A federal court has granted a preliminary injunction that would require the Department of the Interior to improve its computer security to better safeguard Individual Indian Trust Data (IITD) in its custody. Until it does so, Interior has to disconnect its systems. Meanwhile, the court will effectively run the agency’s IT systems that contain IITD information. (Cobell v. Norton, U.S.D.C.D.C. CA No. 96-1285, October 20, 2005)
Plaintiff’s motion for a preliminary injunction and the government’s opposition resulted in a 59-day hearing before Judge Royce Lamberth. He came down on the side of the plaintiff in a 205 page decision.
Pointing out that this is not the first time the court has had to address deficiencies in Interior’s “numerous and complicated IT systems,” the judge ordered the agency to disconnect its systems from the Internet and any intranet. He gave them 20 days to notify the court of any systems that the agency maintains do not contain IITD information and that therefore should be omitted from his order.
In order to carry out transactions involving the Trust Data, the order permits the agency to “reconnect” the systems at specified times not to exceed five business days per month. Each time it seeks to “reconnect,” the agency will have to so notify the court and the Plaintiffs’ counsel. Finally, once the agency deems it has developed sufficient IT security to permit it to “reconnect” a system permanently, it will have to receive an order from the court.