Unlock Editor’s Digest for free
Roula Khalaf, editor of the FT, picks her favorite stories in this weekly newsletter.
WhatsApp has prevailed in a US lawsuit against Israeli spyware maker NSO Group because NSO misused the messaging app to use its Pegasus hacking tool to infiltrate the phones of journalists, activists and dissidents.
A judge in the Northern District of California ruled Friday that NSO violated hacking laws and the terms of its services agreement with WhatsApp by using the messaging platform to infect more than 1,000 devices with its Pegasus spyware.
The ruling in the civil case did not address the rights of the people whose phones were hacked, but it provides a victory for tech companies that want to prevent their platforms from being abused by groups that target their users.
It’s also a win for Apple, Amazon and other tech giants that have supported WhatsApp’s case.
“The court finds the arguments put forward by NSO Group to be without merit,” ruled Judge Phyllis Hamilton. The summary judgment means that an upcoming trial will only address the issue of damages and not whether NSO can be held liable for its actions.
“After five years of litigation, we are grateful for today’s decision,” WhatsApp said. “NSO can no longer avoid responsibility for its unlawful attacks on WhatsApp, journalists, human rights activists and civil society.”
NSO Group did not immediately respond to a request for comment.
Pegasus can read encrypted messages stored on a phone, remotely turn on its camera and microphone, and track its location. Its use has been linked to human rights abuses and the US Department of Commerce has blacklisted the Israeli company.
The litigation was initiated following a 2019 Financial Times report report This coincided with WhatsApp’s discovery that its services had been hacked by NSO and Pegasus.
The ruling said that NSO Group did not dispute that it “must have reverse engineered and/or decompiled the WhatsApp software” to hack phones, but raised the possibility that it did so before doing so I have agreed to WhatsApp’s terms of use.
However, the judge concluded that “common sense requires that (NSO) must have first gained access” to the WhatsApp software and that NSO provided “no plausible explanation” as to how it could have obtained this without agree to the terms of use. It ruled in favor of WhatsApp’s claim that NSO violated federal and state hacking laws.
The judge also found that NSO had “repeatedly failed to make relevant discoveries,” including regarding the Pegasus source code.
“This sets a precedent that will be cited for years to come,” said John Scott-Railton, a researcher at the University of Toronto’s Citizen Lab who has studied the use of Pegasus.
“This is the most watched mercenary spyware case and everyone will take note. “I expect this will have a chilling effect on the efforts of other shady spyware companies to penetrate the US market and on investor interest in supporting their hacking attacks,” he said.