UNITED STATES DISTRICT COURT 
FOR THE DISTRICT OF COLUMBIA 
ELOUISE PEPION COBELL, et al., 
Plaintiffs, 
____________________________________
)
)
)
)
) 
v. 
GALE A. NORTON, et al., 
)) 
)
)
) 
Defendants. 
____________________________________) 
SURREPLY OF THE UNITED STATES IN OPPOSITION 
TO PLAINTIFFS' MOTION FOR AN ORDER TO SHOW CAUSE WHY 
THE DEPARTMENT OF THE INTERIOR, SECRETARY GALE NORTON, AND 
HER SENIOR MANAGERS AND COUNSEL SHOULD NOT BE HELD IN CIVIL 
AND CRIMINAL CONTEMPT FOR VIOLATING COURT ORDERS 
Plaintiffs' reply in support of their motion for an order to show cause ("Reply") includes 
comments on various reports prepared by information technology and security experts retained 
by the Special Master.1 Reply at 14 - 24. Plaintiffs did not rely upon the reports in their motion 
– indeed, they claim that they did not receive many of the reports until February 2, 2004.2 Reply 
at 14. Nor do Plaintiffs specify in their Reply how the reports support their contention that this 
Court should issue a show cause order. Nonetheless, because Plaintiffs now are seeking to rely 
upon the reports to support their motion and because Plaintiffs' comments are replete with errors, 
1 The experts retained by the Special Master were IBM, USinternetworking, Inc., and Security 
Assurance Group. 
2 A listing of the reports received by Plaintiffs and when they received such reports is included 
at Exhibit 3 of "Defendants' Comments On The Information Technology Security Reports Filed By The 
Special Master In Accordance With This Court's January 21, 2004 Order (As Modified On January 22, 
2004)," filed on February 12, 2004, and incorporated by reference herein. 
Civil Action No. 96-1285 (RCL) 
REDACTED PUBLIC VERSION
Defendants file this Surreply to correct the pertinent factual inaccuracies contained in Plaintiffs' 
Reply.3 
DISCUSSION 
Plaintiffs comment on reports pertaining to Information Technology ("IT") systems in 
three bureaus of Interior – Minerals Management Service ("MMS"), National Business Center 
("NBC"), and Bureau of Land Management ("BLM"). The MMS, NBC, and BLM IT systems 
were reconnected with the knowledge and approval of the Special Master because the security 
was deemed to protect adequately or sufficiently individual Indian trust data ("IITD") from 
unauthorized internet access. 
BLM INFORMATION TECHNOLOGY SYSTEMS A. 
In early 2003, after reconnection of BLM IT systems to the internet, the Security 
Assurance Group ("SAG") conducted penetration testing of a number of BLM subnetworks. 
Plaintiffs attempt to rely upon the report prepared by SAG to contend that the BLM IT systems 
are not secure. Reply at 22-24. As to the key point, however, about whether the system allows 
unauthorized access to IITD from the internet, the very paragraph cited by Plaintiffs stated that 
while 
3 Defendants have not attempted in this Surreply to identify all the errors in Plaintiffs' Reply 
with regard to these reports. A more complete discussion is included in Defendants' Comments. See 
note 2, supra. 
- 2 -
MMS INFORMATION TECHNOLOGY SYSTEMS B. 
MMS-Herndon 1. 
Plaintiffs assert that there is “no evidence that the Special Master granted approval for the 
Department and the Named Individuals to reconnect MMS-Herndon to the Internet.” Reply at 
16. Contemporaneous documents show that Plaintiffs' assertion is incorrect. In fact, Plaintiffs 
twice received notice that the Special Master had approved MMS-Herndon's reconnection to the 
internet. On November 4, 2002, Department of Justice counsel Glenn Gillett wrote to the 
Special Master, with a copy to the Plaintiffs, confirming that the Special Master had approved 
reconnection of the MMS-Herndon information technology systems. Exhibit 1, November 4, 
2002 letter. The Special Master’s Monthly Report for November 2002, which was filed with the 
Court with copies provided to the parties, also shows that the Special Master did approve the 
MMS Herndon proposal. Special Master Monthly Report November 2002, at ¶ III ("During the 
month, I approved Interior's request to reconnect the Herndon, Virginia Minerals Management 
Service site to the Internet."). 
MMS Denver 2. 
While acknowledging that the Special Master's expert, USi, recommended reconnecting 
MMS Denver, Plaintiffs claim the recommendation was suspect because of a putative conflict of 
interest. Reply at 17-18. Plaintiffs' attack upon the recommendation fails because their 
underlying assumption that USi was the contractor at the MMS Denver site is simply incorrect.4 
4 Plaintiffs' contention that "all external access to MMS IT Systems and Trust Data was effected 
through firewalls maintained by USi," Reply at 17 n.57, is based upon a misreading of Plaintiffs' Exhibit 
1 (December 21, 2001 letter from Department of Justice Attorney Sandra Spooner to Special Master 
Alan Balaran), Attachment "MMS Network and Application Security Layers" at 2. The attachment states 
that a 
Id. The MMS Data Warehouse is in Annapolis, Maryland, not Denver. See Plaintiffs' Exhibit 1, 
(continued...) 
- 3 -
The MMS Denver site is run by MMS with technical assistance from Accenture5 – not USi – and 
the Plaintiffs have not provided evidentiary support (nor can they say they are likely to find 
evidentiary support), see Fed. R. Civ. P. 11(b)(3), for their allegation that the MMS Denver IT 
system is run under contract by USi. 
