The Supreme Court on Monday rejected an Israeli spyware maker’s bid to derail a high-profile lawsuit filed by the WhatsApp messaging service.
The justices left in place lower court rulings against the Israeli firm, NSO Group. WhatsApp claims that NSO targeted some 1,400 users of the encrypted messaging service with highly sophisticated spyware.
WhatsApp parent Facebook, now called Meta Platforms Inc., is trying to block NSO from Facebook platforms and servers and recover unspecified damages.
NSO argued that it should be recognized as a foreign government agent and therefore be entitled to immunity under U.S. law limiting lawsuits against foreign countries. The request appeals a pair of earlier federal court rulings that rejected similar arguments by the Israeli company.
The Biden administration recommended that the court turn away the appeal. The Justice Department wrote that “NSO plainly is not entitled to immunity here.”
NSO’s flagship product, Pegasus, allows operators to covertly infiltrate a target’s mobile phone, gaining access to messages and contacts, the camera and microphone and location history. Only government law enforcement agencies can purchase the product and all sales are approved by Israel’s Defense Ministry, NSO said. It does not identify its clients.
WhatsApp says at least 100 of the users connected to its lawsuit were journalists, rights activists and civil society members. Critics have said that NSO’s clients include Saudi Arabia, the United Arab Emirates, Jordan and Poland and that those countries have abused the system to snoop on critics and stifle dissent.
NSO said it has safeguards in place to prevent abuses, although the company also said it has no control over how its clients use the product.
The WhatsApp case is among a series of legal battles plaguing NSO. In a separate lawsuit, Apple says it aims to prevent NSO from breaking into products. It claimed Pegasus had affected a small number of iPhone users worldwide, calling NSO’s employees “amoral 21st century mercenaries.”
In November, journalists from an investigative news outlet in El Salvador also sued NSO in a U.S. court after Pegasus spyware was detected on their iPhones.
“NSO’s spyware has enabled cyberattacks targeting human rights activists, journalists, and government officials. We firmly believe that their operations violate U.S. law and they must be held to account for their unlawful operations,” WhatsApp spokesperson Carl Woog said in a statement.
A lawyer for the journalists who sued also praised the court’s action. “Today’s decision clears the path for lawsuits brought by the tech companies, as well as for suits brought by journalists and human rights advocates who have been victims of spyware attacks,” Carrie DeCell, senior staff attorney at the Knight First Amendment Institute at Columbia University, said in a statement.
In its own statement, NSO said: “We are confident that the court will determine that the use of Pegasus by its customers was legal.”
NSO also has been blacklisted by the U.S. Commerce Department, limiting its access to U.S. technology. U.S. officials said the company’s products were complicit in “transnational repression.”
Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation
Related: US Puts New Controls on Israeli Spyware Company NSO Group
Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days
Related: Apple Confirms New Zero-Day Attacks on Older iPhones