Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
The Courts United States Electronic Frontier Foundation Government Privacy Security Software Technology

Hacking Victim Can't Sue Foreign Government For Hacking Him On US Soil, Says Court (vice.com) 102

According to Motherboard, a court of appeals in Washington D.C. ruled that an American citizen can't sue the Ethiopian government for hacking into his computer and monitoring him with spyware. "The decision on Tuesday is a blow to anti-surveillance and digital rights activists who were hoping to establish an important precedent in a widely documented case of illegitimate government-sponsored hacking." From the report: In late 2012, the Ethiopian government allegedly hacked the victim, an Ethiopian-born man who goes by the pseudonym Kidane for fear for government reprisals. Ethiopian government spies from the Information Network Security Agency (INSA) allegedly used software known as FinSpy to break into Kidane's computer, and secretly record his Skype conversations and steal his emails. FinSpy was made by the infamous FinFisher, a company that has sold malware to several governments around the world, according to researchers at Citizen Lab, a digital watchdog group at the University of Toronto's Munk School of Global Affairs, who studied the malware that infected Kidane's computer. The U.S. Court of Appeals for the District of Columbia Circuit ruled that Kidane didn't have jurisdiction to sue the Ethiopian government in the United States. Kidane and his lawyers invoked an exception to the Foreign Sovereign Immunities Act (FSIA), which says foreign governments can be sued in the U.S. as long as the entire tort on which the lawsuit is based occurred on American soil. According to the court, however, the hacking in this case didn't occur entirely in the U.S. "Ethiopia's placement of the FinSpy virus on Kidane's computer, although completed in the United States when Kidane opened the infected email attachment, began outside the United States," the decision read. "[It] gives foreign governments carte blanche to do whatever they want to Americans in America so long as they do it by remote control," Nate Cardozo, a staff attorney at the Electronic Frontier Foundation, a digital rights group who represented Kidane in this first-of-its-kind lawsuit, told Motherboard.
This discussion has been archived. No new comments can be posted.

Hacking Victim Can't Sue Foreign Government For Hacking Him On US Soil, Says Court

Comments Filter:
  • by Anonymous Coward

    The CIA has been doing this for ages.

  • by Baron_Yam ( 643147 ) on Wednesday March 15, 2017 @08:09AM (#54042905)

    Look at what would happen if you shot an American on American soil from Canada or Mexico.

    Now get your lawmakers to apply that same logic to digital aggression and draft some new legislation for what happens if you commit a computer offence against someone across legal jurisdictions.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Nothing is stopping them from suing in Ethiopia. Or, in your case, in Canada or Mexico.
      Plus, this is about a citizen suing a foreign government, not another individual. Totally different laws.

      • Or, in your case, in Canada or Mexico.

        Of course nothing is stopping him from suing, except for the slight annoyance of being dead.

    • Look at what would happen if you shot an American on American soil from Canada or Mexico.

      Better, look at what would happen if a Mexican soldier shot an American on American soil.

      Hint: "Act of War" comes to mind, but "I'll sue, I'll sue!!" doesn't....

      • by Impy the Impiuos Imp ( 442658 ) on Wednesday March 15, 2017 @10:06AM (#54043533) Journal

        There's a case winding its way through courts right now where a US agent, inside one of these border airlock areas, controlled by the US but partially on Mexican soil, shot at a someone and the bullet accidentally killed a Mexican on the Mexican side inside. Can his estate sue the US?

        You'd be surprised what a mess the case is.

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          >accidentally (??!!??) I'm not sure you know what that word means,

          http://ct.fra.bz/ol/fz/sw/i57/5/10/9/frabz-you-keep-using-that-word-i-do-not-think-it-means-what-you-think--06b6e3.jpg

          The reason this is getting so much press is the boarder officer purposefully shot three times at the mexican juvenile, because he was mad the kid originally evaded him. The officer did not 'accidently' anything. He was hot under the collar, the kid ran away, and while hiding behind a cement pillar from the

      • But when an American shoots over the boarder and kills a mexican teenager the USA refuses to hand the person over for prosecution
    • What would happen if this case went ahead? Would the Ethiopian government send a representative to the trial? Probably not. Let's say then that they're convicted in-absentia. Now what? Do you arrest the Ethopian Ambassador next time he comes out of the embassy until he pays up the damages/fines? Is he/she responsible? Of course not. So do you jail him/her for non-payment? Do you expel them from the country? The actual government of Ethopia can quite reasonably state that they don't recognise the US courts,

      • by Anonymous Coward

        What would happen if this case went ahead? Would the Ethiopian government send a representative to the trial? Probably not. Let's say then that they're convicted in-absentia. Now what? Do you arrest the Ethopian Ambassador next time he comes out of the embassy until he pays up the damages/fines? Is he/she responsible? Of course not. So do you jail him/her for non-payment? Do you expel them from the country? The actual government of Ethopia can quite reasonably state that they don't recognise the US courts, and so unless the case is tried in Ethopia, no judgement stands. So exactly what would a case 'won' in the US actually do?

