On Monday, the United States Court of Appeals for the Ninth Circuit allowed WhatsApp’s lawsuit against Israeli spyware firm NSO Group to advance, and rejected NSO Group’s attempt to block briefs filed by civil society. In its ruling, a three-judge panel of an appeals court in San Francisco, California, affirmed a lower court’s decision to deny NSO Group’s motion to dismiss the lawsuit. Additionally, judges accepted the brief submitted by Access Now on behalf of eight civil society organizations, despite NSO Group’s objections claiming it introduced “disputed facts,” as well as another brief by three law professors.
“We commend the Court for denying NSO Group’s attempts to silence its victims and derail WhatsApp’s lawsuit, which rightly puts the spyware peddler in the hot seat for enabling its government clients to violate human rights with impunity,” said Natalia Krapiva, Tech Legal Counsel at Access Now. “Now that the case proceeds into the discovery stage, it would be hard for NSO to hide its abuses behind the shroud of secrecy.”
On Monday, the Ninth Circuit made several findings:
- NSO Group does not meet the legal definition of “foreign state” under the Foreign Sovereign Immunity Act;
- The Act controls which entities qualify for immunity; and
- NSO Group’s claims to common law protections are immaterial, because it is an entity, not a natural person like a foreign official.
In the lawsuit, originally filed in the Northern California District Court in October 2019, WhatsApp and its parent company Meta (Facebook) are suing NSO for using WhatsApp’s servers to deliver Pegasus spyware to the devices of 1,400 users in violation of U.S. Computer Fraud and Abuse Act (CFAA), California Comprehensive Data Access and Fraud Act, as well as contract and trespass law. While this case is between two private companies, Access Now and our partners’ amicus brief highlighted for the court the human rights implications of NSO’s hacking and the real-life harm it caused.
“A growing number of victims have suffered attacks linked to NSO Group’s Pegasus spyware,” said Peter Micek, General Counsel at Access Now. “Several victims spoke with courage and conviction in the amicus brief submitted by Access Now and other civil society organizations. While NSO Group fought to keep their stories hidden, this Court saw a better outcome, where justice might shine into the dark crevices of spyware and surveillance.”
Front Line Defenders also recently announced it had uncovered the hacking (confirmed by the Citizen Lab and Amnesty International) of six Palestinian human rights defenders’ devices with NSO Group’s Pegasus spyware, as part of a broader assault on Palestinian civil society. Three of the targeted human rights defenders come from prominent Palestinian civil society groups that Israeli authorities have designated as “terrorist organizations,” leading Access Now and civil society to raise serious questions about whether Israeli authorities were involved in the Pegasus targeting.