It’s a lawsuit WhatsApp originally filed in 2019, accusing the Israeli software surveillance firm NSO Group of hacking and spying on more than a thousand WhatsApp users. But while much of the case has remained shrouded in mystery, a new decision from the 9th Circuit Court of Appeals allowing the suit to move forward should shed rare light on the secretive spyware group.
The case will now go back to the district court from whence it came and can move to the discovery process, where lawyers for Facebook and WhatsApp—as well as lawyers for NSO Group—can start spilling information about the spying in this case.
In its decision on Monday, the court took particular issue with NSO Group’s unusual argument to avoid scrutiny. NSO Group had said it planned to argue “sovereign immunity” in the case, and therefore couldn’t possibly carry on since, in NSO Group’s reasoning, the fact that the spyware firm sold products to governments should make it immune to facing justice in the United States.
ADVERTISEMENT
The judge who wrote the opinion declared that NSO Group’s proposed defense was, essentially, hogwash, according to court filings.
“Whatever NSO’s government customers do with its technology and services does not render NSO an agency or instrumentality of a foreign state,’ as Congress has defined that term,” the judge said. “Thus, NSO is not entitled to the protection of foreign sovereign immunity. And that is the end of our task.”
Experts say the decision could have massive implications for unraveling the secrets of the business behind NSO’s spyware hacking, as it stares down accusations around the globe that it has sold products to authoritarian regimes and despots, enabling intrusive surveillance and spying on journalists, activists, and dissidents. NSO Group has been throwing up a hall of mirrors every time it’s accused of perpetuating or turning a blind eye to surveillance abuses around the world, and now its shady dealings behind the scenes may finally come tumbling out in these court proceedings.
NSO Group has previously claimed that it only sells its products to governments and law enforcement agencies tracking down criminals. But investigations from security researchers and human rights groups have found NSO Group’s notorious Pegasus spyware on the phones of journalists and dissidents around the globe.
Discovery is likely to reveal once and for all just how wide-reaching and intrusive NSO Group’s spyware operations have been, said John Scott-Railton, a senior researcher at the Citizen Lab, which has been investigating NSO products’ use against victims for years.
“For years victims have been trying to hold NSO accountable and NSO has been claiming that it answers to no one,” Scott-Railton told The Daily Beast. “Today the U.S. Court of Appeals has made it very clear NSO is going to have to answer to WhatsApp for this case. NSO is going to have to have some answers for what happened.”
Scott-Railton continued that NSO was between “a hard place and a hard place,” and that discovery for any kind of spyware company would be “unprecedented and disastrous,” given the secrecy NSO tries to offer and its potential shadiness.
NSO Group frequently claims it has no visibility into the targets of its clients, while also claiming it can probe into the targets or block certain spyware operations. Human rights activists and cybersecurity specialists have long argued both cannot be true.
And now, according to Natalia Krapiva, the technology legal counsel at the digital human rights group Access Now, the truth might finally come out.
“Going into discovery would definitely [be] a blow to NSO because their entire business model is dependent on secrecy and deception. We have heard NSO claiming again and again that they have no way of knowing what their clients are doing or that certain targets are off limits for their technology,” Krapiva said. “The discovery is likely to uncover not only more information about how much NSO knows about Pegasus targets, but also the reckless disregard with which NSO has been acting towards the innocent victims of their technology, including journalists, activists, and regime critics.”
NSO Group did not immediately return a request for comment.
NSO Group could always opt to try its hand at taking this case all the way to the Supreme Court. But that would likely be fruitless, according to Krapiva, as the Supreme Court would be unlikely to hear the case and would probably side with the government.
The news comes as NSO Group is getting beaten back in every which way—to the delight of human rights activists and victims alike.
Just last week, the U.S. announced sanctions against NSO Group, adding it to the U.S. “entity list,” and noting the company had acted “contrary to the national security or foreign policy interests of the United States.”
Weeks earlier, an investigation from tech companies and multiple news outlets revealed the names of high-profile politicians, policymakers, royalty, and activists that are on a likely list of NSO Group surveillance targets, embroiling NSO in an international scandal. And new testimonials about NSO Group product hacking going haywire are surfacing by the hour; just on Monday, several new allegations came to light that NSO Group spyware was used to hack and spy on Palestinian rights activists.
The Mexican government also announced on Monday that it had arrested a businessman, named in press reports as Juan Carlos García Rivera, for his alleged role using NSO Group’s Pegasus spyware to hack a journalist.