Legal Report: U.S. Appellate Court Upholds Contractor Liability for Conspiracy at Abu Ghraib
As most of us know, the wheels of justice turn slowly at times, and it can take years—if not decades—for a significant lawsuit to be resolved.
This month’s Legal Report column is taking a close look at one of those cases that has been nearly 23 years in the making: the fight to hold a U.S. government contractor liable for conspiring to commit torture and cruel, inhuman, and degrading treatment of detainees at Abu Ghraib prison in 2003.
And with that, we’ll dive into it.
- U.S. appellate court upholds CACI liability for conspiracy at Abu Ghraib
- The EU’s Digital Omnibus process inches forward
- Security contractors are on trial for alleged role in Haitian president assassination
- The family of a Tumbler Ridge shooting victim sues OpenAI
- FMCSA issues a final rule, limiting eligibility for commercial driver’s licenses
U.S. Appellate Court Upholds Contractor Liability for Conspiracy to Commit Abuse at Abu Ghraib
A U.S. federal appeals court upheld a jury decision that CACI Premier Technology, Inc., is liable for conspiring in 2003 to commit the torture and assault of detainees at Iraq’s Abu Ghraib prison and must pay $42 million in damages.
“This is a huge moment, a win that builds a foundation for a new precedent in the U.S.,” said Salah Al-Ejaili, one of the former detainees who sued CACI, in a statement. “Those who believe they are above the law will now think twice before violating human rights.”
Following the invasion of Iraq in March 2003, the U.S. government entered a contract with CACI, which is headquartered in the U.S. state of Virginia, to provide interrogation services at Abu Ghraib. CACI then hired interrogators to fulfill the contract, and they arrived at the prison in September 2003. Those contractors, along with members of the U.S. military, then conspired to subject detainees at the prison to horrifying experiences to obtain information. The abuses included sexual assault, forced nudity, dog threats and attacks, prolonged stress positions, and threats to their family members.
CACI was notified that detainees were being abused at Abu Ghraib in October 2003 but did not take action to intervene to prevent further misconduct. Instead, the U.S. Department of Defense began an official investigation into the alleged conduct, and Major General Antonio Taguba wrote a report with his findings and conclusions—one of many investigations into the conduct at Abu Ghraib which became public in 2004.
Taguba’s report includes the recommendation that a CACI interrogator have his employment terminated, his security clearance revoked, and have an official reprimand placed in his employment file for making misrepresentations to the investigation team and violating command policies on abusive behavior and failure to report abuse.
The legal battle. Several of the former detainees filed a lawsuit against CACI in 2008, alleging the contractor violated the Alien Tort Statute (ATS) and Virginia law. The ATS is a U.S. law that allows foreign citizens—referred to as aliens—to sue in U.S. federal courts for acts committed in violation of international law or U.S. treaties.
After years of legal proceedings and a mistrial, the Suhail Al Shimari, Al-Ejaili, and Asa’ad Al-Zuba’e had their case finally appear before a jury in 2024. During the trial, Taguba read portions of his official report that mentioned the conduct of two CACI contractors at Abu Ghraib. The behavior Taguba read aloud included that one of the contractors allowed and instructed military police, “who were not trained in interrogation techniques, to facilitate interrogations by ‘setting conditions’ which were neither authorized and in accordance with applicable regulations or policy. He clearly knew his instructions equated to physical abuse.”
The jury ultimately decided that CACI was liable for conspiring to commit torture and conspiracy to commit cruel, inhuman, and degrading treatment (CIDT) of detainees at Abu Ghraib. The jury awarded each of the three plaintiffs $3 million in compensatory damages and $11 million in punitive damages.
CACI appealed the jury’s decision, claiming that it could not be held liable in a U.S. district court for criminal conduct that took place outside of the United States and outside U.S. control.
U.S. Senior Judge Henry F. Floyd, writing for the majority, pushed back on CACI’s arguments. Floyd wrote that conduct in Iraq’s detention centers at the end of 2003 can be considered within the territorial jurisdiction of the United States because the United States had “complete jurisdiction and control” over Abu Ghraib in late 2003.
Corporate responsibility. The judge also touched on CACI’s corporate requirements under international norms to implement training, distribute appropriate interrogation protocols, and intervene to stop inappropriate interrogation activity to prevent torture. Floyd wrote that CACI’s conduct in the domestic United States was “in and of itself a violation of international treaty obligations with respect to torture” and the company can be held liable for it.
In the appeal, CACI argued that it was unlawful to hold the company criminally accountable under the ATS for conspiracy for the abuse at Abu Ghraib. The company alleged that allowing the jury decision to stand would negatively affect foreign relations. Floyd, citing international laws used to prosecute Nazi war criminals and genocide in Rwanda, strongly disagreed.
“Indeed, we cannot imagine a statement more offensive to the arena of foreign relations than to proclaim that courts of the United States may not provide a remedy to foreign nationals who were tortured by members of the U.S. military as part of a conspiracy to extract intelligence using universally condemned means of interrogation,” Floyd explained. “Rather, our decision is in furtherance of an ‘important American national interest’ in ‘preventing the United States from becoming a safe harbor (free of civil as well as criminal liability) for a torturer or any other common enemy of mankind.’”