        I realise the law doesn't really concern itself with practicality, but you have to wonder what good it would do to allow this case to go ahead.

        Pass a law allowing those who've won lawsuits against foreign governments to garnish aid money.
        If your government harms our citizen, know that our citizen will be made whole before we aid your government.

      • You can seize fund help by the Ethiopian government in US banks or ones in countries we have treaties with that allow such judgments. Or more realistically you take it out of the pile of cash we send them in aid.

    • by Jaime2 ( 824950 ) on Wednesday March 15, 2017 @08:53AM (#54043141)

      It goes both ways. We are currently using the principle behind this law to shield drone pilots from repercussions. There's also this [cnn.com] case where the US says a border guard was within his rights to shoot a man in Mexico.

      Given what we have to lose, it's unlikely that the US government will change its position on this issue.

    • I doubt you'll see any real action in that regard since that would force them to deal with the rampant cybercrime (financial and other) coming from China, Russia, and Eastern Europe. With the exception of a few pin pricks here and there, that has been allowed to continue for years.

    • by Ranbot ( 2648297 ) on Wednesday March 15, 2017 @09:07AM (#54043221)

      There actually is a precedent allowing American citizens to sue other countries that support terrorism under the Foreign Sovereign Immunities Act of 1976, but I assume the court decided Ethiopia's hacking was not an act of terrorism.
      Wikipedia: https://en.wikipedia.org/wiki/... [wikipedia.org]
      Flatow v. Iran case details: http://www.leagle.com/decision... [leagle.com]

      I only point this out because the degree of legislation or judicial interpretation might be much less than people assume.

      If anyone is interested in the Flatow v. Iran case and it's aftermath NPR's Planet Money did a great podcast on it: http://www.npr.org/2017/01/12/... [npr.org] (I swear it's not left or right leaning story)

    • by Anonymous Coward

      Look at what would happen if you shot an American on American soil from Canada or Mexico.

      Obviously you sue them in Canada or Mexico, or request their extradition?

      But apparently some think that shouldn't happen absolutely anything.

      The Border Patrol argued through its agent’s union attorney, Sean Chapman, that Rodriguez had no right to sue in the United States because a Mexican national killed on Mexican soil is not entitled to protections of the U.S. Constitution.

    • You wouldn't be able to sue them in US Court.
    • Nah.

      Legislation is not appropriate.

      The word you're looking for is, "treaty."

      Legislation by America is one-sided and has no standing in jurisdictions of other sovereign countries.

      • Legislation is appropriate. Half the crime happened in the US. Or, to be more accurate, a crime happened in the US and (depending on the foreign nation) may also have happened elsewhere. Legally, separate crimes.

        Treaties come up once you've locked down the legislation component and you're worried about extradition.

        Then again, there should already be a law on the books to cover the US side of this issue. It's not like enough of this kind of thing hasn't happened within the country.

        • Moot.

          The United States can write legislation all it wants to, but without cooperation from the foreign government, it's legislative masturbation.

      • by sjames ( 1099 )

        It would have standing here in the U.S. where Ethiopia keeps a fair bit of money.

        • The attack came (allegedly) from the country of Ethiopia, not

          here in the U.S. where Ethiopia keeps a fair bit of money.

          • by sjames ( 1099 )

            It doesn't matter if the suit is allowed to take place in the U.S. where the courts have jurisdiction over the U.S. banks where the Ethiopian government keeps it's money. If the Ethiopian government loses, the courts can order the banks to transfer the award to the plaintiff.

    • by sit1963nz ( 934837 ) on Wednesday March 15, 2017 @03:29PM (#54046217)
      Or, as has actually been the case, an American shot and killed an unarmed Mexican teenager on Mexican soil and the US government has refused to extradite him for criminal prosecution in Mexico.

      US airforce pilot breaking the rules/laws in Italy while hot dogging hit and broke the cables for a gondola killing some people, the US very quickly returned the guilty parties to the USA and refused to extradite them to face criminal charges.

      Yet the USA is demanding Kim Dotcom be extradited to the USA when he (at the time) broke no New Zealand laws.
      • by dcw3 ( 649211 )

        No...

        Italian prosecutors wanted the four Marines to stand trial in Italy, but an Italian court recognized that North Atlantic Treaty Organization (NATO) treaties gave jurisdiction to U.S. military courts.

