In concluding that the Foreign Sovereign Immunities Act (FISA) exception for non-commercial torts does not abrogate sovereign immunity where the claimed espionage did not occur entirely in the United States, the US Court of Appeals for the District of Columbia Circuit affirmed the dismissal of a US citizen’s Wiretap Act and state-law claims against Ethiopia’s alleged digital espionage. John Doe aka Kidane v. Ethiopia, Case No. 16-7081 (DC Cir., Mar. 14, 2017) (Henderson, J). 

Plaintiff John Doe—proceeding pseudonymously as “Kidane”—obtained asylum from Ethiopia in the early 1990s. He is now a US citizen living in Maryland and has remained active in the Ethiopian community to raise awareness of corruption and human rights issues in Ethiopia. In late 2012 or early 2013, Kidane received an email originally sent by or on behalf of Ethiopia from an individual allegedly located in London. The email included an attachment that, once opened, allegedly infected Kidane’s computer with a “clandestine . . . program[] known as FinSpy.” According to the complaint, FinSpy is “a system for monitoring and gathering information from electronic devices, including computers and mobile phones, without the knowledge of the device’s user” and is “sold exclusively to government agencies.” FinSpy “began . . . recording some, if not all, of the activities undertaken by users of the computer,” whether by Kidane or his family members, then allegedly communicated with a server in Ethiopia.

Kidane filed suit under the Wiretap Act, 18 USC §§ 2510 et seq., which prohibits “any person [from] intentionally intercept[ing] . . . any wire, oral, or electronic communication[,]” as well as under Maryland’s common law tort of intrusion upon seclusion. The district court dismissed the lawsuit, concluding that the Wiretap Act could not be enforced via private lawsuit against a foreign government, and that there was no subject matter jurisdiction for the state-law claim. Kidane appealed. 

FISA’s non-commercial tort exception abrogates immunity from actions involving “personal injury or death, or damage to or loss of property, occurring in the United States and caused by the tortious act or omission of [a] foreign state or of any official or employee of that foreign state while acting within the scope of his office or employment[.]” According to DC Circuit precedent (Jerez), the “entire tort—including not only the injury but also the act precipitating that injury—must occur in the United States.”

The DC Circuit distinguished Liu (assassination in California at a Taiwanese admiral’s direction) and Letelier (Chilean agents detonated a car bomb in Washington, DC), which, unlike the present case, involved tortious actions occurring in the United States without reference to any action undertaken abroad. Distinguishing the facts in Liu and Letelier, the Court found that Ethiopia’s digital espionage could not have violated Maryland law or the Wiretap Act without “an intent to spy.” In other words, since both laws require the intentional intrusion and interception of wire, oral or electronic communications, the intent must also occur in the United States. As the Court noted, the intent to spy—an integral aspect of the final tort—lay solely abroad. Even though completed in the United States when Kidane opened the infected email attachment, “the tortious intent aimed at Kidane plainly lay abroad and the tortious acts of computer programming likewise occurred abroad,” precluding a finding that the entirety of the tort occurred in the United States.

Practice Note: The DC Circuit’s strict assessment of FISA and its exceptions may leave citizens without recourse against foreign state-sponsored digital espionage in certain situations. Indeed, the Court seems to suggest that as long as the foreign government formed its tortious intent abroad, it may be immune from suit even though the wiretap occurred in the United States against a US citizen.