A U.S. federal judge ruled against NSO Group, the Israeli company behind the controversial Pegasus spyware, in a lawsuit brought by Meta’s WhatsApp. District Judge Phyllis Hamilton concluded that NSO Group violated multiple U.S. hacking laws and WhatsApp’s terms of service, a decision that marks a significant milestone in the global fight against spyware misuse.
Read More: WhatsApp makes group alerts easier than ever
The case centers on allegations that NSO used WhatsApp servers to infiltrate approximately 1,400 mobile devices during a two-week period in May 2019. The targets included journalists, human rights activists, political dissidents, senior government officials, and diplomats. Pegasus spyware is infamous for its ability to access encrypted messages, remotely activate microphones and cameras, and track users’ locations.
Violation of U.S. Hacking Laws
Judge Hamilton’s ruling found NSO Group in breach of the U.S. Computer Fraud and Abuse Act (CFAA) and California’s Comprehensive Computer Data Access and Fraud Act. She also upheld WhatsApp’s claims of contract violations. NSO’s defense—that it merely provides tools for government clients and is not directly responsible for their use—was rejected. Evidence demonstrated that NSO actively participated in the installation and operation of Pegasus spyware.
The judgment dismissed NSO’s argument that it had reverse-engineered WhatsApp’s software prior to accepting its terms of service. The court deemed this claim implausible, emphasizing that NSO must have agreed to the terms to access and exploit the platform.
Sanctions for Non-Compliance
NSO’s repeated failure to comply with court-ordered discovery, particularly regarding the source code of Pegasus spyware, led to additional sanctions. The company offered to make the source code available in Israel under conditions deemed “impracticable” by the court, further undermining its credibility.
Implications for the Tech Industry
The ruling has far-reaching implications for tech companies and privacy advocates. WhatsApp’s parent company, Meta, described the decision as a victory for privacy, emphasizing that spyware companies cannot evade accountability for illegal actions. Will Cathcart, head of WhatsApp, stated, “This ruling is a huge win for privacy and a warning to surveillance companies worldwide.”
The case has garnered support from other tech giants, including Apple and Amazon. Apple had previously filed a similar lawsuit against NSO but dropped it in September. Industry experts predict the ruling will serve as a precedent, deterring other spyware firms from entering the U.S. market and discouraging investors from backing such operations.
Upcoming Trial on Damages
While the summary judgment resolves NSO’s liability, a jury trial scheduled for March 2025 will determine the damages owed to WhatsApp. Legal experts anticipate the case to set a benchmark for monetary penalties in cases involving corporate misuse of spyware.
Global Repercussions
NSO Group has faced mounting scrutiny for its spyware’s role in human rights abuses and authoritarian surveillance worldwide. The U.S. Department of Commerce blacklisted the company in 2021, prohibiting American entities from engaging with it. The judgment reinforces the message that even powerful surveillance firms cannot operate with impunity.
Read More: WhatsApp QR codes transform channel sharing
John Scott-Railton, a senior researcher at Citizen Lab, which has extensively investigated Pegasus, described the ruling as a watershed moment. “This is the most-watched case about mercenary spyware,” he said, predicting a “chilling effect” on similar firms and their investors.