Skip to main content
  1. Home
  2. Mobile
  3. News

Facebook lawsuit may increase accountability for spyware makers

Andy Boxall
By

Facebook has sued the NSO Group, a security software maker, alleging it was responsible for using the WhatsApp message platform to spread spyware earlier this year. The lawsuit claims the NSO Group used WhatsApp servers to deliver spyware to 1,400 mobile devices between April and May, allowing it to decrypt private messages. Facebook wants an injunction against the NSO Group barring it from using WhatsApp or Facebook services, along with damages and costs.

While at first, the lawsuit seems to be focused around how the NSO Group interfered with the service, used WhatsApp servers without authorization, and additionally broke the terms of service, the lawsuit has wider implications. A later section states the NSO Group used the spyware, “to target attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.”

The NSO Group has responded to the lawsuit with a statement that concentrates solely on this accusation, stating that it provides its technology to licensed government intelligence and law enforcement agencies, and that its software is expressly made to target terrorism and serious crime. “We consider any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited,” the company said.

Pegasus spyware

The software installed by the NSO Group, known as Pegasus, is “among some of the most sophisticated spyware available on the market,” according to Citizen Lab, a human rights research group that has investigated the attack. Once installed, it can steal critical data including passwords, contacts, calendars, messages, and can even monitor live calls. The software can also use the microphone, GPS, and camera to further spy on the phone’s owner.

Prior to the WhatsApp hack, the NSO Group’s Pegasus software had also been linked to repeated surveillance attempts against a Moroccan investigative journalist and a human rights lawyer, Amnesty Tech uncovered in October. Amnesty International is also suing the NSO Group. Danna Ingleton, program director at Amnesty Tech, wrote at the time:

“NSO is not currently able to prevent governments from unlawfully using its surveillance technology as tools to abuse human rights. Instead of attempting to whitewash human rights violations associated with NSO products, the company must urgently put in place more effective due diligence processes to stop its spyware being abused.”

In a statement given to the Committee to Protect Journalists (CPJ) following Amnesty Tech’s report, an NSO Group spokesperson said its products are “not tools to surveil dissidents or human rights activists. That’s why contracts with all of our customers enable the use of our products solely for the legitimate purposes of preventing and investigating crime and terrorism. If we ever discover that our products were misused in breach of such a contract, we will take appropriate action.”

Accountability

Following the earlier exposure, the NSO Group introduced a new Human Rights Policy and added three high profile new advisers to its team. However, this new high profile lawsuit, brought about by one of the biggest and most known technology companies in the world, may prompt the NSO Group and other firms offering similar products, to take even further action to prevent misuse and increase accountability.

“This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users,” WhatsApp wrote in a statement, emphasizing the significance of the lawsuit.

Digital Trends spoke to Joshua Long, Chief Security Analyst at Intego Security about the potential industry implications.

“Attributing an attack to a particular attacker is often a difficult task,” Long told us.

Although not a legal expert, Long pointed out that hopes for a wide industry change may be premature.

“Given that the lawsuit, perhaps incorrectly, identifies NSO Group as the perpetrator of the May 2019 attacks that exploited WhatsApp’s software, and that NSO Group presumably makes, or has the potential to make, more money from its nation-state clients than any monetary damages for which the court might find NSO Group liable, and that there are countless methods for installing Pegasus spyware aside from exploiting WhatsApp vulnerabilities; it is difficult to imagine how this suit could have any meaningful impact on the operations of the NSO Group or any companies that offer similar products and services.”

Editors' Recommendations

Topics
Video-editing app LumaFusion to get a Galaxy Tab S8 launch
A tablet featuring the LumaFusion video editing app.
Apple’s iCloud encryption update hasn’t pleased everyone
iCloud storage on the iPhone 12 Pro Max
What Apple’s iCloud encryption update really means — and why you should care
Apple advanced data protection.
Why the lawsuit against Apple’s AirTags may be bigger than you realize
Nomad Apple TV Siri Remote Case with an AirTag installed.
Google to pay $392 million to 40 states in location-tracking settlement
4 ways 2020 has changed how i use my tech google maps in hand
The best iPhone apps in 2023: 50+ apps you need to download now
iOS 14 App Library
The iPhone 15 Pro’s rumored new design is one I can’t wait for
The volume keys on the side of the iPhone 14 Plus.
The best folding phones in 2023: our 6 favorite foldables right now
The Samsung Galazy Z Fold 3 and Z Flip 3.
You can finally take ECGs and track AFib on a Garmin smartwatch
Garmin Venu 2 Plus smartwatch with new ECG App
I bought a $50 Apple Watch Ultra clone, and it blew me away
Pebble Cosmos Engage watch face.
Best cheap phones in 2023: our 5 favorite ones for tight budgets
The Samsung Galaxy A53 5G leaning against a tree.
How to get Apple’s Black History Month 2023 wallpapers for your iPhone and Apple Watch
The Unity 2023 wallpaper on an iPhone.
Yes, we really are completely spoiling the OnePlus 11 and Buds Pro 2 launch
The OnePlus 11 and the OnePlus Buds Pro 2.