Here are four ideas:

1. The judiciary should be transparent about what transpired and its response. Details about two prior CM/ECF hacks, in 2020 and 2021 (approx.), were long buried before any real information came out. The AO sent out a release about the former on the Jan. 6, and the latter was divulged during a 2022 House Judiciary hearing not on A3 but on DOJ. I get it; the federal courts system is diffuse. But the 200-plus courts that comprise it should be proactive about protecting sensitive data, and the AO should be telling the public what each court is doing, both to prevent a re-re-repeat and to ensure that public access isn’t being unnecessarily restricted.

2. The AO should check that the new filing rules are being followed. “We have approximately 100 audits that go on every year,” AO Director Conrad told House appropriators in May when asked why there’s no AO IG. Not a great answer, but even so, audit no. 101 should, within the next six months, assess whether the updated requirements for filing documents concerning international criminal activity — what appears to have been a target of the latest hack — are being followed by each court.

3. Congress should hold a hearing or two on the breach. Seems perfect for Sen. Cruz’s and/or Rep. Issa’s Courts Subcommittee.

4. Congress should redouble its efforts to finish drafting and pass the Open Courts Act. Moving from an old, leaky system to a new, more secure single system via Ship-of-Theseus approach, as the bill envisions, is the way to go. (Why a single system? Politico last night: “Though CM/ECF is overseen by the [AO], individual federal courts run it on their own servers and have substantial autonomy over how they manage it.”)

For more, see this Free Law Project post from 2021.