A federal judge has ordered spyware maker NSO to stop using its Pegasus app to target or infect WhatsApp users.
The ruling, issued Friday by Phyllis J. Hamilton of the U.S. District Court for the District of Northern California, grants a permanent injunction sought by WhatsApp owner Meta in a case it filed against NSO in 2019. The lawsuit alleges that Meta caught NSO attempting to surreptitiously infect approximately 1,400 cellphones – many of which belong to lawyers, journalists, human rights activists, political dissidents, diplomats and high-ranking foreign nationals. government officials – with Pegasus. As part of the campaign, NSO created fake WhatsApp accounts and targeted the meta-infrastructure. The lawsuit sought monetary awards and an injunction against the practice.
Setting a precedent
Friday's ruling ordered NSO to permanently stop targeting WhatsApp users, trying to infect their devices or intercepting WhatsApp messages, which are end-to-end encrypted using the open source Signal Protocol. Hamilton also ruled that NSO must delete any data it obtained while targeting WhatsApp users.
NSO had argued that such a ruling would 'put NSO out of business' as Pegasus is its 'flagship product'. Hamilton ruled that the damage Pegasus caused to Meta outweighed such considerations.
“According to the court, any company that deals with users' personal information, and that invests resources in ways to encrypt that personal information, is harmed by the unauthorized access to that personal information – and it's more than just a reputational harm, it's a business harm,” Hamilton wrote. “Fundamentally, information privacy is part of what companies like WhatsApp 'sell,' and any unauthorized access is an interference with that sale. Defendants' conduct serves to undermine one of the purposes of the service offered by Plaintiffs, which constitutes direct harm.”
