The security risks of the completely outdated computer programs used by thousands of employees at Berlin courts have been known to the judiciary for much longer than previously assumed.
This is suggested by reports from the years 2016 and 2017, which are exclusively available to the Tagesspiegel and some of which are classified as “Only for official use”. Specifically, the expert opinions are dedicated to the “Aulak” program, which is used to create pleadings and is to be at least partially replaced in the coming years.
As early as 2016, it was said that the program “necessarily leads to the use of operating system and software versions that have already been discontinued by the manufacturer and are no longer supported, as well as to an overly complex system environment”. The isolation of the “outdated Aulak environment” against attacks firstly means a disproportionate amount of effort and also puts a strain on the overall system stability, it said.
The latter was observed in the previous year. At that time there were several major disruptions, especially in the judiciary IT, which, according to experts from the Berlin IT service center, were due to Aulak. The replacement of the program was strongly recommended from a technical point of view for “sustainable stabilization and standardization of the system environment,” it said at the time.
As early as 2017, a report on Aulak, which was also available to the Tagesspiegel, came to the conclusion: “Please don’t wait any longer! Budget and support a comprehensive transformation program”.
Senator for Justice Lena Kreck (left) may soon have to find answers to the question of why the demands of experts, which have been repeated regularly over the years, have been ignored and why Aulak has been retained. On Monday, the legal policy spokesman for the CDU and FDP, Alexander J. Herrmann and Holger Krestel, were determined to request a special session of the legal committee. Both agreed that the date for the meeting had to be set before the summer break, which began at the end of June.
Both were annoyed that a week and a half ago, when asked in parliament, Kreck described a risk analysis on old and new computer programs used in the judiciary, published by the Tagesspiegel on Monday, as an “interim result” and withheld it from the MPs until last Wednesday. Herrmann spoke of a “scandalous event” and indirectly accused Kreck of having told Parliament untruths.
Herrmann explained that he himself had already requested access to the files on May 20, the request had so far remained unanswered. He now wants to determine “when Ms. Kreck was presented with this document” and described the administration’s handling of sensitive information as “completely unacceptable”.
Kreck, who only took office in December 2021 and therefore bears little responsibility for the years of failure of her predecessors, left the process to her spokeswoman on Monday. The risk analysis follows as an “interim report” on a forensic investigation after the successful hacker attack on the Supreme Court, a final report is “expected at the end of June or beginning of July this year,” said the spokeswoman.
Subsequent to this and “after careful evaluation of the reports”, the intention was to inform the legal committee about the further procedure and the accompanying measures that had already been taken, it said. Kreck himself said the paper was presented on May 20th, one day after the plenary session mentioned. The paper itself bears the date May 2nd and the addition “final”.