Israeli spyware company NSO Group has been permanently blocked from targeting WhatsApp or its users by a US court, although the damages award was significantly reduced.
The Israeli spyware company NSO Group received a permanent injunction on its efforts to break into WhatsApp for causing “irreparable harm,” which represents a significant development for WhatsApp owner Meta, which has spent the last six years trying to “hold NSO accountable”.
“We applaud this decision that comes after six years of litigation to hold NSO accountable for targeting members of civil society. It sets an important precedent that there are serious consequences to attacking an American company,” Will Cathcart, the head of WhatsApp, said.
US District Court Judge Phyllis Hamilton also ruled that the initial award of the punitive damages it owes Meta in the amount of about $168m was excessive, saying that the court did not have “sufficient basis” for such a decision.
“There have simply not yet been enough cases involving unlawful electronic surveillance in the smartphone era for the court to be able to conclude that defendants’ conduct was ‘particularly egregious’,” Hamilton wrote.
The final damages award was slashed to $4 million, “capped at 9/1”. It relates to the company’s Pegasus spyware tool, marketed for law enforcement to fight crime and terrorism, which can control a phone’s microphones and cameras, as well as extract the personal and location data of its owner.
Spying on WhatsApp users
According to the evidence presented during the trial, NSO reverse-engineered WhatsApp code to install its Pegasus spyware on users’ phones. Going forward, it repeatedly redesigned and adjusted the tool to bypass security protections.
“Part of what companies such as WhatsApp are ‘selling’ is informational privacy, and any unauthorised access is an interference with that sale,” Hamilton said.
Curious what others think about this story? Contribute your thoughts to the debate below.
NSO claims that it only sells Pegasus to government law enforcement and intelligence agencies. However, in a lawsuit filed in a California federal court in late 2019, Meta accused the company of attempting to infect about 1,400 devices to target journalists, lawyers, and human rights activists, committing cyber espionage.
This statement was supported by independent experts and investigations, including those by Amnesty International, which also claimed that nation-states with low levels of human rights protection had been using Pegasus to target activists and their opponents.
Meta has reportedly asked to extend the injunction to its other services like Facebook, Instagram, and Threads, but Hamilton ruled that there wasn’t currently enough evidence to suggest that similar harm was done on other platforms.
According to Reuters, NSO has previously claimed that such an injunction would “put NSO’s entire enterprise at risk" and "force NSO out of business.”
The company has recently been bought by a US investment group led by Hollywood producer Robert Simonds, although an NSO spokesperson said that it will continue to be fully supervised and regulated by the relevant Israeli authorities.
Your email address will not be published. Required fields are markedmarked