The uproar over President Trump's executive orders raises many important questions about how the Constitution allocates power among the three branches of our government. In other words, who is responsible for what?
That is a discussion we should be having in connection with cyberattacks sponsored by foreign governments — in particular, the role United States courts should play in punishing and deterring cyberattacks committed in the U.S. by those governments.
The January 2017 release of the U.S. intelligence community's stunning report on Russia's alleged cyberattacks in connection with the 2016 presidential election and the specter of more attacks to come raises many more questions than it answers.
What are the American people supposed to make of the report, which is long on conclusions but woefully short on evidence? What are we to make of the congressional hearings where all of the so-called "evidence" is presented in closed-door sessions reserved for politicians but unavailable to the public?
Of course, foreign government attacks on U.S. government and private computer networks is not new. What is new is the increasing frequency with which foreign government-sponsored hacking occurs and the fact that these governments apparently believe that U.S. cyberattacks are worth the risk.
The political and media discourse on the subject remains focused on the government's role in countering cyberattacks. Of course, the U.S. government and law enforcement are necessary components of any effort to stop or otherwise deter cyberattacks.
But the government's actions are not nearly sufficient. The American public may think that our defenses and responses to foreign-government-sponsored cyberattacks should only be entrusted to our intelligence and law enforcement agencies and elected officials. We therefore sit back and wait for action to be taken, whether it be in the form of counterattacks or, in the recent case involving the Russians, targeted sanctions and expulsions.
This view is shortsighted. It is also incorrect. Businesses, organizations (such as the Democratic National Committee), and private individuals (such as John Podesta) have many legal options at their disposal to take on foreign governments that engage in cyberattacks.
Enacted in 1976, the Foreign Sovereign Immunities Act, commonly known as the FSIA, is the biggest legal tool available to private individuals and entities. The FSIA serves as a key to the doors of U.S. courts by permitting private parties, in certain circumstances, to sue foreign governments and their agencies.
Under the FSIA, foreign governments and their agencies are immune from liability for a wide range of actions. There are notable exceptions in the statute, however, that have a direct bearing on whether U.S. courts are permitted to wade into the world of compensating victims of cyberattacks and deterring future attacks.
For example, there is no immunity for a foreign government's commercial activities that have a direct effect in the U.S. Nor is a foreign government immune for actions that cause personal injury or death, or damage to property, in the U.S.
Cyberattacks fit neatly within either one of these exceptions. Theft of trade secrets has been considered commercial activity for which there is no immunity. Any intrusion into a computer network plainly causes damage to property.
Because foreign governments are not immune for cyberattacks, the FSIA levels the playing field, declaring those governments to be responsible for paying victims compensation in "the same manner and to the same extent as a private individual under like circumstances."
This extraordinary equalizer amplifies and extends the litigation menu for those in the U.S. harmed by foreign government-sponsored cyberattacks. That menu includes claims for trespass, invasion of privacy, and violations of the Computer Fraud and Abuse Act, the Federal Wiretap Act, and the Stored Communications Act.
Given the significant negative exposure that a foreign government faces once the FSIA door opens, one should expect the targeted government to pressure the U.S. State and Justice Departments to delay or otherwise derail any lawsuit. However, those U.S. government agencies are accountable to the American people for their actions. The genius of our Constitution demands that courts remain independent from the political branches and therefore not beholden to the views of the White House, State Department, or Justice Department.
Litigation by private parties has historically played a vital role in unearthing wrongs and getting to the truth behind events that seem to get bogged down in the rough-and-tumble of politics. Fighting, punishing and deterring cyberattacks is no different. Foreign governments who believe they can act with impunity and not face the U.S. justice system should think again and be prepared to defend their actions in U.S. courts.
The legal framework is in place. All we need are private citizens and organizations willing to take on the perpetrating foreign governments.
Ugo Colella is a trial partner at a law firm in Washington, D.C.
If you would like to write an op-ed for the Washington Examiner, please read our guidelines on submissions here.