U.S. Export of Cybersurveillance to Repressive Regimes

Former members of the U.S. national security establishment increasingly sell U.S. surveillance technology and know-how to repressive regimes around the world with little to no regard for human rights implications.

As detailed in a series of press reports, the United Arab Emirates (UAE) sought out U.S. corporations and contractors to build a cyber-surveillance program to target perceived dissidents from the UAE and its regional ally Saudi Arabia, including human rights activists. According to former employees of the program, one of the UAE’s cybersurveillance targets was renowned human rights activist Loujain Alhathloul, a fierce advocate for women’s rights in Saudi Arabia who was twice nominated for the Nobel Peace Prize. 

CJA, along with co-counsel the Electronic Frontier Foundation and Foley Hoag LLP, represent Ms. Alhathloul in her suit to hold accountable three former U.S. national security members who allegedly played key roles in building and operating the UAE’s cybersurveillance program, including the targeted hacking of Ms. Alhathloul.

As alleged in our pleadings, the UAE’s cybersurveillance program targeted Ms. Alhathloul, who was given the code name “Purple Sword.” Using sophisticated cybersurveillance techniques and software developed and purchased in the United States, Defendants hacked Ms. Alhathloul’s iPhone, which gave the UAE security services access to her location, contacts, and communications. In March 2018, following the hack, Ms. Alhathloul was forcibly detained in Abu Dhabi, where she was living and studying. A few hours later, she was taken by UAE agents to an airport where she was forcibly rendered Saudi Arabia where she was detained, imprisoned, and tortured by Saudi officials. Today, Ms. Alhathloul is no longer in prison, but she is currently under a travel ban and unable to leave Saudi Arabia. She has not seen her siblings for over four years.

In September 2021, Ryan Adams, Marc Baier, and Daniel Gericke, the three former U.S. intelligence and military officers who are alleged to have played key roles in the UAE’s cyber-surveillance program entered into a deferred prosecution agreement with the U.S. Department of Justice where they admitted to violating prohibitions on selling sensitive military technology and the Computer Fraud and Abuse Act (CFAA).

On December 9, 2021, Ms. Alhathloul filed suit in the U.S. District Court for the District of Oregon against Adams, Baier, and Gericke, and their former employer, DarkMatter Group, the UAE company operating the hacking program for the UAE security services. The complaint alleges that Defendants Baier, Adams, and Gericke aided and abetted the UAE’s persecution of Ms. Alhathloul, in violation of the Alien Tort Statute and that all Defendants violated the Computer Fraud and Abuse Act (CFAA), which prohibits the unauthorized access of a protected computer.

On May 8, 2023, following the dismissal without prejudice of the initial complaint for lack of personal jurisdiction, Ms. Alhathloul filed an amended complaint detailing the Defendants’ and the case’s extensive U.S. contacts and the court’s jurisdiction to hear the case.