Law in the Internet Society

View   r1
JohnJMartin93SecondEssay 1 - 20 Nov 2020 - Main.JohnJMartin93
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="SecondEssay"

Suing Foreign-State Surveillants

-- By JohnJMartin93 - 20 Nov 2020

Introduction

With smartphone usage becoming increasingly ubiquitous, states are wasting no time taking advantage of the endless possibilities for surveillance that arise when everyone is walking around with tiny computers in their pocket. There are many ex ante solutions to this problem, none of which will be the focus of this Essay; rather, this Essay centers on how U.S. citizens could obtain legal redress against a foreign state once it has already begun to conduct targeted surveillance. The road to obtaining such redress is bumpy, as the only way to sue a foreign state in U.S. courts is through one of the limited exceptions to the Foreign Sovereign Immunities Act (FSIA). Ultimately, for a U.S. citizen suing a foreign-state surveillant to overcome the barrier of sovereign immunity, their best options are to either lobby for a cyberattack exception to the FSIA or charter the unnavigated territory of the FSIA’s most recently passed exception: the Justice Against Sponsors of Terrorism Act (JASTA).

The Threat of State Surveillance

State-sponsored cyberattacks are on the rise, and this trend includes states infecting individuals’ devices with spyware to monitor their activities. In 2016, for instance, the Ethiopian government infected the computer of a political dissident who emigrated from Ethiopia—going by the pseudonym “Kidane”—with FinSpy? spyware. The Ethiopian government tracked Kidane’s online communications for months, and Kidane, with help from attorneys at EFF, decided to fight back by suing the Ethiopian government in federal court. Kidane’s story is not unique, and there will undoubtedly be many more U.S. citizens in the future seeking legal redress against foreign states after discovering that they have been surveilled by said states through their electronic devices. Kidane, nevertheless, eventually lost his case, unable to convince the D.C. Circuit that the noncommercial tort exception to the FSIA could be applied to strip Ethiopia of its sovereign immunity. As the next section discusses, Kidane’s loss demonstrates that future victims of foreign-state surveillance must look beyond the noncommercial tort exception.

The Noncommercial Tort Exception: Tried and Failed

The FSIA is the “sole basis” for obtaining jurisdiction over foreign states in U.S. courts, and thus to overcome the barrier of foreign sovereign immunity a plaintiff must satisfy one of the FSIA’s ten exceptions. Most exceptions are irrelevant in cases involving spyware infection (e.g., commercial activity, waiver, maritime liens). There is, however, the noncommercial tort exception, under which one may sue a foreign state for an injury that occurred “in the United States … caused by [a foreign state’s] tortious act or omission.” Given the exception’s seemingly broad nature, plaintiffs in state-sponsored cyberattack cases, including Kidane as well as the DNC in its lawsuit against Russia, have turned to the noncommercial tort exception to obtain jurisdiction over the state they were suing.

This tactic, nevertheless, has been consistently rejected by courts ever since the D.C. Circuit ruled against Kidane in his lawsuit against Ethiopia. As the D.C. Circuit explains, for the noncommercial tort exception to apply, the “entire tort” must occur in the United States. And in cases in which foreign states are infecting U.S. citizens’ devices with spyware, the “tortious acts of computer programming” typically occur on foreign soil. Consequently, the D.C. Circuit held that Kidane could not overcome Ethiopia’s foreign sovereign immunity. While some commentators have tried to convince other circuits to apply a less stringent standard, district courts within the Second and Ninth Circuits have since applied the “entire tort” rule in cyberattack cases. Thus, for victims of foreign-state surveillance, the key to prevailing in a lawsuit against a foreign state must likely be found elsewhere.

Two Possible Solutions

Victims of foreign-state surveillance have at least two options to obtain jurisdiction in future cases. First, they could look to other FSIA exceptions beyond the noncommercial tort one; however, the only remaining exception with any possible relevance would be the JASTA exception. Second, they could lobby to Congress to amend the FSIA to include a cyberattack exception.

The JASTA Exception

In 2016, Congress passed JASTA, the latest exception to the FSIA. While Congress passed JASTA with the exclusive intention of allowing families of 9/11 victims to sue Saudi Arabia, what Congress truly created was a rather broad exception. The JASTA exception contains two prongs: a tortious act, and an act of international terrorism. Unlike the noncommercial tort exception, JASTA’s tortious act requirement contains no geographical limits; the tortious act need not take place entirely in the United States. Accordingly, Kidane would not be constrained by the “entire tort” rule if he were to sue under the JASTA exception. Of course, the question then becomes whether the surveillance can be defined as “international terrorism,” which requires an “act dangerous to human life.” While this question would have to be litigated in court, the JASTA exception at the very least provides a stronger, already existing basis for overcoming foreign sovereign immunity than any other FSIA exception.

A Cyberattack Exception

Multiple critics of the D.C. Circuit’s “entire tort” rule have called for a cyberattack exception to the FSIA. Such an exception would presumably create the most straightforward path for individuals like Kidane to sue foreign-state surveillants. There are, however, obstacles to note. For one, it took seven years to pass JASTA, which had overwhelming bipartisan support, meaning the wait for a cyberattack exception could be lengthy. Moreover, in the wake of the DNC’s failed lawsuit against Russia, such an exception could be perceived by Republicans as a Democratic ploy. Nevertheless, a cyberattack exception might be the only hope for many looking to sue foreign states surveilling them, and therefore is legislation worth pursuing.

Conclusion

Perhaps the best solution to state-sponsored surveillance would be for us to stop using devices that surveil us. However, many Americans have already suffered from the practice, and have thus far been unable to obtain at least some sense of redress in court. The JASTA exception, as well as a potential cyberattack exception, could provide such individuals jurisdiction over their foreign-state surveillants.


Revision 1r1 - 20 Nov 2020 - 22:51:24 - JohnJMartin93
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM