Cybersecurity fears raised over digital Magistrates’ Courts rollout

The planned digital transformation of the Magistrates’ Courts came under scrutiny a day after it was announced as a leading cybersecurity expert warned that the integrity of the justice system could be at risk without immediate and robust security measures.

Veteran IT and data protection consultant Steven Williams, executive director of Sunisle Technology Solutions, has questioned whether the modernisation of the country’s judicial infrastructure is overlooking critical cybersecurity safeguards.

Williams cautioned that the digitisation of court processes could result in mistrials, data breaches, and a further erosion of public trust if comprehensive risk assessments and regular audits are not implemented from the outset.

“Things like a mistrial can come out of that and that is the biggest thing,” Williams told Barbados TODAY. “Either party could be involved in a significant case, and your work is compromised not because of a misstep by an individual like a police officer who didn’t carry out their duties properly, but because the system was not scoped thoroughly in terms of cybersecurity.”

His comments followed Chief Justice Leslie Haynes’s announcement on Monday that Barbados will adopt a digital case management system to address inefficiencies in the magistracy. The Judicial Management Information System Barbados platform, part of a regional initiative developed with the non-profit National Centre for State Courts in the United States under the US State Department’s Caribbean Anti-Crime Programme, is intended to replace outdated manual processes with technology-driven operations. Barbados is the third country in the region to implement the system after Trinidad and Tobago and Guyana.

Williams, who previously advised the government’s Law Review Commission on cybercrime legislation, insisted that security must be prioritised. “The question would then be, does the new case management system lend itself to vulnerability to the point where a mistrial could happen, because the system was corrupt on a specific day?” he asked. “Has a cybersecurity risk assessment been done?”

Several high-profile data breaches in the past year included incidents at the Barbados Revenue Authority, the Queen Elizabeth Hospital and the Barbados Statistical Service. Williams warned that an inadequately secured system could lead to operational delays and significant legal consequences.

“In the worst-case scenario, what type of information does the case management system expect from stakeholders like lawyers?” he said. “Are you going to put sensitive information in here pertaining to the case, [that if it gets into the public], compromises my client, whether it be the defendant or the plaintiff? Can it harm justice to the extent that it is not dispensed fairly?”

Williams also highlighted a gap in data protection, noting that the judiciary is exempt from the Data Protection Act’s privacy provisions. “There’s no cover for people’s rights once their case is lodged into the judicial system. Lawyers, however, are still bound by the Data Protection Act, but once they submit a case, there’s no guarantee that the information remains protected within the judicial system,” he explained. He advised lawyers to carefully consider what sensitive information is necessary to file, given the lack of data protection once it enters the judicial process.

While supporting the need to modernise the justice system, Williams acknowledged a critical trust gap between the government and the public regarding the safeguarding of sensitive data.

“In all fairness to the government, you cannot run a government and a justice system in fear, because then you would never have advancement,” he said. “The backlog is causing a concern and all the other things that go with having a justice case management system is needed . . . But what is needed now is more independent review of certain processes . . .

“I think Barbadians are so in fear right now that they want perfection. Because it isn’t that the government made little booboos, the government really screwed up.”

Williams urged the government to engage third-party experts for independent reviews and audits of the proposed system.

“If the government puts itself in this position by being negligent in how they protect systems in the past, then it’s on the government to contract third parties as part of the transformation process to add a level of attestation to the system they put in place,” he said.

He recommended a two-phase approach: first, identifying potential risks and recommending solutions; second, having an independent party validate the system’s implementation and ensure it meets acceptable security standards.

While acknowledging that no system is entirely impenetrable, Williams stressed that cybersecurity is an ongoing process.

“You are living in a world of imperfection when it comes to technology. It’s an ongoing process of iteration and development,” he said. “Once a system is in place, continuous risk assessment is needed, and there must be regular audits to ensure its integrity.”

sheriabrathwaite@barbadostoday.bb