Court: U.S. resident can't sue after foreign hack

Shutterstock image. Copyright  enzozo. 

The U.S. Court of Appeals for the District of Columbia Circuit told an Ethiopian-born U.S. citizen that he couldn't pursue legal action against the Ethiopian government for a malware attack.

According to the Electronic Frontier Foundation, the ruling is "extremely dangerous" for cybersecurity. In a March 14 statement, EFF said its client, identified only as "Mr. Kidane," a 30-year resident of the U.S., was targeted by a malware attack sponsored by the Ethiopian government between 2012 and 2013.

The privacy group said Kidane's home computer in Maryland was infected with keystroke-logging malware that captured his activity as well as Skype calls, sending the data back to a server controlled by the Ethiopian government.

Kidane, said EFF, was likely targeted because of his support for democratic reforms in Ethiopia.

According to the court ruling, Kidane sought asylum in the U.S. in the early 1990s. He has remained active in the Ethiopian community and maintained contacts among human-rights activists.

Traces of malware called FinSpy were found on Kidane's computer. The malware, according to EFF and the ruling, is a sophisticated spyware product that its maker claims is sold exclusively to governments and law enforcement.

The D.C. Circuit court's "stunningly dangerous decision," said EFF, said Kidane had no legal recourse because the plan to tap his computer was composed in Ethiopia, not in the U.S. the U.S. Foreign Services Immunities Act, said the court, would not let U.S. courts hear the case.

The court ruling said the Ethiopian government hasn't disputed the computer malware injection, but it has contested the jurisdiction of U.S. courts under the FSIA. It also said the individual who actually sent the malware was most likely in London.

Since the malware and the plan to implant it on Kidane's computer both lay outside U.S. borders, the court said it has no jurisdiction.

"The decision is extremely dangerous for cybersecurity," EFF said. "Under it, you have no recourse under law if a foreign government that hacks into your car and drives it off the road, targets you for a drone strike, or even sends a virus to your pacemaker, as long as the government planned the attack on foreign soil."

EFF said it is evaluating its options to challenge the ruling.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2021 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

Stay Connected