Judges at risk: court security flaws

Serious security flaws have been discovered inside the Federal Court, including two instances where former staff still had access to judges' personal hard drives.

Confidential internal reviews obtained by the Herald noted that most of the 43 judges at the court felt they were ''not adequately protected by the level of federal police involvement at the court''.

The documents, released under freedom-of-information laws, offer a rare insight into the court, which is run and managed by the judges under the Chief Justice, Patrick Keane.

In an IT review, auditors found two incidents where the access rights of former chambers staff had not been terminated after they had left the court's employ.

The most urgent internal concern raised during the past five years was lax information security, particularly for sensitive draft judgments. Too many people have been allowed electronic access to directories containing the drafts and there are potentially hundreds of excess building access swipe cards in circulation.

This was dangerous because the court routinely dealt with ''significant matters'' where ''premature disclosure could move share prices, or would at least involve significant reputation risk for the … court system in general'', one audit noted.

The Federal Court opened in 1977 and hears civil matters under Commonwealth jurisdiction concerning tax, intellectual property and anti-competitive trade practices. Sydney is its biggest registry.

In a review from 2010 the court was warned it lacked a physical security plan, which meant it could not ensure ''it adequately … safeguards staff, judges and members of the public''.

Security officers were not attending available training, and there was no formal policy on supplying swipe cards, of which 700 were issued. Some gave access to the area of the judges' chambers.

A later review found one of three doors from a conference room used for after-hours functions that led to the judges' chambers did not require an access card, and more than 200 such cards gave entry to a secure data centre. Many were generic cards issued to contractors.

In one document an unnamed judge raised his colleagues' opinion that the federal police - not a private company - should provide security. This week, the court's spokesman, Bruce Phillips, confirmed this was still the position.

''The Federal Court believes the provision of building security through private security contractors as very much second best, particularly as only limited powers are available to private security guards working in court buildings,'' he said. Wilson Security's most recent publicly reported contract was worth $5.7 million for the year to July.

Another area of concern has been the court's inadequate financial management. Not only have thousands of dollars in fees been waived inappropriately or without proper evidence, but court officers have exercised poor control over millions of dollars held in trust by the court while litigation is waged to determine the rightful owner. In some cases, according to a review completed in June, junior registry staff have been choosing bank accounts in which to deposit millions of dollars of other people's money on the basis of their proximity to the court.

''There appears to be no qualified analysis made on which account is best for the particular investment (which are often material in nature, more than $20 million), with recommendations being made by junior accounting staff,'' the audit found.

In one case in Victoria, the same registry employee selected the bank for the investment, organised the account and reconciled the statements. That person also raised the final cheque to the recipient of the court order. The auditors, O'Connor Marsden, warned against such a ''lack of segregation''.

This was particularly dangerous because the court was still using cheques for extraordinarily large sums of money. Only two signatures were required, which ''could be easily forged allowing significant fraudulent payments'', for the court to raise bank cheques for as much as $12 million and which were ''frequently posted through Australia Post''.

Do you know more? investigations@smh.com.au

Smartphone
Tablet - Narrow
Tablet - Wide
Desktop