    • Look at what would happen if you shot an American on American soil from Canada or Mexico.

      The key word in the above sentence is "you". The basis on which the judge dismissed this claim is the Foreign Sovereign Immunities Act, which immunizes foreign governments from suits by Americans in U.S. courts except in cases where the complete tort occurred on U.S. soil. The key word there is governments. Private citizens can still be sued, so I don't recommend you personally shoot someone across the border unless you are doing so as a government agent. As other posters have pointed out, this kind of

    • > Look at what would happen if you shot an American on American soil from Canada or Mexico.

      Or how about a US Border Patrol agent killing a Mexican teenager on the other side of the border? He's been indicted http://www.npr.org/2015/10/09/... [npr.org]

      It's not the first such incident, but it is the first indictment. Shit like this may convince Mexico to build a border wall in self-defense.

  • by Anonymous Coward on Wednesday March 15, 2017 @08:10AM (#54042909)

    If the US wants spy on a US citizens computer, they contact the British Government, allow the British Government to hack and break in and collect all the data necessary.

    100% legal since the US government doesn't do it. But then the British Government hands all data over to the US agencies and parallel construction method is dreamt up.

    If they allowed this case for Ethiopia they would have to allow it for the British Government. Can't have that happening.....

    Captcha: poetic

    • by Anonymous Coward
      If the US tasks the Brits to do it, it's still illegal. If the Brits manage to scoop up the data based on their own independent collection plans and efforts, then it would be legal.

      But if a Jack Ryan at the CIA calls up MI6 and asks M to have 007 hack and spy on you and then turn the results over to Jack Ryan, 007 is acting as an agent of the US government and the collection of intelligence is illegal. If M tasks 007 to hack random US citizens looking for evidence of terrorist links that are a threat, or
      • by Anonymous Coward

        CIA: "MI6, please don't spy on Jack Ryan, he is not a person of interest."
        MI6: "Sounds pretty interesting to us."
        CIA: "Oh. I guess you can do whatever you want independently. We'll let you know the next time we have someone uninteresting for you to not spy on. Is there anyone in UK you want us to avoid spying on?"

      • by sjames ( 1099 )

        Call up MI6. "You don't happen to have any dirt randomly collected on AC, do you?", "Well should you totally at random happen to collect info on AC in the future, could you send it along? Thanks!".

        The law is for peons.

    • by AHuxley ( 892839 )
      Project MINARET https://en.wikipedia.org/wiki/... [wikipedia.org]
      "The GCHQ handed over intercepted data of Americans to the U.S. government."
    • On the one hand you're correct, it appears the British vacuum up whatever the NSA / FBI don't already of U.S. citizen communications etc. and then pass that information back to each other - that is their five eyes partnership, getting around any legal monitoring your own citizen laws (violating the spirit / intent of such laws though).

      However this just looks like the Judges are limited by the way the law was written that they are having to use - which says the whole thing has to happen on U.S. soil - w
      • A change in our legislation won't do it.

        We can write laws until we're blue in the face.

        The foreign, sovereign government can tell us to get fucked.

        It can, and does, work both ways.

        They protect their citizens from foreign laws just as we do.

        • by dcw3 ( 649211 )

          Except that there have been numerous cases of the U.S. seizing assets of foreign governments. They've done so with Iran, Russia, and others. Do you really think they'd be afraid to do so with Ethiopia?

          • ... they'd be afraid ...

            Hacking Victim Can't Sue Foreign Government For Hacking Him On US Soil, Says Court

            There is no "they," right?

            • by dcw3 ( 649211 )

              A change in our legislation won't do it.
              We can write laws until we're blue in the face.
              The foreign, sovereign government can tell us to get fucked.

              There is no "they," right?

              Doh

    • Re: (Score:2, Troll)

      by unixisc ( 2429386 )

      Actually, that's how the Obama administration may have spied on Trump Towers w/o involving any of the agencies that now report to Trump. They must have realized that had Trump won, all the secrets of their chicanery would have been there at his fingertips, enabling him to toss their sorry asses in jail. So they may have had UK's GSHQ to spy on Trump and report back directly to Obama or the Hilary campaign, keeping US Intel totally out of it so that they'd have credible deniability when Trump tweeted what

  • by Anonymous Coward

    The US government uses foreign governments to spy on US citizens, just because the US isn't allowed doesn't mean the NSA/CIA/FBI don't use foreign governments to do their work for them...
    People in the US are the most tracked people online by foreign countries, because many white extremists fund Islamic terrorism just because that is in their best interest (even though you're more likely to get killed by thunder than by a terrorist, about 100,000 people die of extremism each year ON THE WORLD!!! 56 million d

  • What if they allowed this, and then massive numbers of people sued the US government in their own courts

    • by ledow ( 319597 ) on Wednesday March 15, 2017 @08:39AM (#54043065) Homepage

      Exactly the reason they know they can't allow it.

