Supreme Court Denies NSO Group’s Attempt To Avoid Lawsuit Filed By WhatsApp
from the better-prep-for-a-settlement,-NSO dept
A couple of years before criticism of Israel-based NSO Group reached critical mass, the malware merchant was sued by WhatsApp. According to the messaging service (now owned by Meta), its servers were used (without its permission and in violation of the terms of service) to deliver powerful spyware to targets of NSO Group customers (which included a disturbingly large number of habitual human rights abusers).
As the lawsuit moved forward, things got interesting. Court filings revealed NSO’s malware had been delivered via WhatsApp servers located in California. (Much later, it was discovered this was the result of the FBI performing a test drive of a Pegasus variant offered by NSO that would allow the targeting of US phone numbers — something that isn’t an option with the standard spyware.) Filings also showed current FBI director Chris Wray (who won’t shut the fuck up about encryption despite his deliberate refusal to be intellectually honest about his proposed “solutions”) was a defender of encryption when he was still in the private sector, advocating on WhatsApp’s behalf during a legal battle with the DOJ, which hoped to force WhatsApp to weaken encryption to facilitate DOJ wiretap orders.
NSO Group claimed it was immune from this lawsuit for a couple of reasons. First, it said it could not be held directly responsible for the actions of its customers. If courts decided it could be held responsible for irresponsible malware sales to questionable governments, the company raised a secondary defense: it was entitled to sovereign immunity if the court decided NSO was a suitable litigation stand-in for its foreign customers.
Neither argument worked. In November 2021, the Ninth Circuit Appeals Court denied sovereign immunity to NSO Group, pointing out very reasonably that NSO is not a “foreign state.” It is a foreign company, but that’s not nearly the same thing as being a foreign entity worthy of immunity. The appeal was denied, preventing NSO Group from escaping this lawsuit.
Another appeal followed. NSO Group asked the Supreme Court to review this denial by the Ninth Circuit. The Supreme Court, in its most recent cert order [PDF], has decided NSO Group hasn’t raised an issue it feels like addressing. (h/t The Register)
NSO Group will have to continue facing WhatsApp’s lawsuit. Adding 18 months of disturbing revelations, sanctions, investigations, additional lawsuits, and negative press to the proceedings definitely isn’t helping NSO’s case. It made poor decisions about who to sell to, something that may have been aggravated by the Israeli government’s attempts to convert a private company into a tool of international diplomacy.