Supreme Court Denies NSO Group’s Attempt To Avoid Lawsuit Filed By WhatsApp

from the better-prep-for-a-settlement,-NSO dept

A couple of years before criticism of Israel-based NSO Group reached critical mass, the malware merchant was sued by WhatsApp. According to the messaging service (now owned by Meta), its servers were used (without its permission and in violation of the terms of service) to deliver powerful spyware to targets of NSO Group customers (which included a disturbingly large number of habitual human rights abusers).

As the lawsuit moved forward, things got interesting. Court filings revealed NSO’s malware had been delivered via WhatsApp servers located in California. (Much later, it was discovered this was the result of the FBI performing a test drive of a Pegasus variant offered by NSO that would allow the targeting of US phone numbers — something that isn’t an option with the standard spyware.) Filings also showed current FBI director Chris Wray (who won’t shut the fuck up about encryption despite his deliberate refusal to be intellectually honest about his proposed “solutions”) was a defender of encryption when he was still in the private sector, advocating on WhatsApp’s behalf during a legal battle with the DOJ, which hoped to force WhatsApp to weaken encryption to facilitate DOJ wiretap orders.

NSO Group claimed it was immune from this lawsuit for a couple of reasons. First, it said it could not be held directly responsible for the actions of its customers. If courts decided it could be held responsible for irresponsible malware sales to questionable governments, the company raised a secondary defense: it was entitled to sovereign immunity if the court decided NSO was a suitable litigation stand-in for its foreign customers.

Neither argument worked. In November 2021, the Ninth Circuit Appeals Court denied sovereign immunity to NSO Group, pointing out very reasonably that NSO is not a “foreign state.” It is a foreign company, but that’s not nearly the same thing as being a foreign entity worthy of immunity. The appeal was denied, preventing NSO Group from escaping this lawsuit.

Another appeal followed. NSO Group asked the Supreme Court to review this denial by the Ninth Circuit. The Supreme Court, in its most recent cert order [PDF], has decided NSO Group hasn’t raised an issue it feels like addressing. (h/t The Register)

NSO Group will have to continue facing WhatsApp’s lawsuit. Adding 18 months of disturbing revelations, sanctions, investigations, additional lawsuits, and negative press to the proceedings definitely isn’t helping NSO’s case. It made poor decisions about who to sell to, something that may have been aggravated by the Israeli government’s attempts to convert a private company into a tool of international diplomacy.

The downside here is that WhatsApp is using the CFAA to pursue its claims against NSO. While it would seem obvious that utilizing WhatsApp’s servers and service to deliver malware violates terms of use agreements, this lawsuit asks courts to broadly define “unauthorized access” to include merely unexpected uses of WhatsApp. WhatsApp has the ability to shutter accounts that spread malware, including dummy accounts run by foreign government agencies. What it shouldn’t be doing is asking federal courts to expand already broad definitions of unauthorized access — something that has the potential to harm security researchers and their invaluable work.

Filed Under: , , , ,
Companies: meta, nso group, whatsapp

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Supreme Court Denies NSO Group’s Attempt To Avoid Lawsuit Filed By WhatsApp”

Subscribe: RSS Leave a comment
Jack (user link) says:

Supreme Court Rejects NSO Group's Motion To Dismiss WhatsApp Lawsuit

The Supreme Court has ruled against NSO Group’s attempt to dismiss a lawsuit filed against them by WhatsApp. The lawsuit alleges that NSO Group used WhatsApp’s servers to conduct illegal hacking operations and spy on human rights activists and journalists. The court’s decision allows the lawsuit to proceed, potentially leading to accountability for NSO Group and increased protection for digital privacy rights.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...