CACI also argued that since the United States is entitled to sovereign immunity, CACI is entitled to derivative sovereign immunity because it was a federal contractor working for the U.S. Department of Defense in Iraq. Floyd, once again, challenged this argument by questioning if CACI’s conduct was actually authorized by the U.S. government. Only then could it potentially be sheltered from liability by sovereign immunity protections.
CACI did not respond to Security Management’s request for comment on this story. But in a company statement published on its website on 13 March, it said it was deeply disappointed by the appellate court’s ruling and that it disagrees with the decision.
“As we have consistently stated, CACI was not involved in or affiliated with any wrongdoing at Abu Ghraib,” the statement said. “No CACI employee has ever been charged—criminally, civilly, or administratively—in connection with the abuses by military personnel that occurred at Abu Ghraib. The military personnel liable for those egregious acts were court-martialed and punished nearly two decades ago.”
The path forward. It was a lengthy court battle to get to this point. But there appears to be another clash that could potentially eradicate the appeals court ruling.
The U.S. Supreme Court is set to hear a case, Cisco Systems v. Doe, to consider if aiding and abetting claims can be brought under the ATS. The Court will determine if members of the Falun Gong religion in China can sue Cisco Systems—a U.S. company—and two of its executives for their role in developing and selling to the Chinese government a surveillance and internal-security system, which the government then used to find and interrogate religious practitioners.
“Although the claims in Al Shimari are for conspiracy rather than aiding and abetting, they are still accessory liability claims,” wrote Willam S. Dodge for Just Security. “If Cisco rejects aiding and abetting liability under the ATS, I could easily imagine the Court vacating the Fourth Circuit and remanding for reconsideration.”
Dodge is the Lobinger professor of comparative law and jurisprudence at George Washington Law School and served as a counselor on international law to the legal adviser at the U.S. Department of State from 2011 and 2012. In his article, he added that in a worst-case scenario, the Court could limit the ATS to 18th century violations of the law of nations—safe conduct, infringement of ambassadors’ rights, and piracy.
“Cisco has asked the Supreme Court to do just that, and I count four votes in favor,” Dodge explained. “Such a holding would foreclose the plaintiffs’ conspiracy claims against CACI—and, indeed, all human rights claims against corporations under the ATS.”
Arguments for the Cisco case are scheduled for 28 April 2026, with an opinion to be issued by the end of the Court’s public session in early July.
Other News of Note
Digital Omnibus moves slowly forward. Two European Parliament committees voted to delay rules on high-risk artificial intelligence (AI) systems to 2 December 2027 to allow more time for key standards to be developed. The committees also voted in favor of creating more time for AI system providers to comply with rules on watermarking AI-created audio, image, video, or text content to indicate its origin. They proposed pushing those rules back just until 2 November 2026. The negotiations are part of a Digital Omnibus process to amend the EU AI Act’s requirements to address implementation issues and reduce regulatory burdens.
Unity, required. China’s legislature approved the Law on Promoting Ethnic Unity and Progress, which makes ethnic unity a responsibility of everyone in society—including business owners, the government, and family units. It creates a number of requirements to carry out this agenda, like requiring Mandarin to be the language of educational instruction, but below we’ll focus on a few that affect the business community most.
The law prohibits information with content that undermines ethnic unity and progress, such as ethnic hatred or ethnic discrimination, and it bans organizations from producing or transmitting this content in text, image, or video format. The law also requires businesses and organizations to include requirements of “forging a strong sense of community of the Chinese people” in operations training, cultural construction, and other activities to promote ethnic unity and progress, according to an English translation of the law.
As part of the overhaul, the law criminalizes organizing, planning, or carrying out violent terrorist activities, ethnic division, or religious extremism. Individuals who are found to be inciting or financing this type of conduct can also be charged with a crime.
The law goes into effect on 1 July 2026 and applies to organizations and individuals inside and outside of the mainland territory of the People’s Republic of China (PRC). The application measure mirrors a clause in China’s National Security Law, which the PRC has used to prosecute people outside of mainland China for perceived secession or subversion.
Assassination case goes to trial. The trial of four men accused of conspiring to hire a hit squad of former Colombian soldiers to kill former Haitian President Jovenel Moïse in 2021 is underway in Miami.
The defendants are “Arcángel Pretel Ortiz, 53, a former FBI informant, Colombian national, and U.S. permanent resident; Antonio Intriago, 62, the Venezuelan-American owner of a Doral security company that hired Pretel; James Solages, 40, a Haitian-American handyman who also worked for Intriago, and Walter Veintemilla, 57, an Ecuadorian American that prosecutors say helped finance the plan targeting Moïse,” according to The Miami Herald, which is providing daily updates of the trial that is expected to last two months.
Ortiz, Intriago, Solages, and Veintemilla are charged with conspiracy to kidnap and kill a person outside the United States. They are just four of nearly a dozen people who have been charged in relation to the assassination of Moïse.
