On December 21, 2024, WhatsApp achieved a landmark legal victory against the NSO Group, a notorious Israeli spyware company.
A U.S. federal judge ruled that NSO violated hacking laws by exploiting a vulnerability in WhatsApp to deploy its Pegasus spyware on over 1,400 devices, including those of journalists and human rights activists.
This decision holds NSO accountable and sets a precedent for the regulation of spyware companies.
Read also: ChatGPT now available on WhatsApp for calls, real-time conversations
The case against NSO Group
WhatsApp’s lawsuit, initiated in late 2019, accused NSO of unauthorised access to its servers to install Pegasus through a zero-day vulnerability in its voice calling feature.
The court found that NSO had sent malicious code via WhatsApp’s servers 43 times during May 2019, which Judge Phyllis J. Hamilton described as a blatant breach of contract and hacking laws.
“NSO’s lack of compliance with discovery orders raises serious concerns about their transparency,” she stated, highlighting the company’s failure to provide crucial evidence during the trial.
WhatsApp’s head, Will Cathcart, expressed that this ruling is a “huge win for privacy,” emphasising the importance of accountability in the spyware industry.
He noted that the decision sends a clear message: “Surveillance companies should be on notice that illegal spying will not be tolerated”.
The case is set to proceed to a damages trial in March 2025.
Read also: Order on WhatsApp with Ubuy: a new way to shop across borders
Implications for privacy and accountability
The implications of this ruling extend beyond WhatsApp. Cybersecurity experts view it as a pivotal moment for holding spyware companies accountable for their actions.
John Scott-Railton from Citizen Lab remarked that this judgment could reshape how such firms operate, indicating that they can no longer hide behind claims of immunity.
The decision also reflects growing concerns about privacy in an era where surveillance technologies are increasingly misused.
NSO Group has maintained that its Pegasus software is intended for legitimate use by governments to combat serious crimes. However, the court’s rejection of their claims underscores a significant shift toward greater scrutiny of such technologies.
As WhatsApp continues to champion user privacy and security, this ruling signifies an essential advancement in the ongoing fight against unlawful surveillance.