Further, the MMS Preliminary Injunction Justification submitted on August 11, 2003 
discussed the security of the MMS IT system as of the date of its filing. MMS Preliminary 
Injunction Justification at 27-92. When this is viewed in conjunction with the monthly 
SANS/FBI Top 20 scanning of the Interior IT systems, there are reasonable assurances 
concerning whether IITD on the MMS IT system is secure. 
MMS New Orleans and MMS St. Louis 3. 
Plaintiffs complain that reconnection was permitted at MMS New Orleans subject to 
implementation of a remediation plan, and that there is no evidence that remediation was ever 
accomplished. Reply at 18–19. Contrary to Plaintiffs' assertions, they received notice on April 
2, 2002 of Interior's planned remediation in response to IBM's report. Exhibit 2, Letter of April 
2, 2002, from Department of Justice Attorney Sandra Spooner to Special Master Alan Balaran. 
Accordingly, Plaintiffs' complaints are unwarranted. 
Plaintiffs also attempt to denigrate the recommendation to reconnect MMS St. Louis 
because of the "self-interested evaluation" performed by IBM. Reply at 19 n.63. Plaintiffs' claim 
that the evaluation is suspect is based upon the mere fact that IBM was the contractor to Interior 
at the same site. Plaintiffs have identified no facts that indicate that IBM improperly 
4(...continued) 
Attachment at 1. 
5 See August 11, 2003 MMS Preliminary Injunction Justification at 87-88. 
- 4 -
recommended reconnection. Indeed, Plaintiffs rely upon IBM reports when they are critical of 
certain IT systems. See, e.g., Reply at 18 
; Reply at 19 
. The Plaintiffs cite no evidence of threats or intimidation directed toward 
IBM, and the facts show that IBM was not hesitant in making reports critical of Interior IT 
systems. 
MMS STRAC Sites 4. 
Citing comments made in a December 2, 2002 USi report on the MMS STRAC IT 
system, the Plaintiffs incorrectly assert that “no evidence has been provided” to the Plaintiffs or 
the Court that appropriate firewalls, IDS or effective monitoring have been implemented on the 
MMS STRAC IT systems. Reply at 20-21. Contrary to Plaintiffs' claims, however, USi later 
issued a report on March 18, 2003, concluding that 
Report at 3-4. Plaintiffs received notice that the Special Master 
had approved the "thin computing" plan through a letter from Department of Justice counsel 
Glenn Gillett to the Special Master that was copied to Plaintiffs' counsel. Exhibit 3, April 4, 
2003 letter. 
NBC INFORMATION TECHNOLOGY SYSTEMS C. 
Plaintiffs assert that there is “no evidence” that the weaknesses in the NBC Washington 
and NBC Denver IT systems have been rectified or that the IITD is secure. Reply at 22. 
However, the August 11, 2003 Preliminary Injunction Justification submitted by NBC does 
- 5 -
address NBC’s response to the vulnerabilities noted by the Special Master’s experts.6 Further, 
the SANS/FBI Top 20 reports authored by SAG analyzing the January 2003 and March 2003 
scan data are evidence that Interior has addressed the issue of vulnerabilities in the NBC IT 
systems. 
CONCLUSION 
Plaintiffs' selective reading of various reports to imply that Interior reconnected IT 
systems without notice to, or the assent of, the Special Master, or as a result of the Special 
Master's experts misleading him, lacks any factual support. More importantly, Plaintiffs have not 
specified why, since Plaintiffs did not object at the time to the Special Master's retention of IBM 
and USi, Defendants, Secretary Norton or any other individual should now be required to show 
cause for the fact that Interior reconnected IT systems with the knowledge and approval of the 
Special Master. Plaintiffs' motion should be denied. 
Respectfully submitted, 
ROBERT D. McCALLUM, JR. 
Associate Attorney General 
PETER D. KEISLER 
Assistant Attorney General 
STUART E. SCHIFFER 
Deputy Assistant Attorney General 
MICHAEL F. HERTZ 
Director 
/s/ Tracy L. Hilmer 
Dodge Wells 
D.C. Bar No. 425194 
6 NBC tracks all Special Master report findings and all but one weakness has been fully 
rectified. Preliminary Injunction Justification at 49 (the remaining weakness involved the need for an 
IDS at an NBC location and a software interim solution was approved by the Special Master's experts). 
- 6 -
Tracy L. Hilmer 
D.C. Bar No. 421219 
Attorneys 
Commercial Litigation Branch 
Civil Division 
P.O. Box 261 
Ben Franklin Station 
Washington, D.C. 20044 
(202) 307-0474 
February 13, 2004 DATED: 
- 7 -
CERTIFICATE OF SERVICE 
I hereby certify that, on February 13, 2004 the foregoing Surreply of the United States in 
Opposition to Plaintiffs' Motion for an Order to Show Cause Why the Department of the 
Interior, Secretary Gale Norton, and Her Senior Managers and Counsel Should Not Be Held in 
Civil and Criminal Contempt for Violating Court Orders - REDACTED PUBLIC VERSION was 
served by Electronic Case Filing, and on the following who is not registered for Electronic Case 
Filing, by facsimile: 
Earl Old Person (Pro se) 
Blackfeet Tribe 
P.O. Box 850 
Browning, MT 59417 
Fax (406) 338-7530 
/s/ Kevin P. Kingston 
Kevin P. Kingston