Since 2014, the Electronic Frontier Foundation has been representing "Mr Kidane," an Ethiopian-born US citizen whose computer the Ethiopian government hacked while he was living in DC, in order to extract the identities of his contacts in Ethiopia and target them for violent human-rights-abusing reprisals over their democratic opposition to the country's ruling dictatorship.
The Ethiopian government doesn't deny that it hacked Mr Kidane using Finspy, a commercial law-enforcement tool sold by western companies to repressive governments around the world (Ethiopia doesn't have a very sophisticated domestic IT capacity, but it has purchased mass surveillance technology on the open market, making it "the world's first turnkey surveillance state").
EFF has filed a new brief in the case, asking the court to reject this theory.
If a foreign state’s agent had placed a recording device in Mr. Kidane’s home or on his telephone line, Mr. Kidane could indisputably sue the government in U.S. courts, said EFF Senior Staff Attorney Nate Cardozo. The fact that Ethiopia used software instead of a person to launch a wiretap attack against Kidane in no way allows the country to evade legal liability.
“Today, all governments have to do to illegally spy on people is purchase the right software,’’ said Cardozo. “The D.C. Circuit should recognize that the malware in this case took the place of a human spy, and reinstate Mr. Kidane’s lawsuit.”
“Giving Ethiopia immunity for state-sponsored hacking would strip away one of the few protections Americans have against cyberattacks by foreign powers,” said Scott Gilmore, counsel at Guernica 37. “The invasion of our client’s home, through his computer, could happen to any of us. We all should have the right to seek justice.”