Court orders maker of Pegasus spyware to hand over code to WhatsApp
NSO Group, the maker of one the world’s most sophisticated
cyber weapons, has been ordered by a US court to hand its code for Pegasus and
other spyware products to WhatsApp as part of the company’s ongoing litigation.
The decision by Judge Phyllis Hamilton is a major legal
victory for WhatsApp, the Meta-owned communication app which has been embroiled in a lawsuit against NSO since 2019,
when it alleged that the Israeli company’s spyware had been used against 1,400
WhatsApp users over a two-week period.
NSO’s Pegasus code, and code for other surveillance products
it sells, is seen as a closely and highly sought state secret. NSO is closely
regulated by the Israeli ministry of defense, which must review and approve the
sale of all licences to foreign governments.
In reaching her decision, Hamilton considered a plea by NSO
to excuse it of all its discovery obligations in the case due to “various US
and Israeli restrictions”.
Ultimately, however, she sided with WhatsApp in ordering the
company to produce “all relevant spyware” for a period of one year before and
after the two weeks in which WhatsApp users were allegedly attacked: from 29
April 2018 to 10 May 2020. NSO must also give WhatsApp information “concerning
the full functionality of the relevant spyware”.
Hamilton did, however, decide in NSO’s favor on a different
matter: the company will not be forced at this time to divulge the names of its
clients or information regarding its server architecture.
NSO declined to comment on the decision. The
litigation is continuing.
When it is successfully deployed against a target, NSO’s
Pegasus software can hack any mobile phone, gaining unrestricted access to
phone calls, emails, photographs, location information and encrypted messages
without a user’s knowledge. NSO was blacklisted by the Biden administration in 2021
after it determined the Israeli spyware maker has acted “contrary to the
foreign policy and national security interests of the US”.
NSO sells its spyware to government clients around the world
and has said that the agencies who deploy it are responsible for how it is
used. While NSO does not disclose the names of its clients, research and media
reports over the years have identified Poland, Saudi Arabia, Rwanda, India,
Hungary and the United Arab Emirates as among the countries that have
previously used the technology to target dissidents, journalists, human rights
activists and other members of civil society.
NSO has argued that Pegasus helps law enforcement and
intelligence agencies fight crime and protect national security and that its
technology is intended to help catch terrorists, child abusers and hardened
criminals.
The Biden administration has raised alarms about the
proliferation and abuse of products like Pegasus, saying they represent a
potential threat to US national security and counterintelligence efforts. A new
policy unveiled in early February will impose global visa restrictions on
individuals who have been involved in the misuse of commercial spyware,
including countries in the EU and Israel.
Story by Stephanie Kirchgaessner in Washington
Comments
Post a Comment