Judge green-lights Facebook, WhatsApp hacking lawsuit against spyware biz NSO, unleashing Zuck's lawyers
Legal discovery team could turn up some very interesting, and possibly embarrassing details
Facebook won a significant legal victory on Thursday when the judge hearing the lawsuit against Israeli spyware maker NSO Group declined to dismiss the case – and allowed the crucial discovery process to move forward.
Last October, Facebook and its WhatsApp subsidiary sued NSO Group, and its Q Cyber Technologies affiliate, in the Northern District of California. The social network giant claimed that the Pegasus spyware developed and sold by the companies was used by foreign governments and security organizations to hack the phones of as many as 1,400 WhatsApp users, including activists, journalists, dissidents, and government officials.
The complaint alleges four causes of action: breaking the US Computer Fraud and Abuse Act, the California Comprehensive Computer Data Access and Fraud Act, the abuse of the terms of service agreements on the social media sites, and the delightfully named "trespass to chattels," meaning - in California - that the defendant interfered with, or damaged, normal operations of a digital product or service for a user.
NSO Group has advanced several arguments to avoid being investigated and going to court over its software. It has insisted that it's not responsible for how its customers use the tools; that it inherits sovereign immunity from its government customers; that its software's interactions with WhatsApp servers were allowed; and that it can't be sued in California because it doesn't have an office there.
Spyware maker NSO runs scared from Facebook over WhatsApp hacking charges, fails to show up in courtREAD MORE
US District Judge Phyllis Hamilton mostly rejected these arguments in her denial of NSO's motion [PDF] to dismiss the case. NSO Group is not entitled to immunity as a foreign official and can't claim immunity derived from its government customers, her order says.
NSO Group's claim that it was authorized to access WhatsApp's servers similarly fell flat.
The judge did grant one dismissal motion, Facebook's trespass to chattels claim. The judge tossed that claim because Facebook and WhatsApp haven't demonstrated that "any WhatsApp customer was deprived or denied access to the WhatsApp system."
However she directed the plaintiffs to clarify that claim in an amended complaint within 21 days.
NSO Group had also hoped to avoid discovery – the legal process by which Facebook and WhatApp get to demand internal documents relevant to their complaint. But Judge Hamilton rejected that effort because it was based on the company's disallowed sovereign immunity claim and another "good cause" not declared to the court.
"We are pleased with the Court's decision permitting us to move ahead with our claims that NSO engaged in unlawful conduct," a WhatsApp spokesperson said in an email to The Register.
"The decision also confirms that WhatsApp will be able to obtain relevant documents and other information about NSO's practices. Today, we are one step closer to holding NSO accountable for attacking WhatsApp and its users, including journalists, human rights activists, and government officials."
Asked to comment, an NSO Group spokesperson said, "Our legal team is reviewing the court’s decision, so we are not in a position to comment in detail at this time. Our technology is used to save lives and prevent terror and crime worldwide, and we remain confident that our conduct is lawful." ®
- AdBlock Plus
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Federal government of the United States
- Government of the United Kingdom
- Identity Theft
- Kenna Security
- Max Schrems
- Microsoft 365
- Microsoft Office
- Microsoft Teams
- Palo Alto Networks
- Software License
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Web Browser
- Zero trust