In two unrelated cases, New Jersey courts made the point that jurisdiction will extend to hackers who have no connection with the state other than an intention to harm its residents.
In Christie v. Nat’l Inst. for Newman Studies, U.S. District Judge Freda Wolfson determined that the court had personal jurisdiction over defendants who illegally accessed and deleted a New Jersey resident’s personal email files, knowing that the victim was in New Jersey when they targeted him. Judge Wolfson rejected the defendants’ arguments that their conduct was insufficient to meet the requisite minimum contacts with New Jersey, and that any unauthorized access of the plaintiff’s Yahoo! emails was targeted at California where the servers that stored the emails were located. Instead, Judge Wolfson stated, “because Defendants deliberately targeted a New Jersey resident—who Defendants knew was in New Jersey when they targeted him—with tortious conduct, Defendants should have reasonably anticipated being hauled to court in New Jersey.” As such, the defendants had established the minimum contacts requirement within New Jersey.
Judge Wolfson’s decision helped resolve uncertainties about the omnipresence of virtual property in cyberspace. The decision seems to suggest that, under New Jersey law, a victim’s emails exist where the hacker knows the computer is located, and thus, where the harm will be felt.
In State v. Tringali, the New Jersey Appellate Division reversed a lower court’s decision to dismiss an indictment of a Florida man who allegedly orchestrated a spam attack on a Utah website with the intention of harming an affiliated New Jersey-based internet business (MedPro). The court explained that under New Jersey law, it does not matter that the “property that was affected by the offense”—the MedPro.com website and the servers that hosted it—were located in Utah. What matters is that “the result which is an element” of the offense consisted of “inflicting a harm upon a resident of this State or depriving a resident of this State of a benefit.”
Deputy Attorney General Joseph Remy, who handled the case for the State stated that “the Appellate Division’s ruling recognized that our citizens and businesses can seek protection under our state laws when attacked in cyberspace and anticipate that law enforcement will investigate and prosecute cybercrimes regardless of where a server or cloud happens to be located.”
These published decisions may prove to be valuable precedent for litigators who handle internet-related cases, especially since New Jersey law tends to provide its citizens greater protection from hacking than other states around the country.
Karen Painter Randall, formerly Certified by the Supreme Court of New Jersey as a Civil Trial Attorney and a partner at Connell Foley LLP, where she chairs the Cybersecurity, Data Privacy and Incident Response Group. With extensive ...