to efforts by my office to scan [the OSM server]....

Moreover, while I do not doubt your representation that OSM experienced a "cable failure" on April 23, 2003, I am concerned that this unidentified failure took place less than 24 hours after a test plan was submitted to you, DOJ and SAIC. Please clarify: (1) what type of "cable failure" was experienced by OSM on April 23, 2003; (2) whether OSM had experienced similar or identical failures prior to April 23, 2003 (and, if so, when); (3) how and when the failure was discovered; (4) who discovered the failure; (5) what tests, if any, were performed to determine that there was, in fact, a cable failure; and (6) what steps were taken to fix the failure.

On May 13, 2003, Sandra P. Spooner, the current lead defense counsel for the Interior Department, responded, in pertinent part, as follows:

Although your letter disavows any doubt about the truth of Mr. Gillett's representations, it seeks substantial additional information, including the names and positions of those with access] to the OSM server at issue, through which you apparently seek to investigate the truth of his statements or those of trusted points of contact.³

Your approach suggest [sic] that the protocols under which we are operating are not performing...