By Mark Lanterman
In July I had the honor of co-presenting with the Hon. Esther Salas, a federal judge from New Jersey, at the 8th Circuit Judicial Conference in Minneapolis.1 During her remarks Judge Salas gave the audience an update on the Daniel Anderl Judicial Security and Privacy Act.2 This past December, Congress passed the legislation, also known as Daniel’s Law—a pivotal moment in improving protections for the federal judicial community and their families. The law protects judges’ information from being sold on data broker websites, enables them to request that personally identifiable information be removed from federal government websites, and prevents businesses or individuals from publishing their personal information with “no legitimate news media or other public interest.”3
The law was named after Judge Salas’s own son. Tragically, in July 2020, an attorney posing as a FedEx driver killed Daniel in the family’s home while seeking to target Judge Salas. Judge Salas’s husband, attorney Mark Anderl, was also critically wounded. Leading up to the attack, the gunman had argued a case before Judge Salas and had repeatedly made hateful and misogynistic statements on his personal website.4 The murderer obtained her home address online and had planned other attacks.
The events suffered by Judge Salas and her family have also been experienced by other members of the judicial community. In 2005, federal judge Joan Lefkow returned home to discover that her husband and mother had been murdered in her home by a troubled litigant.5 In 2021, former Wisconsin judge John Roemer was killed by an individual who had had a case involving armed burglary and firearms charges before the judge over 15 years prior.6 With threats against judges and their families now commonplace, implementing protective measures is increasingly pressing. New York City Bar Association President Susan J. Kohlmann described the reality of the situation: “Over the past several years, threats and attacks against judges in the United States have increased in both number and intensity. Regrettably, we seem to be living in a culture where judges—and, in fact, all manner of public officials… are confronted with threats, intimidating behavior, and menacing rhetoric simply for doing their jobs. Indeed, death threats against public officials have become shockingly ordinary.”7 The internet enables individuals to locate the personal information necessary to carry out attacks and provides a public forum to voice threats. The Daniel Anderl Judicial Security and Privacy Act aims to give judges greater authority over their personal information online.
While most tend to agree with the commonsense approach put forward in this bill, others argue that the bill offers a false sense of security for those it protects. As a security expert, I often discuss the dangers of doxxing (“Doxxing redux: The trouble with opting out,” Dec. 2019 B&B) and the tough task of managing your online presence. Unfortunately, there are inherent limitations to how well an individual can erase themselves from the internet. But there is nonetheless value in security measures that seek to mitigate the risk of doxxing-related attacks. Just like seat belts or life vests, no one security measure is perfect in guaranteeing your safety. But I think most of us would agree that the possible benefits of simple security measures make them not only sensible but necessary.
Similarly, while the Daniel Anderl Judicial Security and Privacy Act cannot guarantee that a judge’s personal information will be unavailable everywhere, it is an important tool in limiting what information can be easily gathered about members of the judicial community and their families. As with other protections, such as those offered by the U.S. Marshals Service, the legislation is one very important piece of how threats against the judicial community can be anticipated and proactively managed. In addition to doxxing-related crime, judges are at risk of cybercrime more generally, including social engineering attacks.
While legislation like Daniel’s Law is effective in directly limiting the personal information about judges in the public domain, judicial officers remain especially vulnerable to social engineering. A criminal may go directly to the source, tricking a victim into providing personal information. These attacks are often made possible by some piece of information found online. For example, sharing details about upcoming travel to a legal conference on social media can open the door to a phishing (or smishing, or vishing) attack. Based on even one detail willingly provided in a post, cybercriminals can piggyback to even greater amounts of information. When posting, consider whether you would want to tell what you’re sharing directly to a threat actor. And importantly, this advice should extend to everyone within a family or household. Staying apprised of current threats (for example, those posed by criminal uses of ChatGPT) should also be prioritized as both a personal and professional security step. Social media monitoring services can be helpful in identifying and reporting potential threat actors.
As Judge Salas stated following the passing of Daniel’s Law this past year, “Judges, and their families, should not live in fear for doing the job they are sworn to do. As a nation and as a people, we cannot accept this. This legislation will make it harder for violent individuals to find judges’ addresses and other personal information online. By better protecting judges, the bill also helps safeguard the judicial independence guaranteed by the Constitution.”8 Protecting judges by appropriately accounting for the risks of our cyber landscape is critical to upholding the democratic right to a fair trial. Increased threats and intimidation toward the judiciary impede the judicial process for all. In Minnesota and throughout the United States, the safety of both federal and state judges ought to be everyone’s concern. While the Daniel Anderl Judicial Security and Privacy Act is undeniably a milestone in judicial security, this act is not the end of these efforts. Judge Salas, as well as every member of the judicial community, needs the support of our nation and its lawmakers.
Mark Lanterman is CTO of Computer Forensic Services. A former member of the U.S. Secret Service Electronic Crimes Taskforce, Mark has 28 years of security/forensic experience and has testified in over 2,000 matters. He is a member of the MN Lawyers Professional Responsibility Board.
Notes
1 Judge Salas and I co-presented on judicial security at the invitation of the Hon. Patrick J. Schiltz and the Hon. Lavenski R. Smith.
2 https://www.uscourts.gov/news/2022/12/16/congress-passes-daniel-anderl-judicial-security-and-privacy-act
3 Id.
4 https://www.cnn.com/2020/07/20/us/suspect-shooting-at-judge-salas-home/index.html
5 https://www.chicagotribune.com/opinion/commentary/ct-opinion-federal-judges-threats-lefkow-20201209-4vypwpafvfb35jy7x5tjkhlutm-story.html
6 https://www.cnn.com/2022/06/04/us/wisconsin-judge-killed-targeted-attack/index.html
7 https://www.nycbar.org/media-listing/media/detail/the-disturbing-trend-of-threats-and-violence-against-judges-and-the-vital-importance-of-judicial-security
8 Supra note 2.