New Delhi:
Meta’s WhatsApp has claimed a major legal victory over NSO Group, the maker of Pegasus spyware, as a federal judge in the US has found the Israeli company liable under federal and California law for spyware hacks targeting around 1,400 WhatsApp user devices.
WhatsApp had earlier filed a lawsuit against NSO Group Technologies, accusing it of infecting and surveilling the phones of nearly 1,400 people through the Pegasus spyware over a two-week period in May 2019.
‘Huge win for privacy’
On Friday, US District Judge Phyllis Hamilton in Oakland, California ruled in favour of WhatsApp in its lawsuit accusing the Israeli firm of exploiting a bug in the messaging app to install spy software, thereby allowing unauthorised surveillance, Reuters reported.
Mr Hamilton has found NSO liable for hacking and breach of contract, stating that the case now proceeds to a trial only on the issue of damages.
“This ruling is a huge win for privacy. We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions,” said Will Cathcart, the head of WhatsApp, in a post on X.
“Surveillance companies should be on notice that illegal spying will not be tolerated. WhatsApp will never stop working to protect people’s private communication,” Cathcart added.
This ruling is a huge win for privacy.
We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions.
Surveillance companies should be on notice that illegal spying will…
— Will Cathcart (@wcathcart) December 21, 2024
The NSO Group, which is yet to respond to the court’s order, had earlier denied any wrongdoings in the case, stating that its products are used to fight crime and terrorism.
What’s the case?
WhatsApp in 2019 sued NSO seeking an injunction and damages, accusing it of accessing WhatsApp servers without permission six months earlier to install the Pegasus software on victims’ mobile devices. The lawsuit alleged the intrusion allowed the surveillance of 1,400 people, including journalists, human rights activists and dissidents.
NSO had argued that Pegasus helps law enforcement and intelligence agencies fight crime and protect national security and that its technology is intended to help catch terrorists, pedophiles and hardened criminals.
NSO appealed a trial judge’s 2020 refusal to award it “conduct-based immunity,” a common law doctrine protecting foreign officials acting in their official capacity.
Upholding that ruling in 2021, the San Francisco-based 9th US Circuit Court of Appeals called it an “easy case” because NSO’s mere licensing of Pegasus and offering technical support did not shield it from liability under a federal law called the Foreign Sovereign Immunities Act, which took precedence over common law.
The US Supreme Court last year turned away NSO’s appeal of the lower court’s decision, allowing the lawsuit to proceed.
Earlier this year, Hamilton had told the Israeli firm to provide WhatsApp with the source code of its spyware. However, the judge on Friday noted that the company failed to comply with the same. While the lawsuit was filed in California, the company only made its source code available to view by an Israeli citizen in Israel.
Various victims, identified by Meta, included senior government officials, diplomats, journalists, and human rights activists among others. It must be noted that the Joe Biden administration in the US had in 2021 blacklisted the NSO Group and forbid government agencies in the country from purchasing its products.
Tech giant Apple had earlier filed a similar case against the Israeli company, however, it dropped the case in September.
