Federal Judge Refuses to Close OPM Email Server
The newly implemented system across the government enables the Office of Personnel Management to distribute emails to various agencies simultaneously.
WASHINGTON—A federal judge in Washington has refused to grant a temporary restraining order against the Office of Personnel Management (OPM) in relation to its adoption of new email servers that are utilized across the government.
This decision, made during a hearing on February 6, followed a class action lawsuit filed by two unnamed government employees, identified as Jane Doe 1 and 2, who claimed that the external servers were insecure.
Employees began noticing the new system after they received two test emails, accompanied by a memo indicating that they were authentic and not part of a phishing scheme.
The plaintiffs sought an injunction to “prevent OPM from collecting or storing any information regarding employees of the U.S. Executive Branch in this unverified email server or any associated systems until the required PIAs have been completed.”
However, prior to the hearing, OPM submitted the PIA on February 5, leading to the motion for a temporary restraining order being deemed “moot” or irrelevant.
Related Stories
The PIA references prior guidance from OPM indicating that a privacy assessment is unnecessary for “government-run websites, IT systems, or collections of information, unless they collect or maintain identifiable information about members of the public.”
During the hearing, Judge Randolph Daniel Moss of the D.C. District Court signaled early on that he would reject the request to shut down the servers, given that the complaint was based on a situation that had already been resolved.
“The relief that you sought is that I order them to [issue the PIA], and they’ve now done it,” he noted.
The plaintiffs’ attorneys adjusted their argument, contending that although the PIA had been filed, it did not adhere to acceptable standards.
Judge Moss dismissed this argument as well, stating it was not part of the initial motion. He also showed skepticism regarding the claim, indicating that the criteria for a PIA are “relatively minimal.”
Afterward, an attorney for the plaintiffs repeated the request for the restraining order, citing urgency.
“Every day that server remains operational increases the likelihood of a hack,” he argued.
However, the judge dismissed this assertion as “purely speculative.”
He encouraged the plaintiffs to submit a new motion, which they agreed to do by the end of business on February 7.
The defense will respond by February 11, with the next hearing scheduled for February 14 at 11 a.m.
