Expert: News Corp. Phone Hacking May Have Violated U.S. Law
Written by Adam Shah
Published
As we've documented, Rep. Peter King (R-NY) and Sens. Frank Lautenberg (D-NJ), Jay Rockefeller (D-WV), and Barbara Boxer (D-CA) have called on U.S. authorities to investigate whether the News Corp. phone hacking and bribery scandal violated U.S. law.
Now George Washington University law professor Orin Kerr -- a former clerk for Supreme Court Justice Anthony Kennedy, a former special counsel for Supreme Court nominations to Sen. John Cornyn (R-TX), and an expert in computer crime law -- has written that News Corp.'s hacking of individuals in the United Kingdom may violate the federal Computer Fraud and Abuse Act. (And this doesn't even take into account the issue of whether, in addition to victims in the United Kingdom, News Corp. hacked 9/11 victims or other Americans.)
From Kerr's post on the libertarian Volokh Conspiracy blog:
The hacking has had huge ripple effects, ranging from its impact on UK politics to Rupert Murdoch. I wanted to blog about one angle to the story I haven't seen covered elsewhere: Did these intrusions violate U.S. federal criminal law? Put another way, could the federal government prosecute individuals for the hacking in the U.K.?
We don't know all the details yet, but I think it's possible. I've blogged a lot about the Computer Fraud and Abuse Act, 18 U.S.C. 1030, which prohibits unauthorized access to protected computers. I've regularly pointed out that this statute is extraordinarily broad, and its breadth is relevant here. Some of the analysis is easy: Hacking in to another person's voicemail box is clearly an unauthorized access, and the computers that host voicemail files are clearly “computers.” See, e.g., United States v. Kramer (8th Cir. 2010). But more interestingly, the fact that the hacking was probably all done outside the U.S. probably doesn't matter, even if all the computers that were hacked are outside the U.S. The Computer Fraud and Abuse Act extends to computers outside the United States in most circumstances. Here's the key statutory language:
the term “protected computer” means a computer . . . which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
[...]
One significant uncertainty is how much if any nexus to the United States is required under the Foreign Commerce Clause to constitute a channel of foreign commerce: Does that mean a channel of commerce with the United States, or just among foreign nations? And in the case of an international network like the phone network or the Internet, is the relevant question whether the communications involved the United States at that time or whether the channels themselves interacted with United States networks more generally? These issues don't come up often because prosecutions of foreign conduct are rare. And in the case of the “News of the World” hacks, we don't know what role any U.S. networks or computers played. But depending on how the foreign commerce clause arguments are resolved, there's a chance that the intrusions may be chargeable under United States criminal law in addition to under the law of the UK. [italics in the original]