A U.S. court has ruled in favor of WhatsApp in its legal battle against NSO Group, marking a pivotal moment for privacy rights. The decision holds NSO accountable for using its Pegasus spyware to hack WhatsApp servers and target high-profile individuals. WhatsApp’s leadership and cybersecurity advocates have hailed the judgment as a triumph for accountability and a warning to surveillance companies worldwide: illegal spying won’t be tolerated.
BY PC Bureau
In a verdict that is bound to resonate across India’s political spectrum, a U.S. judge ruled on Friday in favor of Meta Platforms’ WhatsApp in a high-profile lawsuit accusing Israel’s NSO Group of exploiting a vulnerability in the messaging app to install Pegasus spyware, enabling unauthorized surveillance.
Opposition leaders and journalists have also accused the Central government of using Pegasus spyware to hack into their mobile phones.
U.S. District Judge Phyllis Hamilton in Oakland, California, granted a motion by WhatsApp, finding NSO liable for hacking and breach of contract. The case will now move forward to a trial focused exclusively on damages, Hamilton stated. NSO Group did not immediately respond to an emailed request for comment.
Will Cathcart, the head of WhatsApp, hailed the decision as a significant victory for privacy.
“We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions,” Cathcart said in a social media post.
“Surveillance companies should be on notice that illegal spying will not be tolerated.”
BREAKING: NSO Group liable for #Pegasus hacking of @WhatsApp users.
Big win for spyware victims.
Big loss for NSO.
Bad time to be a spyware company.
Landmark case. Huge implications. 1/ 🧵 pic.twitter.com/hLvEipf6np
— John Scott-Railton (@jsrailton) December 21, 2024
A WhatsApp spokesperson expressed gratitude for the ruling, stating, “We’re proud to have stood up against NSO and thankful to the many organizations that were supportive of this case. WhatsApp will never stop working to protect people’s private communication.”
https://x.com/jsrailton/status/1870271177584963627
The judgment was also welcomed by cybersecurity experts. John Scott-Railton, a senior researcher with Canadian internet watchdog Citizen Lab — which first exposed the Pegasus spyware in 2016 — described the decision as a landmark ruling with “huge implications for the spyware industry.”
“The entire industry has hidden behind the claim that whatever their customers do with their hacking tools, it’s not their responsibility,” Scott-Railton said in an instant message. “Today’s ruling makes it clear that NSO Group is in fact responsible for breaking numerous laws.”
WhatsApp initially filed the lawsuit in 2019, seeking an injunction and damages. The platform accused NSO of unauthorized access to its servers six months earlier to install Pegasus software on the mobile devices of 1,400 individuals. Victims included journalists, human rights activists, and dissidents.
NSO has consistently argued that Pegasus is a tool to help law enforcement and intelligence agencies combat crime and threats to national security, claiming its technology is designed to target terrorists, pedophiles, and hardened criminals.
In 2020, NSO sought “conduct-based immunity,” a common law protection for foreign officials acting in their official capacities, but a trial judge rejected the claim. The 9th U.S. Circuit Court of Appeals upheld that decision in 2021, describing the case as straightforward. The court ruled that merely licensing Pegasus and providing technical support did not shield NSO from liability under the Foreign Sovereign Immunities Act, which supersedes common law.
The U.S. Supreme Court declined to hear NSO’s appeal in 2022, leaving the lower court’s decision intact and allowing the lawsuit to proceed. The upcoming trial on damages will be a critical step in holding the spyware company accountable.
