In May of this year, the Supreme Court of Brazil issued a notice to evaluate and improve its process distribution algorithm. This system is responsible for assigning, through a lottery, the causes to the ministers who will be its rapporteurs. This post discusses some of the issues involving transparency and security in the use of algorithms for the distribution of cases by the Judiciary.
The distribution of processes and algorithms
One of the foundations of the Democratic Rule of Law is the expectation that the judges will be independent and impartial in relation to the cases they judge.
To judge a particular case, the magistrate must have objective competence (previously assigned by law) and subjective capacity (absence of personal ties with the parties and of interest in the outcomes of the proceedings). These conditions are guaranteed by principles such as those of the natural judge (article 5 of the Constitution, paragraphs XXXVII and LIII) and of impartiality (guaranteed in the hypotheses of suspicion and impediment of the Civil Procedure Code).
It is therefore forbidden for the parties to decide on the judge of the case, and for the magistrates to decide on which cases they will exercise judgment.
In the distribution of a new legal action, it is initially verified if there is any special condition that demands its attribution to a specific judge. This occurs, for example, when the action is legally connected to a cause that has already been assigned to a certain judge (rule of jurisdiction by prevention). If there is no special condition, the distribution must occur in an alternating and random manner, and can be done electronically (article 285 of the CPC, caput).
As Professor Dennys Antoniali warned in an interview to the Caixa-Preta podcast, not only the Supreme Court, but most of the state courts in Brazil hold the lottery electronically. Many of these algorithms are closed source, which means, in general, that the source code that controls their functioning is not publicly available.
This raises several questions concerning the operation of these systems. What criteria are considered by the algorithm? How can we be sure that assignment is, in fact, random and alternating? Who has access to the code and who executes it?
Between opacity and demand for transparency
Before launching a public call to evaluate its system, the Supreme Court ignored and denied requests made through the Brazilian Access to Information Act to access the source code of the algorithm, claiming there is no “normative forecast” for such requests. The Superior Court of Justice (Superior Tribunal de Justiça) has also stated that “in order to mitigate the risks of attacks on the code in question, due to the criticality and sensitivity of the procedural operation, the STJ reserves the right not to disclose it.”
Problems arise from this opacity, because in processes of great social importance, as the actions judged in such courts often are, the definition of the minister-rapporteur greatly influences the progress of the process. It is well known that some ministers have openly declared positions on certain topics, and also personal ties with people who may eventually be a party to actions that the court will judge.
The quality of procedural distribution is therefore related to the integrity of due process of law. For this reason, it has particular democratic relevance.
In addition, the recommendation to open the code is supported by law n. 11.419 / 2006 (article 14, caput), which foresees the preferential use of open source software in systems developed by the Judiciary. It is also emphasized that there are no competitive incentives for non-disclosure of the code, as in proprietary software. Finally, there is the fact that such algorithms are developed and maintained with public funds, which would further support the legitimacy of their disclosure.
The problem of security through obscurity
In a debate of such importance technical information security arguments should also be considered. Although disclosure is not always the best security option, open source systems have some specificity over closed source systems. They can, for example, be audited by researchers, which facilitates the identification of vulnerabilities, bugs and distortions in relation to their intended operation.
In addition, it can not be assumed that the concealment of the code is in itself an effective protection against cyber attacks. Attackers without access to the system, but with sufficient technical knowledge, are often able to identify exploitable vulnerabilities in closed source systems. Besides, it is common for successful attacks to be carried out by people with access to the system, such as dissatisfied employees, for example.
If the presumed attacker’s ignorance regarding the system is the sole or the main resource for ensuring security, this is called (usually in a criticizing manner) security through obscurity. Professor Vinicius Serafim exemplifies this concept with the following situation: One leaves their house and leaves the door unlocked, assuming that the lack of knowledge of third parties regarding the condition of the door and regarding that person’s belongings will suffice as protection.
When obscurity is articulated to solid security measures, it can play an important protective role. In completely closed systems, however, society can not know what measures are employed.
Process distribution algorithms are developed and operated by public bodies. These systems have special democratic and social relevance, as their reliability is related to credibility and trust in the Judiciary. The defense of the disclosure of its source codes finds support in arguments of political, legal and technical nature. It is therefore a matter of transparency, security and democracy.
In this sense, there are ongoing initiatives seeking to achieve such disclosure. Bill n. 8503/2017 by Mr Edmilson Rodrigues (PSOL/PA), for example, aims to amend the Access to Information Act in order to, among other things, make it mandatory to open source codes for these algorithms. The very evaluation convened by the Supreme Court was a positive step in this direction. We should now expect for other organs to follow the same path towards greater openness in relations between the Judiciary, civil society and technology.
Did you enjoy the post about process distribution algorithms? Now understand better the relations of the Judiciary with the new technologies in our post on the subject.