Trump's Invitation To Hack Or To Share The Spoils Of A Hack Commentary
Trump's Invitation To Hack Or To Share The Spoils Of A Hack
Edited by:

JURIST Guest Columnist Albert E. Scherr of University of New Hampshire School of Law discusses Donald Trumps’s recent statements…

The spectacle of Donald Trump’s invitation to the Russian government to either hack Hillary Clinton’s e-mail or provide to him the results of hacking already completed has been entertaining and troubling. Put aside whether the invitation was serious or “sarcastic” as Trump now claims after the fact. Put aside the political and foreign policy implications of the invitation. Was Trump’s invitation criminal incitement to criminal conduct by a foreign state upon the US government or “merely” an approval of criminal conduct by a foreign state upon the US government?

Trump’s invitation went like this: after expressing hope that Russia had hacked Hillary Clinton’s e-mail, he said: “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press.”

What is the significance of such a statement, assuming that someone, possibly a Russian or the Russian government, has hacked Clinton’s e-mail. Two items of note: (1) it is very unlikely that Clinton’s private e-mail server that contained her State Department communications is still running and, if so, still has hack-worthy governmental information; and (2) it has yet to be established that Russians or the Russian government ever hacked Clinton’s e-mail though many experts believe that the Russian government is the source of the e-mail hacking of the Democratic National Committee. And most recently, we now have learned that Russia may have hacked Clinton campaign e-mails.

Up front it is very unlikely that Trump’s invitation constituted treason. To prove treason, one must show: the defendant owes allegiance to the government and the defendant intentionally betrays that allegiance by …giving aid or comfort to the government’s enemies. It is well-established that giving aid and comfort to the enemy in peacetime, even assuming Russia qualifies as an enemy, does not constitute treason.

It is only slightly more likely that Trump’s invitation constitutes espionage which is defined as the- “knowingly and willfully communicates, … otherwise makes available to an unauthorized person, or publishes, or uses in any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified information…”the statute then goes on to describe the particular kinds of information banned from disclosure. To prove these elements, it is likely the prosecution would need to establish that Trump knew about the e-mails’ contents (the missing e-mails, that is) and that they in some fashion harmed the United States, all at the time he made the invitation. Difficult to so prove based on the current evidence given that the 30,000 e-mails apparently remain missing.

To understand Trump’s potential culpability, one must understand Russia’s culpability. It is likely that if a Russian or the Russian government hacked Hillary Clinton’s e-mail server while she was Secretary of State, that that individual or state actor has violated either the Electronic Privacy Act (ECPA) (including the Stored Wire Electronic Communications Act) or The Computer Fraud & Abuse Act (CFAA). ECPA bans the interception, acquisition and disclosure of electronic communications. It focuses on communications in interstate and foreign commerce by corporations and individuals. For example, those who obtained access for WikiLeaks to protected e-mails and their substance may well have violated ECPA. The Stored Communications Act focuses on surreptitious access to communications “at rest” in electronic storage. If someone, including the Russian government broke into Clinton’s e-mail server; obtained her e-mails and, as urged by Trump, disclosed them, it very likely a violation of ECPA.

CFAA focuses less on communications themselves and more on computers, effectively operating in part as an anti-hacking statute. The language states that only “protected computers” are covered. However given the definition of “protected computer,” which includes any computer that affects interstate or foreign commerce, most computers are covered. The covered conduct includes computer trespassing, cyber espionage, including using viruses and worms, fraud, password trafficking to damage computers and certain kinds of cyber threats. Again the statutory language suggests pretty strongly that an individual Russian or the Russian government would be criminally liable for computer hacking.

Now having a theoretically provable case is not enough. It is definitely the case that the U.S. government could charge someone with this conduct even though that person had not set foot in the US Case law and the implications of ECPA and CFAA language verify that the US Attorney’s office would have extraterritorial jurisdiction. At least three further problems remain:

  1. It is very difficult in extraterritorial cybercrime investigations to identify exactly the individual(s) who should be charges;
  2. Even if possible the US and Russia do not have an extradition treaty (see Snowden, Edward); and
  3. The US and Russia do not have a mutual legal assistance treaty or executive agreement facilitating access to witnesses and evidence through agreed upon legal processes.

Thus if someone in Russia actually did hack Clinton’s e-mail server, they would be chargeable but difficult to engage in the US criminal justice system let alone convict.

What about Trump’s culpability? At one level he’s an easier target in that he is in the US and he made very public statements. If his statements can be read to encourage someone in Russia to disclose electronic communications whose acquisition is illegal, then the question becomes whether he is engaged in a conspiracy to violate ECPA. Encouragement does not equal a conspiracy. One need also prove an agreement to violate the statute and overt acts, at the least. The publicly available facts do not get us there to date. And prosecutors would still need witnesses and evidence from Russia to prove the underlying crime.

As to CFAA the challenges are the same and a bit greater. Assuming a Russian individual has accessed Clinton’s computer, that access had already occurred by the time of Trump’s invitation. That conduct is the essence of the CFAA and diminishes any possibility of prosecution.

To be sure Trump’s invitation is one that encourages a foreign government to further engage in and aggravate the federal crimes they may well have committed. If the hacking had been upon Trump’s email by the Clinton campaign or by the Trump campaign on Clinton’s e-mail, imagine…

Albert E. Scherr is a Professor of Law at the University of New Hampshire School of Law. He is chair of UNH Law’s International Criminal Law & Justice Program and has written in the area of cybercrime and cyberwar.

Suggested citation: Albert E. Scherr Trump’s Invitation to Hack or to Share the Spoils of A Hack , JURIST – Academic Commentary, August 11, 2016, http://jurist.org/forum/2016/11/albert-scherr-trump-spoils.php.


This article was prepared for publication by Elizabeth Dennis, an Assistant Editor for JURIST Commentary. Please direct any questions or comments to her at commentary@jurist.org.

Opinions expressed in JURIST Commentary are the sole responsibility of the author and do not necessarily reflect the views of JURIST's editors, staff, donors or the University of Pittsburgh.