Israeli spyware vendor NSO Group was handed a major loss on Nov. 8, just days after being placed on a U.S. sanctions list, when a federal appeals court denied the company’s sovereign immunity claims—paving the way for the firm to face legal liability in the United States.
Facebook initially sued NSO Group in 2019 for allegedly hacking WhatsApp, sending malicious code to about 1,400 of its users for the purpose of surveilling their phones and devices. According to Facebook, the users included attorneys, journalists, human rights activists, and diplomats.
NSO moved to have the lawsuit dismissed on sovereign immunity grounds, arguing that its product was used by foreign governments. The case made its way up to the Court of Appeals for the 9th Circuit, which denied NSO’s motion in a Nov. 8 decision—ruling that U.S. sovereign immunity laws apply to foreign state entities, but not to individuals or private companies.
“An entity must be a sovereign or must have a sufficient relationship to a sovereign to claim sovereign-based immunity,” the 9th Circuit said. “Without such status or relationship, there is no justification for granting sovereign immunity.”
The 9th Circuit ruling means Facebook can move its lawsuit against NSO forward to the discovery stage, where potentially more damning information about the Israeli spyware firm may be revealed.
NSO has continued to deny any wrongdoing, although the company faced another round of negative publicity over the past week.
“[NSO Group] has enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent,” the department said in a statement. “Such practices threaten the rules-based international order.”