(Reuters) – A U.S. judge on Friday ruled in favor of Meta Platforms' (NASDAQ:) WhatsApp in a lawsuit accusing Israel's NSO Group of exploiting a bug in the messaging app to install spyware that enables unauthorized surveillance.
U.S. District Judge Phyllis Hamilton in Oakland, California, granted a motion by WhatsApp and found NSO liable for hacking and breach of contract.
The case will now go to trial only on the issue of damages, Hamilton said. NSO Group did not immediately respond to an emailed request for comment.
Will Cathcart, head of WhatsApp, said the ruling is a victory for privacy.
“We spent five years bringing our case because we firmly believe that spyware companies cannot hide behind immunity or avoid liability for their illegal actions,” Cathcart said in a social media post.
“Surveillance companies should be aware that illegal spying will not be tolerated.”
A WhatsApp spokesperson said they were grateful for the decision.
“We are proud to have taken on NSO and grateful to the many organizations that supported this case. WhatsApp will never stop working to protect people's private communication,” he said.
Cybersecurity experts welcomed the ruling.
John Scott-Railton, senior researcher at Canadian internet watchdog Citizen Lab, which first exposed NSO's Pegasus spyware in 2016, called the ruling a landmark ruling with “huge implications for the software industry.” spy”.
“The entire industry has hidden behind the claim that whatever their customers do with their hacking tools, it is not their responsibility,” he said in an instant message. “Today's ruling makes clear that NSO Group is, in fact, responsible for violating numerous laws.”
In 2019, WhatsApp sued NSO seeking an injunction and damages, accusing it of accessing WhatsApp servers without permission six months earlier to install Pegasus software on victims' mobile devices. The lawsuit alleges that the intrusion allowed the surveillance of 1,400 people, including journalists, human rights activists and dissidents.
NSO had argued that Pegasus helps law enforcement and intelligence agencies fight crime and protect national security and that its technology is intended to help catch terrorists, pedophiles and hardened criminals.
NSO appealed a trial judge's refusal in 2020 to grant it “conduct-based immunity,” a common law doctrine that protects foreign officials acting in their official capacity.
Upholding that ruling in 2021, the San Francisco-based U.S. Court of Appeals for the Ninth Circuit called it an “easy case” because NSO's mere licensing of Pegasus and its offer of technical support did not protect her from liability under a federal law called the Foreign Sovereign Immunity Act. , which had priority over common law.
Last year, the U.S. Supreme Court rejected NSO's appeal against the lower court's decision, allowing the lawsuit to proceed.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=();t=b.createElement(e);t.async=!0;t.src=v;s=b.getElementsByTagName(e)(0);s.parentNode.insertBefore(t,s)}(window, document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
