Court Bans NSO From Using Pegasus Spyware on WhatsApp
▼ Summary
– A federal judge has permanently banned NSO from using its Pegasus spyware to target WhatsApp users or infect their devices.
– The ruling requires NSO to delete all data it obtained from targeting WhatsApp users and stop intercepting their encrypted messages.
– The lawsuit was filed by Meta in 2019 after discovering NSO targeted approximately 1,400 phones belonging to journalists, activists, and officials.
– NSO argued the injunction would put it out of business, but the court ruled the harm to Meta’s business and user privacy outweighed this concern.
– The judge stated that unauthorized access to user data directly harms companies like WhatsApp, which sell informational privacy as part of their service.
A federal judge has permanently banned the NSO Group from using its Pegasus spyware to target WhatsApp users, marking a significant legal victory for Meta in its long-running battle against unauthorized surveillance. The ruling from US District Judge Phyllis J. Hamilton in Northern California prohibits NSO from any attempts to infect devices or intercept communications on the WhatsApp platform. This decision stems from a lawsuit Meta initiated in 2019 after discovering NSO’s efforts to compromise approximately 1,400 mobile phones.
The targeted devices belonged to a wide range of individuals, including journalists, human rights defenders, attorneys, political dissidents, diplomats, and high-ranking government officials. According to the lawsuit, NSO created fraudulent WhatsApp accounts and directed attacks against Meta’s infrastructure as part of this campaign. Meta pursued both financial compensation and a court order to halt these activities permanently.
Judge Hamilton’s injunction explicitly forbids NSO from targeting WhatsApp users or their devices and from intercepting any messages. WhatsApp employs end-to-end encryption through the open source Signal Protocol to protect user communications. The court also mandated that NSO must erase any data it previously collected by targeting WhatsApp accounts.
During the proceedings, NSO contended that such a ruling would effectively put the company out of business, describing Pegasus as its flagship product. However, Judge Hamilton determined that the harm inflicted on Meta by Pegasus operations outweighed these commercial concerns. She emphasized that businesses handling personal user information and investing in encryption technologies suffer tangible business harm, not just reputational damage, when that information is accessed without authorization.
The court’s opinion stated that companies like WhatsApp are essentially providing informational privacy as a core part of their service. Any unauthorized access fundamentally interferes with that offering, directly harming the company by undermining a primary purpose of its platform. This legal precedent reinforces the responsibility of technology firms to safeguard user data against covert intrusion.
(Source: Ars Technica)
