{"id":20991,"date":"2023-01-12T16:10:30","date_gmt":"2023-01-13T00:10:30","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/01\/12\/news-14724\/"},"modified":"2023-01-12T16:10:30","modified_gmt":"2023-01-13T00:10:30","slug":"news-14724","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2023\/01\/12\/news-14724\/","title":{"rendered":"WhatsApp lawsuit against NSO Group greenlit by Supreme Court"},"content":{"rendered":"<p>On Monday, the US Supreme Court&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.supremecourt.gov\/search.aspx?filename=\/docket\/docketfiles\/html\/public\/21-1338.html\" target=\"_blank\">denied<\/a>&nbsp;the NSO Group&#8217;s petition for a&nbsp;<em><a rel=\"noreferrer noopener\" href=\"https:\/\/www.vocabulary.com\/dictionary\/writ%20of%20certiorari\" target=\"_blank\">writ of certiorari<\/a><\/em>, a request to the high court to review its case, signaling that Meta&#8217;s WhatsApp can go ahead with its case against the Israeli-based company behind the&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog?s=pegasus\">Pegasus spyware<\/a>. The court didn&#8217;t explain why it refused to hear the NSO&#8217;s appeal.<\/p>\n<p>If you recall, WhatsApp&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.openglobalrights.org\/whatsapp-sues-nso-group-surveillance-tech\/\" target=\"_blank\">filed<\/a>&nbsp;a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.documentcloud.org\/documents\/6532395-WhatsApp-complaint.html\" target=\"_blank\">lawsuit<\/a>&nbsp;against NSO in 2019 under the Computer Fraud and Abuse Act for allegedly targeting and installing spyware on roughly 1,400 devices of its global users, including human rights activists, journalists, and government officials.<\/p>\n<p>NSO group allegedly did this by exploiting&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2019\/05\/whatsapp-fix-goes-live-after-targeted-attack-on-human-rights-lawyer\">a then zero-day vulnerability<\/a>&nbsp;in WhatsAapp. Based on&nbsp;a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.business-humanrights.org\/en\/latest-news\/nso-group-lawsuit-re-hacking-whatsapp-users\/#timeline\" target=\"_blank\">detailed timeline<\/a>&nbsp;of the case, NSO said it is protected by the&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/uk.practicallaw.thomsonreuters.com\/2-502-5645?transitionType=Default&amp;contextData=(sc.Default)\" target=\"_blank\">Foreign Sovereign Immunity Act (FSIA)<\/a>, which shields foreign government officials from common law, making it immune to the lawsuit&mdash;an argument district court judges in California were unconvinced by.<\/p>\n<p>The company then filed a motion to dismiss the case in the US Court of Appeals, insisting it should be granted immunity, much to the dismay of a number of organizations: Microsoft, Google, Cisco, GitHub, LinkedIn, VMWare, and Internet Association (IA). These companies then banded together to file&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/blogs.microsoft.com\/wp-content\/uploads\/prod\/sites\/5\/2020\/12\/NSO-v.-WhatsApp-Amicus-Brief-Microsoft-et-al.-as-filed.pdf\" target=\"_blank\">an amicus brief<\/a>&nbsp;supporting WhatsApp&#8217;s case.<\/p>\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2020\/12\/21\/cyber-immunity-nso\/\" target=\"_blank\">Microsoft said<\/a>:<\/p>\n<blockquote>\n<p>&ldquo;We believe the NSO Group&#8217;s business model is dangerous and that such immunity would enable it and other PSOAs to continue their dangerous business without legal rules, responsibilities or repercussions. The expansion of sovereign immunity that NSO seeks would further encourage the burgeoning cyber-surveillance industry to develop, sell and use tools to exploit vulnerabilities in violation of US law. Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, or knowingly permit their use for such purposes, regardless of who their customers are or what they&rsquo;re trying to achieve.&#8221;<\/p>\n<\/blockquote>\n<p>Eventually, the Appeals Court rejected NSO&#8217;s appeal.<\/p>\n<p>Appeals Court judge Danielle Forrest&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.courthousenews.com\/wp-content\/uploads\/2021\/11\/NSO-Group-ruling-9th-Circuit.pdf\" target=\"_blank\">wrote<\/a>&nbsp;in a unanimous opinion:<\/p>\n<blockquote>\n<p>&#8220;NSO does not contend that it meets the FSIA&rsquo;s definition of &#8216;foreign state,&#8217; and, of course, it cannot. It is not itself a sovereign. NSO is a private corporation that provides products and services to sovereigns &mdash; several of them,&#8221;&nbsp;<\/p>\n<p>&#8220;Whatever NSO&#8217;s government customers do with its technology and services does not render NSO an &#8216;agency or instrumentality of a foreign state,&#8217; as Congress has defined that term. Thus, NSO is not entitled to the protection of foreign sovereign immunity.&#8221;<\/p>\n<\/blockquote>\n<p>The NSO Group&#8217;s request for the Supreme Court to review its case was its last straw effort to be recognized as a foreign government agent and is, therefore, entitled to sovereign immunity.<\/p>\n<p>In a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.reuters.com\/legal\/us-supreme-court-lets-metas-whatsapp-pursue-pegasus-spyware-suit-2023-01-09\/\" target=\"_blank\">statement<\/a>&nbsp;to Reuters, WhatsApp spokesperson Carl Woog is quoted saying:<\/p>\n<blockquote>\n<p>&#8220;NSO&#8217;s spyware has enabled cyberattacks targeting human rights activists, journalists and government officials. We firmly believe that their operations violate US law and they must be held to account for their unlawful operations.&#8221;<\/p>\n<\/blockquote>\n<p>Meta&#8217;s WhatsApp is not the only tech giant suing the NSO Group. Apple also&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.aljazeera.com\/news\/2021\/11\/23\/apple-sues-israeli-firm-nso-group-over-spyware\" target=\"_blank\">filed<\/a>&nbsp;a lawsuit against the Israeli firm in November 2021 for violating terms of service by hacking into the devices of Apple users, calling the company &#8220;amoral 21st-century mercenaries.&#8221;<\/p>\n<hr \/>\n<p><strong>We don&#8217;t just report on threats&mdash;we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by <a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading&nbsp;Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/whatsapp-lawsuit-against-nso-group-greenlit-by-supreme-court-\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/news\" rel=\"category tag\">News<\/a><\/p>\n<p>Tags: Pegasus<\/p>\n<p>Tags:  spyware<\/p>\n<p>Tags:  Pegasus spyware<\/p>\n<p>Tags:  NSO Group<\/p>\n<p>Tags:  NSO<\/p>\n<p>Tags:  Apple<\/p>\n<p>Tags:  WhatsApp<\/p>\n<p>Tags:  Meta<\/p>\n<p>Tags:  Foreign Sovereign Immunity Act<\/p>\n<p>The US Supreme Court essentially gave Meta\u2019s WhatsApp the go ahead to pursue their case against Pegasus\u2019s NSO Group.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/whatsapp-lawsuit-against-nso-group-greenlit-by-supreme-court-\" title=\"WhatsApp lawsuit against NSO Group greenlit by Supreme Court \">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/whatsapp-lawsuit-against-nso-group-greenlit-by-supreme-court-\">WhatsApp lawsuit against NSO Group greenlit by Supreme Court <\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,28354,24884,32,28353,11902,11940,24967,10443,10440],"class_list":["post-20991","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-foreign-sovereign-immunity-act","tag-meta","tag-news","tag-nso","tag-nso-group","tag-pegasus","tag-pegasus-spyware","tag-spyware","tag-whatsapp"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20991","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20991"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20991\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20991"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20991"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20991"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}