Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Unlock Editor’s Digest for free
Roula Khalaf, editor of the FT, picks her favorite stories in this weekly newsletter.
WhatsApp has won a US lawsuit against Israeli spyware maker NSO Group for misusing the messaging app to hack into the phones of journalists, activists and dissidents with NSO’s Pegasus hacking tool.
A judge in the Northern District of California ruled Friday that NSO violated the Hacking Act and the terms of its service agreement with WhatsApp by using the messaging platform to inject more than 1,000 devices with its Pegasus spyware.
The ruling in the civil case does not address the rights of people whose phones have been hacked, but it does hand a victory for tech groups to protect their platforms from abuse targeting their users.
It’s also a win for Apple, Amazon and other tech giants that backed WhatsApp.
Judge Phyllis Hamilton ruled, “The court finds no merit in the arguments advanced by the NSO Group”. Summary judgment means that an upcoming trial will cover only the question of damages, whether the NSO can be held liable for its actions.
“After five years of litigation, we are grateful for today’s decision,” WhatsApp said. “NSO can no longer avoid accountability for their unlawful attacks on WhatsApp, journalists, human rights activists and civil society.”
NSO Group did not immediately respond to a request for comment.
Pegasus can read encrypted messages stored on a phone, remotely activate its camera and microphone, and track its location. Its use has been linked to human rights abuses and the US Commerce Department has blacklisted the Israeli company.
The legal case was launched after a 2019 Financial Times Report This coincided with WhatsApp’s discovery that its services had been hacked by NSO and Pegasus.
The ruling said that the NSO Group did not dispute that hacking the phone would “require reverse-engineering and/or decompiling the WhatsApp software”, but raised the possibility of doing so before agreeing to WhatsApp’s terms of service.
However, the judge found, “common sense dictates that [NSO] WhatsApp had to gain access to the software first, and NSO offered “no reasonable explanation” for how it could do so without agreeing to the terms of service. It ruled in favor of WhatsApp’s claim that NSO violated federal and state hacking laws.
The judge also found that NSO had “repeatedly failed to produce relevant discovery”, including in relation to the Pegasus source code.
“It sets a precedent that will be cited for years to come,” said John Scott-Relton, a researcher at the University of Toronto’s Citizen Lab who has investigated the use of Pegasus.
“This is the most seen case of mercenary spyware and everyone is going to take note. I predict this will have a chilling effect on other shady spyware companies’ attempts to enter the US market and investors’ willingness to support their hacking,” he said.
