Democrats’ lawsuit a missed opportunity
The Democratic National Committee’s lawsuit against President Donald Trump, his presidential campaign, WikiLeaks and the Russian Federation had barely been filed before the first fundraising e-mail hit my inbox. The party was bragging about the litigation, how this bold stroke would fix Trump, fix what’s wrong with democracy, and put two apple pies in every garage.
But reading over the 66-page complaint, filed on Friday in federal district court in New York, one can hardly avoid being saddened at what might have been. The case could have provided the opportunity to resolve a vexing legal problem about liability for hacking. Instead, the DNC preferred a publicity stunt.
Although the complaint includes a handful of details that don’t seem to have been previously reported, it nevertheless reads less like a legal document than like a poorly sourced magazine story. The suit is unlikely to survive a motion to dismiss, in part because the tangled conspiracy theory it presents is not (to use law-speak) properly pleaded, and in part because much of the complaint’s substance consists of what lawyers call conclusory allegations.
Whether the theory that Trump colluded is true makes no difference; the theory doesn’t work as a lawsuit. But, as my inbox suggests, the point of the suit is not to win. It’s to stir up the base.
Which is too bad.
Because if you subtract the political defendants and consider only the lawsuit against Russia, the DNC could potentially be on to something both interesting and important. So far, no foreign government has been successfully sued for hacking US computers. But this time the evidence just might be strong enough to give a federal court jurisdiction.
The essential claim is that by hacking the DNC’s computers, Russia committed a trespass in the US. The problem, of course, is that Russia is generally protected by sovereign immunity. But the Foreign Sovereign Immunities Act includes an exception for torts committed on US soil. The idea that hacking falls within the exception has lately been raised in the law reviews but has yet to be tested successfully in court.
Consider, for example, an appealing 2015 article by Scott Gilmore of the Centre for Justice and Accountability. When a foreign government hacks a domestic US server, Gilmore writes, the actual hacker may be overseas, “but the act that proximately causes injury — the intrusion or interception — occurs here”. He draws an analogy to cases allowing suits against foreign governments when an assassination plan was hatched abroad and carried out on US soil.
But in a hack, does the intrusion really occur “here”? At this point things could get a bit metaphysical. Thoughtful people have long debated whether cyberspace actually possesses a “here” — a physical place where events occur. After all, it’s an invented word describing a virtual construct. As Lawrence Lessig of Harvard Law has pointed out, it’s hard to call cyberspace a place, given that you enter without going anywhere. Whether you’re texting a friend, reading the news or playing a game, you haven’t budged. But you’re still in a different world.
Russia might argue, then, that even hacking a server located within the US does not involve any physical presence. This isn’t like firing a missile. No tangible thing has left one country and entered another. Instead, the entire event has occurred in cyberspace, a place that exists but also doesn’t, a place that lies within no nation’s borders because it has no real-world presence. As I said: highly metaphysical.
Gilmore seeks to sidestep that conundrum: “By installing code on a hard drive located in the US, the foreign state has committed a form of trespass in US territory.” This seems plausible. After all, wherever cyberspace might be located, installing code involves changing the internal state of a machine. That’s arguably a physical act. In its cyberwarfare planning, the US Government takes an analogous view, considering that digital attacks on domestic targets are just like physical attacks. Following Lessig’s lead, the Department of Defence argues that software “blurs the line between the cyber and physical world”. In short, although the battle might take place within cyberspace, the effects occur outside of it.
Judging the cyberattack on the DNC by this standard, we can take two routes to show that it took place on domestic territory. In the first place, the Russia hack of the DNC (as well as the failed hack of the Republican National Committee) took place via a phishing e-mail purporting to be from Google, prompting the user to choose a new password. According to news reports, the hackers tried 30 times before someone at the DNC clicked on the bogus link and was fooled into turning over login credentials. That click took place somewhere on US soil.
In addition, the physical harm the DNC suffered — damage to its servers — took place within the US. According to the complaint, repair and remediation costs were more than $1 million. Of all the harms the DNC pleads in its lawsuit, this is the one that most plausibly and directly links the Russian Federation to an act that occurred on domestic soil. If the infiltration of the servers rather than the alleged conspiracy were the predicate for the entire lawsuit, we would now be exploring a vital new area of law that could greatly influence the future. Instead, the DNC preferred a publicity stunt.
Too bad: there’s so much to explore. Maybe a court wouldn’t buy the theory. Maybe the US Government would oppose jurisdiction, worried about being sued overseas for doing pretty much the same thing. Maybe the forensic evidence that the Russians did it would prove flimsier than we think. But whatever happened, we would be travelling through new and exciting areas of law, setting a precedent that will matter. Maybe after this DNC lawsuit is dismissed, the party will return to court with a serious suit to solve a serious problem.
• Stephen Carter is a Bloomberg View columnist. He is a professor of law at Yale University and was a clerk to US Supreme Court Justice Thurgood Marshall
Phoenix halts imports of foreign newspapers
Minibus driver: I did not provoke attack
Bermudian relives horror of Nairobi attack
Russell and Dutranoit break records
A ‘substantial’ change to Bermuda’s future
Kampf romps to fifth title on return
Visitor to run Bermuda Triangle for charity
Wear red on Monday to reject violence
PLP backtracks on ‘land grabs’
Tributes paid to RBR soldier killed in crash
Drink-driver falls off his bike twice
Social-media feud led to Steede murder
Children as young as 11 exposed to porn
Jetting into the island
Online opportunity beckons for retailers
Woman arrested after crash
Take Our Poll
- "Your new year's resolutions for 2019"
- Quit smoking
- Quit drinking/drink in moderation
- Do not drink and drive
- Lose weight
- Stop procrastinating
- Drive with greater care
- Total Votes: 2607
- Poll Archive