There’s a new fraud force in town. The UK released a new fraud strategy that includes working with telecommunications providers to deny fraudsters access to their systems. The UK Home Office will work with law enforcement, intelligence agencies, and industry on creating “proportionate measures to reduce anonymity and strengthen accountability” in the UK communications sector. The Home Office will also develop options to create a centralized repository that provides real-time information on the status and ownership of telephone numbers, allowing telecommunications companies to trace the origin of suspicious activity and block fraudulent calls before they reach victims.
Britain is taking this approach after the secretary of state’s office assessed that one in 14 adults were victims of fraud in the past year, which resulted in £14.4 billion ($19 billion) in economic and social costs in England and Wales between 2023 and 2024.
A new, confirmed, NSA chief. The U.S. Senate confirmed General Joshua Rudd to lead the National Security Agency and U.S. Cyber Command. The major security agencies were without a confirmed leader for almost a year after U.S. President Donald Trump abruptly fired former director General Timothy Haugh and his deputy, Wendy Noble, in April 2025.
Speed Reads
Court Cases
Assassination. A Brussels court ruled that 93-year-old retired diplomat Étienne Davignon must stand trial for his alleged role in the 1961 assassination of the first Congolese prime minister, Patrice Lumumba. Prosecutors charge that Davignon was part of a group that organized Lumumba’s kidnapping and murder as part of a coup after the Democratic Republic of Congo gained independence from Belgium.
Corporate liability. The family of a victim of the Tumbler Ridge, Canada, mass shooting sued OpenAI, claiming the company failed to alert authorities about the shooter’s prompts in its ChatGPT product related to violence. The lawsuit also alleges that ChatGPT equipped the shooter with information, guidance, and assistance to plan a mass casualty event.
Cybercrime. United Arab Emirates (UAE) authorities charged 20 people, including a British man, with violating its cybercrime laws because they filmed and posted material online related to Iranian attacks on the UAE.
Gambling. The U.S. state of Arizona’s attorney general filed the first criminal charges against prediction market Kalshi, accusing it of running an illegal gambling business. The 20-count indictment alleges that Kalshi accepted bets from Arizona residents on a range of events, including professional and college sporting contests, whether a voter ID act would become law, and the 2026 Arizona governor’s race.
Informed consent. A Luxembourg court overturned a €746 million fine against Amazon for a data protection violation and referred the case to the National Commission for Data Protection to review. The ruling stems from complaints that Amazon did not explicitly ask for consent before processing EU residents’ data, even though the company informed users of the data it collects and how it processes that data.
Use of force. A U.S. federal jury awarded $667,000 in damages to eight Muslim men incarcerated in Missouri that state correctional officers pepper-sprayed while they were praying. The men were handcuffed, pepper-sprayed, and placed in solitary confinement after completing their religious activities in a housing area. The officers were convicted of using excessive force and violating the men’s constitutional right to practice their religion.
Deportations. The U.S. Court of Appeals for the First Circuit paused a lower court ruling, allowing the Trump administration to continue its practice of deporting immigrants to countries other than their home nation while a lawsuit is under review.
Regulations
AI governance. The U.S. General Services Administration closed an open comment period for a proposed clause that addresses governance gaps in federal procurement of AI. The clause would prohibit vendors from implementing usage constraints or policy refusals that prohibit lawful government use of AI systems.
Fraud prevention. Major League Baseball signed a memorandum of understanding with the U.S. Commodity Futures Trading Commission, which creates a framework for the two to discuss, cooperate, and exchange information on protecting the integrity of professional baseball and prediction markets.
Privacy compliance. PlayOn Sports will pay a $10 million fine as part of a settlement with the California Privacy Protection Agency Board. The privacy regulator found that PlayOn sports forced Californians to agree to a tracking technology to deliver targeted advertising when accessing high school sports-related activities without providing a sufficient way to opt out.
Supply chain. The U.S. Federal Motor Carrier Safety Administration issued a final rule that limits eligibility to obtain a non-domiciled commercial driver’s license (CDL). Only people with H-2A, H-2B, and E-2 immigrant status who undergo enhanced vetting can get a CDL, which allows them to legally drive semitrucks. Supply chain experts predict that the new rule will cut about 200,000 drivers from the industry over the next five years as their current credentials expire.
Legislation
Surveillance. U.S. Senators Ron Wyden (D-OR) and Mike Lee (R-UT) introduced a bill that would require the FBI to obtain a warrant before buying Americans’ personal information from data brokers.
Scam centers. Cambodia’s Cabinet approved legislation that allows the government to go after scam centers. The new law creates prison and financial penalties for individuals who organize or direct a technology fraud site; engage in human trafficking, violence, detention, or confinement; or kill a worker at a scam center.
Thanks for reading! We’ll be back with more legal analysis in May!
What security-related regulatory developments are you following? Please email your thoughts to [email protected].
Megan Gates is the senior editor at Security Management. Connect with her via email or on LinkedIn.
