Azima v. RAK Inv. Auth.
305 F. Supp. 3d 149
D.C. Cir.2018Background
- Plaintiff Farhad Azima, a U.S. citizen and international businessman, alleges RAKIA (an investment arm of the Ras Al Khaimah government, UAE) arranged surreptitious hacks of his personal and business computers from Oct 2015–Aug 2016, used stolen material to disparage and extort him, and sent a demand letter in Sept 2016 attaching hacked documents.
- Azima and RAKIA had a longstanding commercial relationship (joint ventures, guaranty for RAK Airways/HeavyLift, discussions about ISR and munitions projects); Azima also acted as a negotiator/mediator for RAKIA in disputes with its former CEO and received a March 2016 Settlement Agreement referencing his negotiation assistance.
- Azima sued in D.C. (Sept 2016; amended complaint) alleging CFAA violation, conversion, and unfair competition, invoking FSIA exceptions: commercial-activity exception (28 U.S.C. §1605(a)(2)) and noncommercial tort exception (28 U.S.C. §1605(a)(5)).
- RAKIA moved to dismiss for lack of subject-matter jurisdiction under the FSIA (claiming immunity) and alternatively on forum non conveniens grounds pointing to the Settlement Agreement’s England-and-Wales forum-selection clause.
- The Court denied RAKIA’s motion: it found (1) sufficient factual basis that RAKIA engaged in extraterritorial commercial activity (mediation/business dealings) and that the alleged hacking was “in connection with” that activity, and (2) that the hacking caused a direct effect in the United States (damage to U.S.-based laptops/data), so the commercial-activity exception applies; the Court also found the U.K. forum was not shown to be adequate and the forum-selection clause did not cover these new tort claims.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether FSIA’s commercial-activity exception applies | Azima: RAKIA engaged him for commercial negotiation/mediator services outside U.S.; hacking was linked to and intended to advantage RAKIA’s commercial dealings, causing direct effects in U.S. | RAKIA: it is an agency/instrumentality entitled to immunity; the hacking wasn’t connected to any commercial activity and did not cause a direct effect in U.S.; location of hack is abroad. | Held: Exception applies — court finds sufficient evidence of extraterritorial commercial activity, connection to hacking, and direct U.S. effect. |
| Meaning of “in connection with” commercial activity | Azima: hacking was causally linked to mediation and commercial disputes (demand letter used hacked docs). | RAKIA: connection is too attenuated; commercial dealings are unrelated. | Held: Allegations and record permit reasonable inference of substantive causal link; in-connection-with requirement satisfied. |
| Whether alleged hacking caused a “direct effect” in the United States | Azima: he resides and does business in U.S.; U.S.-based laptops were damaged/deleted and data exposed — an immediate consequence in U.S. | RAKIA: mere financial loss to U.S. citizen or reputational harms are insufficient; hack occurred abroad so no direct U.S. effect. | Held: Direct-effect prong met — alleged damage to U.S.-based computers/data qualifies as more-than-trivial direct effect. |
| Whether dismissal on forum non conveniens is warranted (and whether Settlement Agreement’s forum clause controls) | Azima: U.K. forum not shown adequate; settlement clause covers disputes about that agreement only, not new tort/hacking claims. | RAKIA: parties agreed to exclusive England & Wales jurisdiction in March 2016 settlement; London is proper forum and RAKIA may consent/waive immunity there. | Held: Dismissal denied — RAKIA failed to show U.K. is adequate available forum and the settlement clause does not cover these separate tort claims. |
Key Cases Cited
- Republic of Argentina v. Weltover, 504 U.S. 607 (1992) (defines "commercial activity" for FSIA and instructs focus on the nature of the activity, not motive)
- Bolivarian Republic of Venezuela v. Helmerich & Payne Int'l Drilling Co., 137 S. Ct. 1312 (2017) (reiterates that commercial-activity exception denies immunity for commercial acts)
- Verlinden B.V. v. Central Bank of Nigeria, 461 U.S. 480 (1983) (FSIA codifies the presumption of foreign-state immunity and its commercial exception)
- Bell Helicopter Textron, Inc. v. Islamic Republic of Iran, 734 F.3d 1175 (D.C. Cir. 2013) (in tort cases, direct-effect inquiry focuses on locus of the tort)
- Doe v. Fed. Democratic Republic of Ethiopia, 851 F.3d 7 (D.C. Cir. 2017) (discusses location-of-hacking issue and that harm can occur when victim opens infected content)
- Princz v. Federal Republic of Germany, 26 F.3d 1166 (D.C. Cir. 1994) (direct-effect requires immediate consequence; intervening acts may defeat directness)
- Adler v. Federal Republic of Nigeria, 107 F.3d 720 (9th Cir. 1997) ("in connection with" demands substantive or causal link between act and commercial activity)
- Garb v. Republic of Poland, 440 F.3d 579 (2d Cir. 2006) (narrow reading of "in connection with"; disallows merely attenuated links)