(Reuters) -A U.S. judge on Friday ruled in favor of Meta Platforms’ (NASDAQ:) WhatsApp in a lawsuit accusing Israel’s NSO Group of exploiting a bug in the messaging app to install spy software that enabled unauthorized surveillance.
U.S. District Judge Phyllis Hamilton in Oakland, California granted a motion by WhatsApp and found NSO liable for hacking and breach of contract.
The case will now proceed to trial only on the issue of damages, Hamilton said. NSO Group did not immediately respond to an emailed request for comment.
Will Cathcart, the head of WhatsApp, said the ruling is a victory for privacy.
“We have been presenting our case for five years because we firmly believe that spyware companies cannot hide behind immunity or avoid responsibility for their unlawful actions,” Cathcart said in a social media post.
“Supervisory companies must keep in mind that illegal espionage will not be tolerated.”
A WhatsApp spokesperson said he was grateful for the decision.
“We are proud to have stood up to NSO and grateful to the many organizations who supported this cause. WhatsApp will never stop working to protect people’s private communications,” he said.
Cybersecurity experts welcomed the ruling.
John Scott-Railton, a senior researcher at Canadian internet watchdog Citizen Lab – which first exposed NSO’s Pegasus spyware in 2016 – called the verdict a landmark ruling with “huge implications for the spyware industry.”
“The entire industry has hidden behind the claim that whatever their customers do with their hacking tools, it is not their responsibility,” he said in an instant message. “Today’s ruling makes it clear that NSO Group is actually responsible for violating numerous laws.”
WhatsApp took NSO to court in 2019 seeking an injunction and damages, accusing the company of accessing WhatsApp servers without permission six months earlier to run the Pegasus software on victims’ mobile devices to install. The lawsuit alleged that the breach enabled the surveillance of 1,400 people, including journalists, human rights activists and dissidents.
NSO had argued that Pegasus helps law enforcement and intelligence agencies fight crime and protect national security, and that its technology is intended to help catch terrorists, pedophiles and hardened criminals.
NSO appealed a judge’s 2020 refusal to grant him “conduct-based immunity,” a common law doctrine that protects foreign officials acting in their official capacity.
The San Francisco-based 9th US Circuit Court of Appeals upheld that ruling in 2021, calling it an “easy case” because the NSO’s mere licensing of Pegasus and offering of technical support did not protect the company from liability under a federal law called the Foreign Sovereign Immunities Act. , which took precedence over customary law.
The U.S. Supreme Court last year denied NSO’s appeal of the lower court’s decision, allowing the lawsuit to proceed.
