A Washington, D.C. judge ruled Tuesday that an American citizen hacked by the Ethiopian government cannot sue the government for hacking into his devices and monitoring his activity with malicious software.
The decision was handed down by the U.S. Court of Appeals for the District of Columbia Circuit in relation to an incident that happened in 2012, when the Ethiopian government allegedly hacked an Ethiopian-born man living in the United States.
The victim, who goes by the pseudonym “Kidane” out of fear for further targeting from the government, was hacked by spies working for Ethiopia’s Information Network Security Agency (INSA).
The spies used software called FinSpy to access his computer. Once in his system, the agency reportedly recorded his Skype conversations and intercepted emails. The spying went on over the course of several months.
FinSpy has become a semi-notorious piece of spyware. Created by Lench IT Solutions, the malware has been marketed to law enforcement agencies and governments around the world. Most notably, it was used by the Egyptian government to monitor political dissidents.
Kidane and his lawyers argued he should have the ability to sue the Ethiopian government over their hacking and spying under the Foreign Sovereign Immunities Act ( FSIA ), which allows citizens to sue foreign governments from inside the U.S. as long as the basis of the lawsuit occurred on American soil.
While Kidane was on American soil when his computer was hacked, but the actual hacking took place remotely. Therefore, the court found that Kidane didn’t have the jurisdiction to sue the Ethiopian government over their actions.
"Ethiopia's placement of the FinSpy virus on Kidane's computer, although completed in the United States when Kidane opened the infected email attachment, began outside the United States," the decision said.
The decision marks a major loss for digital rights advocates, who hoped the case would help set a precedent to provide recourse for victims of state-sponsored hacking.