A federal law known as the FACE Act outlaws forcibly interfering with someone walking into an abortion clinic. But what if that interference happens online?
A new lawsuit alleges that when a cyberattacker targeted a national abortion group in 2016, they violated not only computer fraud laws but also the Freedom of Access to Clinic Entrances (or FACE) Act.
The attack affected not only national abortion funds, but Washington and Oregonâs abortion fund too. The National Network of Abortion Funds (NNAF) and local abortion funds around the country help people pay for abortions.
In April 2016, as the NNAF was preparing for its annual bowl-a-thon fundraiser, it was hit with a cyberattack. The group's supporters received racist and anti-choice emails and the NNAF donation site received a flood of fake donations. The attack forced the national group to shut down its fundraising site. Here in Washington, the CAIR Project, which covered Washington, Idaho, and Alaska, saw a significant hit to donations when the site went down. At the time, the bowl-a-thon made up 40 percent of the CAIR Projectâs annual budget. The CAIR Project has since merged with Oregonâs fund to form the Northwest Abortion Access Fund (NWAAF). The NWAAF is now plaintiff on the cyberattack lawsuit.
The complaint alleges that the cyberattack directly affected the services abortion funds provide. âBy ransacking the single-most important abortion fundraiser of the year, Defendant(s) took away the ability to access abortions from the persons most in need of help,â the complaint says.
The complaint names 15 John Does, most of them not identified. John Doe #1, however, was âprimarily responsible.â The complaint alleges Joe Doe #1 is Matthew James Davis, a âreligious anti-abortion activist with a background in technology and codingâ believed to live in Florida. Davis allegedly owned a since-deleted Twitter account, @matthewjames. Davis did not return a request for comment.
According to the complaint, Davis set up a sham donation form that appeared on the NNAFâs website and was able to use that form to steal the names and contact information of thousands of bowl-a-thon participants and donors as well as 435 credit card numbers. He also allegedly sent racist and anti-choice emails to people who had registered for the bowl-a-thon event.
The complaint outlines the way the chaos unfolded over several days.
According to the complaint, NNAF used a company called Blue Sky Collaborative, which provides online fundraising applications for charities. In early April, someone put âmalicious codeâ in that fundraising application.
Soon, suspicious comments began showing up on the NNAFâs registration page for the bowl-a-thon and someone registered fundraising accounts with names like âadolph hitlerâ, âAdolph,â and âhitlerâ [sic].
âThe next day the Bowl-a-Thon website began to display the receipt of absurdly large offline donations from registered participant accounts,â the complaint says. âFor instance, one of these donations, from user qwerty, was for $999,999,999.00.â
Soon, the @matthewjames Twitter account sent tweets congratulating NNAF on âpassing the $830 trillion mark⌠youâre gunna [sic] make little boys and girls a complete thing of the past!â according to the complaint.
The NNAF site then received $66 billion in fake donations, including some from âAdolph [sic] Hitler,â over several hours. That caused the site to crash, according to the complaint.
Some people who had registered for the bowl-a-thon then received an email from âAdolph Hitler.â
âI believe that the Aryan race is the Master Race; the purest human genetic strain currently available,â the email said, according to the complaint. âConsequently, it tickles me to fund abortions for the lower races, such as the Negroes and the Jews. There is no longer any need to send these parasites to my concentration camps â they willingly slaughter their own young if given enough money to afford the ope [sic] I am indebted to feminism and this new opportunity it has provided to cleanse our future generations. Keep it up, NNAF!â
Some registrants also received an email with a picture of a fetus that said, âI hope I grow up big enough to go bowling someday.â
The interruption to fundraising, offensive emails to the groupâs supporters, and security breach meant âefforts and resources were redirected from fundraising to crisis management,â the complaint says. National and local abortion funds âscrambled to find alternate means of accepting donations, acted to protect their donorâs private information, took preventive measures, and triaged their own reputational fallout from being victimized by an attack of this nature.â
Rebounding from the attack took months of work and âhad profound and harmful effectsâ on the relationship between the national fund that organizes the fundraising event and the local funds that depend on the event for big shares of their budgets. In total, the attack cost NNAF $252,000 in legal and security costs, according to the complaint. The complaint says the Northwest Abortion Access Fund saw lower fundraising than in past years due to the attack and seven NWAAF donors had their credit card information stolen.
All of this violates the Computer Fraud and Abuse Act and the FACE Act relating to access to reproductive health services, the complaint alleges.
Because the FACE Act defines reproductive health services to include counseling and referrals, the case argues the abortion funds are covered by that law.
The âhacking and phishingâ and âcreation and distribution of racist and violent imageryâ interfered with the fundsâ ability to provide services, the complaint says.
Carrie Goldberg, who is representing the abortion funds, told CNN the FACE Act has not been applied to a hacking case before.
The suit was filed in U.S. District Court in Massachusetts and seeks a jury trial.