C. Forensic IT information.
It is unlikely that the public disclosure was caused by a hack of the Court’s IT systems. The Court’s IT department did not find any indications of a hack but continues to monitor and audit the system for any indicators of compromise or intrusion into the Court’s IT infrastructure. The investigators have likewise not uncovered any evidence that an employee with elevated IT access privileges accessed or moved the draft opinion.
The investigative team obtained forensic information from the Court’s IT systems in order to identify individuals of interest to the investigation, and to furnish the basis for questioning of employees. In several cases, such forensic information caused investigators to hold multiple interviews with certain employees. The investigative team reviewed the operating system event logs and other logging for artifacts relevant to the draft majority opinion. One initial focus of that review was to determine whether the draft opinion had been moved electronically from the Court’s IT system prior to the Politico publication. They found that certain employees emailed the draft document to other employees, with approval. There was no evidence discovered that anyone emailed the draft opinion to anyone else, although technical limitations in the Court’s computer recordkeeping at the time made it impossible to rule out this possibility entirely.
10
