WhatsApp’s 2019 lawsuit against the NSO Group can now go ahead after a US Court dismissed the NSO Group’s immunity claims, according to a report in Reuters. The decision of the 9th US Circuit Court of Appeals in San Francisco was unanimous (3-0), the report added.
The Israeli company behind the Pegasus spyware had appealed against a decision passed in July 2020 refusing to award it “conduct-based immunity”. The case will return to the U.S. District Judge Phyllis Hamilton in Oakland, California, Reuters reported.
WhatsApp’s suit could set a precedent for holding spyware companies, which often operate in regulatory grey zones, accountable. The global implications of the decision may pave the way for a moratorium on spyware exports.
What did the ruling say?
NSO claimed it has immunity from lawsuits filed in U.S. courts under the Foreign Sovereign Immunity Act (FSIA) because it deals with foreign governments that use this technology to fight terrorism and other serious crimes.
But the appeals court explained that the NSO Group’s licensing of Pegasus and providing technical support made it liable under federal law because it takes precedence over common law, Reuters reported.
Whatever NSO’s government customers do with its technology and services does not render NSO an ‘agency or instrumentality of a foreign state. Thus, NSO is not entitled to the protection of foreign sovereign immunity. —Circuit Judge Danielle Forrest was quoted as saying by Reuters.
WhatsApp spokesman Joshua Breckman called the decision “an important step in holding NSO accountable for its attacks against journalists, human rights defenders and government leaders.”
Why did WhatsApp file a lawsuit against the NSO Group?
WhatsApp sued the NSO Group last year for exploiting a vulnerability in its app that allowed attackers to plant spyware in users’ phones just by ringing their target’s device. As many as 1,400 people including journalists, human rights activists, and dissidents were reportedly surveilled all over the globe.
Microsoft, Google, and a host of other companies and organisations came out in support of Facebook’s legal case. The two companies, along with Cisco, LinkedIn, VMWare and the Internet Association, filed an amicus brief in Facebook’s support, calling NSO Group’s business model “dangerous”.
Timeline of WhatsApp’s tussle with the NSO Group
May 2019: WhatsApp identifies a bug in its call function which had been reportedly exploited by Pegasus to snoop and collect data on phones.
September 2019: WhatsApp informs CERT-In that 121 Indian users were targeted by Pegasus through the vulnerability, adding that “the full extent of this attack may never be known”.
October 2019: WhatsApp sues the NSO Group in federal court under US state and federal laws, including the US Computer Fraud and Abuse Act.
April 2020: NSO seeks to dismiss the lawsuit stating that its dealings with foreign governments granted it immunity from lawsuits filed in U.S. courts on account of the Foreign Sovereign Immunity Act (FSIA).
July 2020: The court rejects the charge and rules that the lawsuit can go forward following which NSO said that it was reviewing the ruling.
Troubles compounding for the NSO Group
The NSO Group has been struggling to contain the fallout from the Pegasus expose conducted by a consortium of media houses this year. The investigation revealed a list of thousands of phone numbers believed to be purported targets of the spyware manufactured by the group.
Export restrictions: The US Government put export controls on four entities including the NSO Group and Candiru (Israel) by adding them to the Entity List following evidence that these entities developed and supplied spyware to foreign governments that used them to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” as per a press release by the US Department of Commerce.
Investigations by law enforcement: Several Israeli government officials visited the office of the NSO Group, as revealed by a statement from Israel’s Ministry of Defense. The officials were investigating revelations in news reports that the firm’s surveillance technology was used to target journalists, activists, politicians, and business executives, among others.
Lawsuits: Reporters Without Borders (RSF) plans to bring a lawsuit against the NSO Group in several countries after Pegasus was reportedly used to spy on journalists across the world, Daniel Bastard, Head of Asia-Pacific Desk at RSF had said in a television panel discussion.
Also read:
- Pegasus maker NSO Group and three others blocked from doing business with US firms
- NSO Group renews bid to get WhatsApp lawsuit dismissed
- NSO Group has ‘temporarily blocked’ several government clients from using its technology: Report
- A Guide to the NSO Group’s Pegasus Spyware in India
Have something to add? Post your comment and gift someone a MediaNama subscription.
