Meta alleges that NSO Group, an Israel-based surveillance software developer, exploited bugs in the popular WhatsApp instant messaging application, allowing “foreign governments” to spy on journalists, human rights activists, and opposition politicians.
The United States Supreme Court will allow Meta Platform Inc.’s WhatsApp, a popular instant messaging application with over 2 billion users worldwide, to pursue a lawsuit accusing the Israel-based NSO Group of exploiting bugs to install surveillance software on mobile phones around the world.
The surveillance software, known as Pegasus, was, in many cases, sent to affected users’ phones through e-mail attachments and social media messages.
Some reports suggest that Pegasus could be uploaded through a simple phone call—even if the recipient declined to answer.
Once Pegasus became active on users’ phones, the controlling entity—often a foreign government—could access encrypted messages, control the device’s microphone and camera, and alter files.
In their ruling, the justices dismissed NSO Group’s claims that it was entitled to civil immunity because it had acted at the behest of unnamed foreign governments.
The Biden administration had proactively urged the Supreme Court to reject the NSO Group’s arguments, noting that the United States Department of State has never extended sovereign immunity to any private entity—even private entities that work for, or contract with, foreign governments.
Meta, the parent company of WhatsApp, welcomed the court’s decision to dismiss NSO’s claims.
“NSO’s spyware has enabled cyberattacks targeting human rights activists, journalists, and government officials,” Meta said. “We firmly believe that their operations violate U.S. law and they must be held to account for their unlawful operations.”
Nevertheless, NSO has insisted that its software is a critical tool for governments and law enforcement agencies around the world.
“Some WhatsApp users are violent criminals and terrorists who exploit the software’s encryption to avoid detection,” NSO said in court documents.
NSO noted in its legal filings that, when WhatsApp notified users of Pegasus breaches, a foreign government was forced to abandon an ongoing investigation into an active Islamic State militant who had been using the social media application to plan an attack.
However, human rights activists have observed that Pegasus has less-than-legitimate uses. Pegasus, for instance, was purportedly used to target Washington Post journalist Jamal Khashoggi shortly before he was murdered inside a Saudi diplomatic mission in Istanbul.
Reuters notes that a 2021 investigation published by the Paris-based non-profit organization Forbidden Stories found that Pegasus has been used to hack into the smartphones of human rights activists, journalists, and politicians around the world.
The United States government recently blacklisted both the NSO Group and Candiru, another Israeli spyware developer, finding that the companies created “malicious” surveillance software for foreign states.