      I - as an EU citizen - would be perfectly entitled to sure the US government if there was any hint they were accessing my data (e.g. Facebook, Microsoft, etc.) - as they have requested of a number of multinational tech companies.

      That would be a can of worms that they would not won't opened.

  • by fgouget ( 925644 ) on Wednesday March 15, 2017 @09:04AM (#54043193)

    According to the court, however, the hacking in this case didn't occur entirely in the U.S. "Ethiopia's placement of the FinSpy virus on Kidane's computer, although completed in the United States when Kidane opened the infected email attachment, began outside the United States,"

    So based on this decision a foreign government can also send letter bombs [wikipedia.org] to get rid of dissidents and be safe from lawsuits by any relatives since, in the words of the court, "although the bomb exploded in the United States when the recipient opened the booby trapped letter, the attack began outside the United States".

    So besides squashing this lawsuit will the US do anything?

    • Some years back the Chilean government murdered a guy they didn't like with a carbomb in Washington D.C. It somewhat annoyed the Reagan government but the perpetrators were released without charge. When governments break laws in other nations it tends to get sorted out with diplomatic shouting instead of anything related to the rule of law.
      • by dbIII ( 701233 )
        I was a bit incorrect - it was in 1976 and the FBI worked hard at tracking down people that other agencies appeared to already be aware of (operation condor). Eventually diplomatic deals were made and some people did a token amount of time for the crime.
  • Retarded Summary (Score:5, Insightful)

    by Notabadguy ( 961343 ) on Wednesday March 15, 2017 @09:05AM (#54043195)

    "Hacking Victim Can't Sue Foreign Government For Hacking Him On US Soil, Says Court "

    It SHOULD say "US Court Rules that it lacks jurisdiction to hear a lawsuit against a sovereign government by a private citizen."

    It didn't say that the hacking victim can't sue the Ethiopian government, just that he can't sue the Ethiopian government in U.S. Court. Sounds like the U.N. or the African Council of Nations, or another international body - someone that has any purview over the Ethiopian government would be the place to go.

    Otherwise, we'd have every-day, all-day long lawsuits of individuals against governments around the world - further clogging up our courts - with people expecting the U.S. to uphold their private agendas against other countries.

    • "we'd have every-day, all-day long lawsuits of individuals against governments around the world - further clogging up our courts - with people expecting the U.S. to uphold their private agendas against other countries."

      This make me think of copyright cases and private companies agenda. How american companies are crapping allover the planet with "blah blah you must follow american laws because of we say so" and american government backs them up. Hypocrisy and double standard.
      Another legitimate reason people

  • They are making RETALIATION HACKING legal very soon... Start Making Honeypot Systems, that do NOTHING but infect the systems that attack them. BAIT THEM OUT AND DESTROY THEM! (Soon to be Legal in your home town!)
  • "[It] gives foreign governments carte blanche to do whatever they want to Americans in America so long as they do it by remote control,"

    When a US citizen is meddling in the affairs of a foreign government, on their own soil, with their own people, the US government is stuck between a rock and a hard place. Whether or not to assist is no longer a matter of principle, but prudence. The court got it right because you cannot sit on US soil and remotely target a foreign government and then cry uncle when they re

  • No people should not be allowed to sue foreign governments for this type of attack. Its not a job for the courts. The Executive should treat attacking a US Citizen on our on soil and act of war however. This sort of thing out to trigger an immediate response, at the very least cessation of all foreign aide to the nation in question and a banking sanctions against the government.

    Send a strong and clear message this WONT be tolerated!

  • by account_deleted ( 4530225 ) on Wednesday March 15, 2017 @09:45AM (#54043425)
    Comment removed based on user account deletion
  • I suppose the prices for bribing a judge have gotten down to the level where even the skinnys can afford one. This makes no sense since they are pushing to make it legal for foreign governments to be able to sue US citizens for piracy and possibly other breaches of us law.
  • For a while lots of telemarketing scams were located in Texas. Multiple people around the U.S. had tried to sue them for fraud, but the Attorney General of the victim's state would say they had no jurisdiction, and the Texas AG would say that his mandate was to defend citizens of Texas.

    So as long as you made the call from Texas into another state, no one would take the case.

    Note that yes, there were clearly interstate commerce laws being broken, but no one would prosecute.

You can be replaced by this computer.

Working...