The Maine Judicial Branch has temporarily shut off online public access to most court documents, citing security concerns with the software it uses and saying the problem could take months to resolve.

The Harpswell Anchor learned about the loss of electronic access in November while using the state court’s online portal to view the latest filings in an ongoing legal dispute over Barleyfield Point, on Orr’s Island.

While the security concerns appear to be legitimate and have reportedly affected courts in multiple states, a leading advocate for government transparency in New England urged the Maine Judicial Branch to expedite its efforts to resolve the issue and restore online access to court records as soon as possible.

The Judicial Branch disabled online access to nearly all court documents on Sept. 15 after learning about security vulnerabilities with the software, known as Odyssey. The software was developed by Tyler Technologies, a Texas-based company that has major operations in Yarmouth.

“Tyler has announced that there are certain vulnerabilities with the 2018 version of Odyssey,” Judicial Branch spokesperson Barbara Cardone said in a phone interview. “The specific vulnerability has to do with the redaction of private information that cannot, by statute, be released to the public. We hope this vulnerability will be resolved with the later version of the Odyssey program.”

Users can still log into the Odyssey system, but most documents that were previously available are now marked as hidden, and users can only access general information about cases.

Advertisement

Cardone said court clerk’s offices will print case documents — at court buildings — at no charge for anyone who can’t access records through the Odyssey system until the issue is resolved. She added that members of the media can request to have online access reinstated for specific cases, with the presiding judge’s approval.

The security issue isn’t specific to Maine. A handful of other states that use the Tyler software, including Kansas and California, have similarly had to shut off electronic access temporarily while upgrading the software to resolve security issues.

Maine signed a contract with Tyler in 2016 to move its state court records online at a cost of $17 million over 10 years. The Odyssey portal was launched for a limited number of civil court records in early 2021. Access was later expanded to include other documents such as traffic citations and case filings in Maine Business and Consumer Court.

When functioning properly, the system allows members of the public to preview the first two pages of a court document for free or purchase the full document for $1 per page. A Tyler spokesperson referred questions about the temporary access suspension to the Judicial Branch.

Cardone said it could take “several months” to upgrade Maine’s online records system to a newer version of the Odyssey software that doesn’t have the security vulnerability. Kansas officials gave a similar response to the Kansas City Star newspaper in November. The federal Cybersecurity and Infrastructure Security Agency issued an alert on Nov. 30 about security vulnerabilities in web-based case and document management systems developed by Tyler and another software firm called Catalis, based in Georgia.

“CISA has assisted a researcher with coordinating the disclosure of multiple researcher-discovered vulnerabilities affecting web-based case and document management systems used by multiple state, county, and municipal courts,” the agency’s alert says. “Affected systems include products from Tyler Technologies and Catalis and custom software used by specific counties in Florida. In summary, the vulnerabilities allow an unauthenticated, remote attacker to access sensitive documents by manipulating identifiers and file names in URLs.” The technology news site TechCrunch reported on Nov. 30 that state court system software made by Tyler, Catalis and a third software firm, Ohio-based Henschen & Associates, had exposed “witness lists and testimony, mental health evaluations, detailed allegations of abuse and corporate trade secrets … to the open internet.” It said affected states included Florida, Georgia, Mississippi, Ohio and Tennessee.

Advertisement

California court officials reportedly became aware of security vulnerabilities with that state’s version of Tyler’s software more than 18 months ago and have since upgraded to a newer version, which appears to have taken about three months.

In February 2022, the State Bar of California, which licenses and regulates attorneys, announced it was taking “urgent action” to address a breach of sensitive court documents through its case and records management system.

“A public website that aggregates nationwide court case records was able to access and display limited case profile data on about 260,000 nonpublic State Bar attorney discipline case records, along with about 60,000 public State Bar court case records,” the California bar said in a news release. “The site also appears to display confidential court records from other jurisdictions.”

The state bar followed up soon after with a statement saying its researchers had found vulnerabilities with the Tyler system.

“It appears that a previously unknown security vulnerability in the Tyler Technologies Odyssey case management portal allowed the nonpublic records to be unintentionally swept up by (court records aggregator) judyrecords(.com) when they attempted to access the public records, using a unique access method,” it said. “The State Bar is working with Tyler Technologies, the maker of the Odyssey system, to remediate the security vulnerability, which we believe may not be unique to the State Bar’s implementation and could impact other users of Odyssey systems.” Tyler issued an update on the California situation in May 2022, saying “100% of potentially affected client Odyssey Portals have been remediated.”

“In the coming months, we will publish additional releases of Odyssey Portal that further ‘harden’ the application against undesired harvesting activity,” Tyler said in a news release. “In accordance with industry best practices, we consistently encourage our clients to stay up to date with the latest releases of our software to take advantage of both stability and security enhancements.”

Justin Silverman is executive director of the New England First Amendment Coalition, a Massachusetts-based nonprofit whose website says it “defends, promotes and expands public access to government and the work it does.”

Silverman said regardless of whether the Maine Judicial Branch had a legitimate reason to restrict online access to court documents, it should act quickly to resolve the security issue because the public has a right to access such information quickly and conveniently. He added that Tyler should share in that responsibility, since it developed the software.

“Several months is a very long time to be without this access,” Silverman said. “I have a lot of questions as far as the interaction between the state and Tyler regarding this issue, and whether or not several months (are) really necessary as far as waiting for this problem to get resolved.”

Comments are no longer available on this story