Open Editor's Digest for free
Rula Khalaf, editor of the Financial Times, picks her favorite stories in this weekly newsletter.
WhatsApp has prevailed against Israeli spyware company NSO Group in a US lawsuit over NSO's misuse of the messaging app to hack the phones of journalists, activists and dissidents using the Pegasus hacking tool.
A judge in the Northern District of California ruled on Friday that NSO violated hacking laws and the terms of its service agreement with WhatsApp by using the messaging platform to inject more than 1,000 devices with its Pegasus spyware.
The ruling in this civil case did not address the rights of individuals whose phones were hacked, but it represents a victory for technology groups seeking to prevent the misuse of their platforms by groups targeting their users.
This is also a win for Apple, Amazon and other tech giants who have supported WhatsApp's cause.
Judge Phyllis Hamilton ruled that “the court sees no merit to the arguments advanced by NSO Group.” The summary judgment means that the upcoming trial will only cover the issue of damages, not whether NSO can be held liable for its actions.
“After five years of litigation, we are grateful for today’s decision,” WhatsApp said. “NSO can no longer avoid accountability for its unlawful attacks on WhatsApp, journalists, human rights activists and civil society.”
NSO Group did not immediately respond to a request for comment.
Pegasus can read encrypted messages stored on the phone, operate the camera and microphone remotely, and track its location. Its use has been linked to human rights violations, and the US Department of Commerce has blacklisted the Israeli company.
The legal case was launched following a 2019 Financial Times report a report This coincided with WhatsApp discovering that its services had been hacked by NSO and Pegasus.
The ruling said NSO Group did not dispute that it “must have reverse-engineered and/or decompiled the WhatsApp software” in order to hack the phones, but raised the possibility that it had done so before agreeing to WhatsApp's terms of service.
However, the judge found that “common sense dictates that NSO must first have gained access” to WhatsApp’s software and NSO provided “no reasonable explanation” as to how it could have done so without agreeing to the terms of service. It ruled in favor of WhatsApp's claim that NSO violated federal and state hacking laws.
The judge also found that NSO “repeatedly failed to make relevant discovery,” including regarding the Pegasus source code.
“This sets a precedent that will be cited for years to come,” said John Scott-Railton, a researcher at the University of Toronto's Citizen Lab who investigated the use of Pegasus.
“This is the most watched case about mercenary spyware and everyone will take notice. I expect this to have a negative impact on the efforts of other shady spyware companies to enter the US market, and on investor interest in supporting their hacking operations.”
