A U.S. judge ruled in favor of Meta Platforms’ WhatsApp on Friday, finding the Israeli spyware firm NSO Group liable for exploiting a bug in the messaging app to install its Pegasus surveillance software. The ruling, delivered by U.S. District Judge Phyllis Hamilton in Oakland, California, paves the way for a trial to determine damages.
WhatsApp Secures a Major Privacy Victory
Judge Hamilton granted WhatsApp’s motion, concluding that NSO violated hacking laws and breached its contractual agreements. The decision marks a significant milestone in a lawsuit WhatsApp filed in 2019. The platform accused NSO of unauthorized access to its servers six months earlier, installing spyware on the devices of 1,400 individuals, including journalists, human rights activists, and dissidents.
Will Cathcart, head of WhatsApp, celebrated the ruling as a critical step in defending user privacy. “We firmly believe spyware companies cannot hide behind immunity or evade accountability for unlawful actions,” Cathcart said on social media. He also issued a stern warning to surveillance companies, declaring that illegal spying would not be tolerated.
A WhatsApp spokesperson expressed gratitude for the decision, emphasizing the platform’s commitment to protecting private communication. “We’re proud to have stood against NSO and thankful for the support of many organizations throughout this case,” the spokesperson said.
Experts Hail the Ruling as a Landmark Moment
Cybersecurity experts applauded the judgment for its potential to reshape the spyware industry. John Scott-Railton, a senior researcher with Citizen Lab — the organization that first exposed NSO’s Pegasus spyware in 2016 — described the decision as a turning point.
“This ruling sends a clear message that spyware companies are responsible for their actions and cannot deflect blame onto their customers,” Scott-Railton said. He added that the judgment has “huge implications for the entire spyware industry,” which has long claimed immunity from liability for how their tools are used.
NSO’s Defense and Legal Setbacks
NSO argued that its Pegasus software aids law enforcement and intelligence agencies in combating crime, terrorism, and other threats to national security. However, WhatsApp alleged that NSO accessed its servers without permission, installing spyware to enable widespread surveillance.
NSO sought “conduct-based immunity,” a legal protection often granted to foreign officials acting in their official capacity. However, U.S. courts rejected this argument. The 9th U.S. Circuit Court of Appeals upheld the decision in 2021, ruling that NSO’s licensing of Pegasus and its technical support services did not qualify for immunity under the Foreign Sovereign Immunities Act.
The U.S. Supreme Court declined to hear NSO’s appeal in 2022, allowing the case to move forward.
What’s Next for NSO and the Spyware Industry?
The case now proceeds to a trial focused on determining damages. Cybersecurity advocates view the ruling as a critical precedent, holding spyware firms accountable for their products’ misuse. As the trial unfolds, its outcome could significantly impact the future operations of surveillance companies and strengthen global efforts to safeguard digital privacy.
