A California jury awarded Meta nearly $168 million in compensation on May 6 in a privacy case against Israeli spyware company NSO Group.
The jury agreed that WhatsApp had proven by “clear and convincing evidence that NSO engaged in malice, oppression, or fraud in violating the California Comprehensive Computer Data Access and Fraud Act.”
The WhatsApp complaint was focused on NSO Group’s Pegasus spyware, which was developed “to be remotely installed and enable the remote access and control of information—including calls, messages, and location—on mobile devices using the Android, iOS, and BlackBerry operating systems,” the lawsuit said.
“Pegasus was designed, in part, to intercept communications sent to and from a device, including communications over iMessage, Skype, Telegram, WeChat, Facebook Messenger, WhatsApp, and others,” it said.
WhatsApp alleged that NSO implanted Pegasus on WhatsApp users’ phones and relayed data from compromised phones to NSO as well as to NSO’s customers.
NSO said WhatsApp conflated NSO’s actions with those of NSO’s customers, such as sovereign governments.
The group’s business model “consists of selling NSO’s Pegasus technology to governments and providing basic technical support for them,” the filing said.
“If anyone installed Pegasus on any alleged ‘Target Devices,’ it was not Defendants [NSO]. It would have been an agency of a sovereign government,” it said.
NSO said it never targeted anyone and contractually prohibits customers from using Pegasus to target individuals who are not suspected criminals or terrorists.
Protecting Privacy
Meta welcomed the court decision, saying in a May 6 post that it has won the fight against “spyware merchant” NSO Group.“Today’s verdict in WhatsApp’s case is an important step forward for privacy and security as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone,” the company said.
“The jury’s decision to force NSO ... to pay damages is a critical deterrent to this malicious industry against their illegal acts aimed at American companies and the privacy and security of the people we serve,” it said.
Responding to the court decision, Gil Lainer, VP for global communications at NSO Group, told The Epoch Times that the company’s technology has played “a critical role in preventing serious crime and terrorism” and has been used in security operations that have saved American lives.
This perspective “was excluded from the jury’s consideration in this case,” said Lainer.
“We will carefully examine the verdict’s details and pursue appropriate legal remedies, including further proceedings and an appeal,” he said.
“NSO remains fully committed to its mission to develop technologies that protect public safety, while continuously strengthening our industry-leading compliance framework and ensuring our technology is deployed solely for their legitimate, authorized purposes by legitimate sovereign governments.”
In December 2020, Access Now and its partners submitted an amicus brief in the case, detailing victims of NSO’s alleged hacking of WhatsApp.
“This verdict sends a clear message to spyware companies that targeting people through U.S.-based platforms will come with a high price,” said Michael De Dora, U.S. policy and advocacy manager at the organization.
“It underscores the importance of U.S. institutions protecting the digital infrastructure and individuals that rely on it from unlawful surveillance.”
“These entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” the department said.