Judge tosses hacking suit over #NeverTrump tweet

July 29, 2016

Colorado Republican Committee Twitter screenshot courtesy of twitter.comThe Colorado Republican Committee cannot bring a civil suit under a federal computer hacking law against an anonymous defendant who allegedly accessed the group’s Twitter account and posted an unauthorized tweet, a federal judge in Colorado has ruled.

The political committee never showed the unauthorized tweet caused the group more than $5,000 in losses or created a “threat to public health or safety,” U.S. District Judge Marcia S. Krieger of the District of Colorado said.

She dismissed the case, saying the Colorado Republican Committee failed to state a valid claim for relief under the Computer Fraud and Abuse Act, 10 U.S.C.A. § 1030.

According to the CRC’s lawsuit, the political group held a convention April 9 to select delegates and alternates for the Republican National Convention in Cleveland.

They chose between lists of preferred delegate candidates from the two then-leading Republican presidential candidates, Sen. Ted Cruz and Donald Trump, the suit said.

CRC Chairman Steve House announced the results at 8:05 p.m. MDT, saying delegates listed on Cruz’s preferred slate won, according to the complaint.

Minutes after this announcement, an unauthorized tweet appeared on the CRC’s Twitter account, the suit said.

The complaint included a photo of the tweet, which said: “We did it. #NeverTrump.”

Only two people, House and the CRC’s communication director, Kyle Kohli, had access to the group’s Twitter account, and neither had sent the tweet, the suit said.

About 10 minutes later, Kohli deleted the tweet, but it had been viewed and retweeted multiple times, the suit said.

The group investigated but could not identify the person who sent the tweet, the complaint said.

During the investigation, the CRC, staffers and officers received anonymous threats, the suit said.

The threats allegedly included demands for CRC members to resign, threats to sexually mutilate the members’ granddaughters and calls for an armed rally at House’s home.

The group filed a lawsuit May 9 against an anonymous “John Doe” defendant for violating the computer hacking law, citing its subsection on “threats to public health or safety,” 10 U.S.C.A. § 1030(g).

On May 24 Judge Krieger entered an order to show cause as to why she should not dismiss the suit for failure to state a claim.

She asked for more details about how the anonymous defendant’s alleged unauthorized access and tweet posed a threat to public health and safety, explaining that Doe’s message did not threaten others or encourage others to commit violence.

“There is no allegation in the complaint that Doe knew of, directed or participated in making the threats,” she wrote.

The CRC filed an amended complaint June 7 but still failed to address these deficiencies, the judge said in her recent opinion.

The group only identified about $2,000 in losses, including the time a staffer took to answer press questions about the unauthorized tweet, the judge said.

The CRC also argued it was foreseeable that a third party would make threats after seeing the tweet, but the judge rejected that argument.

Whether that type of response was foreseeable — a question the judge did not answer — the federal hacking law does not penalize such reactions from third parties, she said.

The CRC never alleged the unauthorized access disabled computers or deleted data essential to medical treatment, public utilities or emergency response services, she wrote.

Colorado Republican Committee v. Doe, No. 16-cv-1058, 2016 WL 3922156 (D. Colo. July 21, 2016).