Microsoft, Google, and a host of other companies and organisations have come out in support of Facebook’s legal case against Israeli firm NSO Group. The two companies, along with Cisco, LinkedIn, VMWare and the Internet Association, filed an amicus brief in Facebook’s support, calling NSO Group’s business model “dangerous”.
NSO Group sells the controversial “Pegasus” software, which could be used to exploit a since-then fixed vulnerability in WhatsApp to plant it on a target’s device. WhatsApp had informed 1,400 of its users, including 121 Indians, that were affected by this attack. NSO Group, for its part, has always maintained, including in responses to MediaNama, that it sells its products only to governments and authorised intelligence agencies.
Announcing the filing of the amicus brief in a blog post, Microsoft took objection to the “legal immunity” argument of NSO Group. It said the company is “attempting to cloak itself in the legal immunity afforded to its government customers, which would shield it from accountability when its weapons inflict harm on innocent people and businesses”. It said that the legal immunity would enable NSO Group and other “private-sector offensive actors (PSOA)” to continue their “dangerous business” without legal rules, responsibilities or repercussions. Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, said Microsoft.
- ‘Such tools will fall into wrong hands’: The companies argued that the presence of tools such as Pegasus increases the risk of their falling into wrong hands. Previously, it said, such tools only existed with counties with well-funded agencies. Even then, these tools got into the hands of “other government” who used them in attacks like WannaCry and NotPetya. “Lowering the barrier for access to these weapons would guarantee such catastrophes would be repeated.”
- ‘Private sector doesn’t follow same rules as government’: Governments with offensive cyber capabilities still have the need to protect their citizens. Hence, when a vulnerability is discovered, they may share it with the provider to patch it up. However, private companies like NSO Group, the companies said, are only interested in keeping these vulnerabilities to themselves to profit by exploiting them.
- ‘Companies like NSO Group threaten human rights’: The companies said that tools sold by PSOAs like NSO Group are being used to spy on human rights defenders, journalists and others. “Privacy is fundamental to the ability of journalists to report, of dissidents to speak their voices and of democracy to flourish and these tools threaten their rights and their lives,” they said.
- Of the 121 Indians targeted using Pegasus, at least 22 were activists, lawyers and scholars, most of them involved in the Bhima Koregaon case. NSO Group’s software has, per a Citizen Lab report, been used to target civil society in Morocco, Mexico and several other countries.
Earlier last month, NSO Group made a fresh bid to get Facebook’s lawsuit against it dismissed, banking on the “foreign sovereign immunity” arguments. The company told an American appeals court that NSO’s foreign-state customers decide how to use Pegasus, and hence Facebook was trying to “meddle in the sovereign affairs” of other nations.
Also read:
- NSO Group Renews Bid To Get WhatsApp Lawsuit Dismissed
- All you need to know about NSO Group and its Pegasus spyware
- WhatsApp sues Israeli spyware company NSO Group for planting spyware in users’ devices
- Israeli court rejects Amnesty’s lawsuit asking for revocation of NSO Group’s export licence
- Amnesty sues Israeli Defence Ministry over Pegasus in May 2019; Israel minister denies involvement
- NSO Group pitched proto-Pegasus to San Diego Police; investigation against buyers of Pegasus in Ghana, Mexico