As the British phone-hacking scandal grows larger, the story has started to have ripple effects in the United States. Like the British authorities, the Department of Justice and the Federal Bureau of Investigation may also be investigating various phone-hacking allegations. Indeed, various members of Congress have called on U.S. authorities to investigate whether conduct relating to the News Corp. scandal has violated U.S. law.
Disturbingly, allegations have been made linking employees of Murdoch-owned papers to hacking of the phones of 9/11 victims. Other troubling allegations suggest that News of the World employees paid bribes to British police officers. Because the paper’s parent company, News Corp., has a link to the U.S., any such bribes, if proven, may violate the U.S.’s Foreign Corrupt Practices Act.
In a prior column for Justia’s Verdict, John Dean covered the U.K. scandal, comparing it to Watergate. In this column, I will consider the possible bases for claims that target alleged U.S.-based phone hacking by the News of the World .
Jude Law’s Allegation that He Suffered Phone Hacking While in the U.S.
Notably, British actor Jude Law has alleged that his cellphone, and the cellphone of his assistant, Ben Jackson, were hacked by News of the World while he was in the United States—specifically, at John F. Kennedy Airport—in 2003. (Law had earlier sued The Sun, a sister tabloid to News of the World, for allegedly hacking into his phone and using the content of voicemail messages for several articles in 2005 and 2006.)
Law’s claim suggests that the News of the World’s reportage in an article it published on September 7, 2003, came directly from Law and Jackson’s own cellphones. The article stated: “The star . . . refused to leave the baggage reclaim hall until Ben had spent 20 minutes scouring the arrivals lounge. Ben rang Jude on his mobile to confirm the coast was clear.” The story also disclosed Law’s hotel room number as well as his room service tab.
Not only were Law and Jackson on American soil when the alleged hacking happened, but the cell phones were operating over American cellular networks—providing a jurisdictional link for both prosecutions and civil suits in U.S. federal courts.
Meanwhile, The Daily Telegraph reports that footballer David Beckham is also contemplating U.S. legal action, as he believes he, too, was a target of tabloid hackers over the last decade, including when he was in the United States playing soccer for the LA Galaxy.
The Possible U.S. Civil and Criminal Consequences of Unauthorized Access of Stored Voicemails
Victims such as Law and Beckham, who allege that they were hacked while in the United States, may be able to base their claims upon the United States’ federal Stored Communications Act (SCA), Title II of the Electronic Communications and Privacy Act of 1986. (Its protections are codified at 18 U.S.C. § 2701(a)).
The SCA protects voicemail messages in electronic storage. The protection falls under the SCA’s prohibition on “obtaining, altering or preventing authorized access” to wire and electronic communications in electronic storage, through intentional, unauthorized access to any facility through which an electronic communications service is provided.
If someone violates the SCA, he is exposed to possible criminal, civil, and administrative sanctions. If a violation of Section 2701(a) was committed for commercial advantage, malicious destruction or damage, or private financial gain, the violator could receive up to a year in prison and a fine for the first offense, and up to two years imprisonment and a fine as provided by Title 18 for a second or subsequent offense. In all other instances, a jail term of up to six months and a fine may be imposed.
In addition to these criminal measures, there are also civil remedies. The SCA states that any “person aggrieved by a violation of [the SCA] in which the conduct constituting the violation is engaged in with a knowing or intentional state of mind” may, in a civil lawsuit, recover from the person or entity who committed the unlawful intrusion.
It seems very likely that Law, Beckham, and others who say they were hacked on U.S. soil, will be deemed to have been “aggrieved by a violation of” the SCA. If they do win their SCA civil cases, how much might they be awarded in damages?
The SCA provides that a “court may assess as damages in a civil action . . . the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation, but in no case shall a person entitled to recover receive less than the sum of $1,000.” Moreover, the statute makes clear that the statutory minimum applies for each violation. So, for instance, hacking 100 voicemail message could trigger a fine of at least $100,000.
Punitive damages are also available, if the violation is willful or intentional, and the statute also authorizes an award of attorney’s fees.
Phone Hacking May Also Trigger Possible Computer Fraud and Abuse Act (CFAA) Claims
In addition, there is one other U.S. legal source that may lead to accountability for voicemail hackers. Professor Orin Kerr, an expert on cyber crime, has commented that Murdoch’s newspapers may also have violated the U.S. Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, which prohibits unauthorized access to protected computers.
According to Kerr, hacking into another person’s voice mailbox counts as “unauthorized access”, and the computers that host voicemail files are clearly “computers” within the meaning of the statute. Moreover, Kerr has noted that even if the hacking at issue was done outside the United States, it still may come under the statute, as the CFAA extends to computers outside the United States in most circumstances. (The statute covers so-called “protected” computers located outside the United States if the Constitution’s interstate-commerce or foreign-commerce clause permits those computers to be regulated.)
Ironically, Some Celebrities Allegedly Have Been Perpetrators—Not Just Victims—of Cellphone Hacking
Lest readers see celebrities as always being innocent victims here, however, it’s interesting to note that they have also been the perpetrators. In 2005, hackers reportedly broke into socialite Paris Hilton’s cellphone account and posted online racy photos of her lifted from her own mobile phone. But then in 2006, Hilton herself reportedly used some of the same hacker tactics against others, using SpoofCard.com, which lets people fake the phone number that appears in a recipient’s caller ID display.
Indeed, Spoofcard.com’s lawyer, Mark Del Bianco, says Hilton was among some 50 customers (among them, celebrities) whose accounts were suspended for allegedly using Spoofcard’s service to break into fellow celebrities’—including Lindsay Lohan’s—voicemail accounts.
Advice for Cellphone Users: Choose a Password, and Don’t Opt for the Default Password
Although some voicemail hacking is sophisticated, some is simple—and simple to protect against. Users (and especially those on corporate networks) need to change the default password on their phones to a personalized password. And in some cases, users need to remember to set a password in the first place. (Several major U.S. carriers give customers the option of having no password at all.) Finally, once a password is set, users should change it frequently, just in case.
If you don’t follow these steps, it’s not just your privacy that is at risk. As the Federal Communications Commission (FCC) noted in a warning to consumers earlier this year, unless you replace your default password with a new one, you may be subject to a form of fraud that allows hackers to use a consumer’s or business’s voicemail system and the default password to accept collect calls without the knowledge or permission of the consumer. The fraudster accesses the consumer’s voicemail, and then changes the outgoing message to state that the caller will accept collect-call charges.
In sum, you need not be Jude Law or Lindsay Lohan to be well-advised to guard and change your passwords. Ordinary people can be targets of cellphone voicemail hacking, too.