I teach internet law, and focus substantial time on computer privacy and cyber security law. The core anti-hacking statute is the Computer Fraud and Abuse Act (18 U.S.C. 1030(a)). Although I’m somewhat surprised by the new DNC v. Russia lawsuit, it is not surprising that the CFAA serves as a primary basis for the lawsuit.
In addition to Russia, the Democratic National Committee (DNC) also joined Donald Trump Jr., Paul Manafort, Wikileaks
Wikipedia, Julian Assange, Jared Kushner, Guccifer 2.0, and others as defendants alleging violations of a wide array of federal laws, including the CFAA, RICO the Wiretap Act, the Stored Communications Act, the DMCA, and the Defend Trade Secrets Act, as well as common law trespass and trespass to chattels.
The complaint begins:
In the run-up to the 2016 election, Russia mounted a brazen attack on American Democracy. The opening salvo was a cyberattack on the DNC, carried out on American soil. In 2015 and 2016, Russian intelligence services hacked into the DNC’s computers, penetrated its phone systems, and exfiltrated tens of thousands of documents and emails. Russia then used this stolen information . . . supporting the campaign of Donald J. Trump (“Trump”), whose policies would benefit the Kremlin.
In the Trump campaign, Russia found a willing and active partner in this effort . . . Through multiple meetings, emails, and other communications, these Russian agents made clear that their government supported Trump and was prepared to use stolen emails and other information to damage his opponent and the Democratic party.
The intellectual property claims here are two-fold:
- Violation of the anti-circumvention provisions of the DMCA; and
- Trade secret misappropriation.
The DMCA’s anti-circumvention provisions provide a cause of action against someone who circumvents a “technological measure” used to control access to a copyrighted work:
No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
17 U.S.C. 1201. Here, the argument is that the firewalls and passwords protecting the DNC computers were the “technological measures” used to protect the files, documents, and emails — all of which are copyrighted.
Similarly, the DNC argues that those files also contain trade secret material. Here, the DNC argues that – although a non-profit – the DNC is in business. “Specifically, the DNC is in the business of supporting Democratic political campaigns.” The stolen documents included important strategic information whose value required secrecy.
Although clearly politically motivated, it will be interesting to follow the development of the lawsuit.