Alexander Berengaut writes:
Last summer, Marcus Hutchins, the security researcher who stopped the “WannaCry” malware attack, was arrested and charged for his role in allegedly creating and conspiring to sell a different piece of malware, known as Kronos. As we have previously discussed on this blog, however, the indictment was notable for its lack of allegations connecting Hutchins to the United States, which raises constitutional due process issues, and Hutchins subsequently moved to dismiss the indictment on this basis.
The government has now responded to Hutchins’ motion. It makes two main arguments. First, the government maintains—as a factual matter—that the allegations in the indictment do allege a sufficient nexus between Hutchins and the United States. Second, the government argues, as a legal matter, that if Hutchins’ indictment is defective because it fails to allege conduct specifically directed at the United States, then there is no country on Earth where Hutchins could be prosecuted. Both arguments appear to fall short.
Read more on Covington & Burling Inside Privacy.