By Nate Cardozo
The United States Court of Appeals for the District of Columbia Circuit today held that foreign governments are free to spy on, injure, or even kill Americans in their own homes–so long as they do so by remote control. The decision comes in a case called Kidane v. Ethiopia, which we filed in February 2014.
Our client, who goes by the pseudonym Mr. Kidane, is a U.S. citizen who was born in Ethiopia and has lived here for over 30 years. In 2012 through 2013, his family home computer was attacked by malware that captured and then sent his every keystroke and Skype call to a server controlled by the Ethiopian government, likely in response to his political activity in favor of democratic reforms in Ethiopia. In a stunningly dangerous decision today, the D.C. Circuit ruled that Mr. Kidane had no legal remedy against Ethiopia for this attack, despite the fact that he was wiretapped at home in Maryland. The court held that, because the Ethiopian government hatched its plan in Ethiopia and its agents launched the attack that occurred in Maryland from outside the U.S., a law called the Foreign Sovereign Immunities Act (FSIA) prevented U.S. courts from even hearing the case.
The decision is extremely dangerous for cybersecurity. Under it, you have no recourse under law if a foreign government that hacks into your car and drives it off the road, targets you for a drone strike, or even sends a virus to your pacemaker, as long as the government planned the attack on foreign soil. It flies in the face of the idea that Americans should always be safe in their homes, and that safety should continue even if they speak out against foreign government activity abroad.
Factual background
The spyware then reported everything it captured back to a command and control server in Ethiopia, owned and controlled by the Ethiopian government. The infection was active from October 2012 through March 2013, and was stopped just days after researchers at the University of Toronto’s Citizen Lab released a report exposing Ethiopia’s use of FinSpy. The report specifically referenced the very IP address of the Ethiopian government server responsible for the command and control of the spyware on Mr. Kidane’s laptop.
We strenuously disagree with the D.C. Circuit’s opinion in this case. Foreign governments should not be immune from suit for injuring Americans in their own homes and Americans should be as safe from remote controlled, malware, or robot attacks as they are from human agents. The FSIA does not require the courts to close their doors to Americans who are attacked, and the court’s strained reading of the law is just wrong. Worse still, according to the court, so long as the foreign government formed even the smallest bit of its tortious intent abroad, it’s immune from suit. We are evaluating our options for challenging this ruling.
RFID Scan Blockers – Available for Free (Ad)
Nate Cardozo writes for the Electronic Frontier Foundation, where this article first appeared.
I hope you appeal this ruling for the sake of all US citizens.. The Constitution States the our governments job is to keep its a safe from threats foreign a domrstic. Does this ruling make an exception for the US Presidents? What about their kids? Very Dangerous presidence.
What could go wrong? It’s not like the tyrants and thieves running america would ever pay a foreign government to violate us for their own personal and political gain.
Why would the courts want this?
Globalists push their minions into the Federal judiciary to make America as vulnerable as possible.
They’re everywhere else, why not the judiciary???
The court is simply recognizing that its jurisdiction does not extend to the actions of foreign countries. If they were to say that such activity was actionable then the same actions by the American government in foreign countries would also be actionable and their court calendars would be clogged for decades, with suits brought by foreign individuals harmed by American surveillance and CIA activities.