Court Has Jurisdiction Over Israeli Company in Malware Scheme
We’re blogged about legal translation services for Foreign Sovereign Immunity Cases (FSIA). In the case described in this legal translation blog post, plaintiffs sued an Israeli limited liability company and an Israeli corporation that acted as the director/majority shareholder of the Israeli LLC. The plaintiffs, WhatsApp and Facebook, alleged that the defendants sent malware to 1,400 mobile phones and devices through WhatsApp’s system for the purpose of illegally surveilling those devices. In their complaint, the plaintiffs asserted four causes of action against the defendants for: (1) violation of the Computer Fraud and Abuse Act (or “CAFA”), (2) violation of the California Comprehensive Computer Data Access and Fraud Act; (3) breach of contract; and (4) trespass to chattels. Specifically, plaintiffs alleged that the defendants manufactured and distributed technology that was “designed to intercept and extract information and communications from mobile phones and devices.” The malware was allegedly able to intercept communications, capture screenshots, and obtain one’s browser history and contacts.
The defendants’ customers included a range of sovereign nations, including the Kingdom of Bahrain, the United Arab Emirates, and Mexico. The malware that was the subject of the dispute allegedly gave the defendants and their customers the ability to access various groups targeted by the defendants: attorneys, journalists, diplomats, political dissidents, and other foreign government officials.
Defendants File Motion to Dismiss Under FSIA
In response to the plaintiffs’ lawsuit, the defendants filed a motion to dismiss pursuant to Rule 12(b)(6) and (7) of the Federal Rules of Civil Procedure. First, the defendants argued that the plaintiffs’ complaint failed to plead a viable cause of action under the Computer Fraud and Abuse Act on the grounds that the court lacked subject matter jurisdiction over the defendants. Specifically, the defendants argued that the court lacked jurisdiction because the allegedly wrongful conduct was performed by foreign sovereigns; thus, the Foreign Sovereign Immunity Act (“FSIA”) applied and precluded plaintiffs from filing suit.
FSIA states that “a foreign state shall be immune from the jurisdiction of the courts of the United States and of the States” except as provided in the FSIA. 28 U.S.C. § 1604. Since the parties agreed that the defendants did not qualify as “foreign states” because they were not foreign entities, the court addressed whether the defendants were able to claim some form of derivative sovereign immunity. The defendants claimed that they were entitled to “conduct-based” foreign sovereign immunity because they were acting as a foreign sovereign’s private agents. Specifically, the defendants argued that foreign states used their technology to fight terrorism and crime.
Court Denies Defendants’ Motion to Dismiss
The court rejected the defendants’ immunity claims. The court ruled that the defendants did not qualify as “foreign officials” under the content-based prong of the foreign official immunity test. The court also held that the defendants were not entitled to derivative sovereign immunity because they were not incorporated or formed in the United States and the 9th Circuit has not held that the doctrine of sovereign immunity applies to foreign contractors of foreign states.
The court also rejected the defendants’ arguments that the court lacked jurisdiction over the dispute. Although the court found that the plaintiffs had not met their burden of proving that the defendants had purposefully availed themselves of California’s jurisdiction, the court held that exercising jurisdiction in this case comported with notions of “fair play and substantial justice.” In so holding, the court found that the plaintiffs had demonstrated that the defendants had sufficiently “injected” themselves into the forum state. For example, the court noted that the complaint alleged that the defendants sought out WhatsApp’s servers, based in California, in order to route malicious code through the servers and eventually reach users’ phones. In addition, the court found that while it would be significantly burdensome for the defendants to litigate in California, it was also burdensome for the plaintiffs to litigate in Israel because the plaintiffs’ evidence and witnesses were located in California.
The court also rejected the defendants’ claim that the plaintiffs had failed to join the defendants’ foreign service customers (comprised of foreign governments) as “necessary parties” under Rule 19. The court rejected this argument as well, finding that the foreign governments were not necessary parties because the court would be able to craft an injunction that excluded foreign nations.
Finally, the court rejected the defendants’ argument that the plaintiffs’ complaint failed to state a claim for relief for violations of CFAA. The court found that the plaintiffs had sufficiently alleged that the defendants’ actions met the “exceeded authorized access” prong of CFAA, which prohibits acts of computer trespass by those who are not authorized users or who exceed authorized use. The court did find, however, that the plaintiffs had failed to state a claim for trespass to chattel because the plaintiffs did not claim that the defendants’ actions had damaged or degraded WhatsApps’ actual servers.
The case is WhatsApp Inc. v. NSO Grp. Techs, Case No 19-CV-07123-PJH decided on July 16, 2020 in the United States District Court for the Northern District of California.
Legal translation service All Language Alliance, Inc. provides certified translations of legal documents from Hebrew, Arabic, Portuguese, Spanish, French, Russian, Simplified Chinese, Turkish, Traditional Chinese, Korean, Brazilian Portuguese, and other languages to English. We also supply in-person and remote deposition interpreters in Mandarin, Arabic, Spanish, French, Persian, and other languages.
#alllanguagealliance #legaltranslationservices #legaldocumenttranslation #FSIA #FSIAtranslation #certifiedtranslation #certifiedtranslationservices #certifiedtranslator #certifieddocumenttranslation