An Oakland federal judge won't let Israel-based NSO Group slide out of Meta's lawsuit accusing the software company of using its Pegasus spyware program to allegedly monitor communications for 1,400 users of Meta's Whatsapp messaging platform.
On Dec. 20, U.S. District Judge Phyllis J. Hamilton, in the Northern District of California, granted summary judgment to Meta and Whatsapp in the dispute with NSO, finding NSO liable for the alleged improper surveillance.
In a summary judgment, a judge delivers a final judgment in a matter before the case goes to trial.
In the ruling, Judge Hamilton said she would still hold a trial in the case, but only on the question of how much NSO may ultimately be made to pay Meta to resolve the matter.
The two sides could also yet avoid trial, if they were to settle the lawsuit.
The lawsuit dates back to 2019, when Whatsapp and Meta accused NSO in court of improperly intercepting messages sent by and to about 1,400 Whatsapp users for the purposes of surveilling them.
In the lawsuit, Meta specifically asserted NSO gained access to Whatsapp and then reverse engineered the app to create a back door into Whatsapp, known as the "Whatsapp Installation Server" (WIS).
As described in Judge Hamilton's ruling, the WIS "allows defendants’ clients to send 'cipher' files with 'installation vectors' that ultimately allow the clients to surveil target users."
According to the complaint, NSO allegedly used the NSO to install its Pegasus spyware on targeted users' phones and other devices.
Meta asserted these alleged actions amounted to violation of federal and California state computer fraud and data access protection laws, as well as breach of contract and trespass for allegedly improperly using the Whatsapp program.
In response, NSO argued its Pegasus installation didn't violate the law or its user contract with Whatsapp, in part because their intercepts did not "exceed authorized access," as their program didn't directly obtain the information from the users' devices.
The judge, however, agreed with Meta that such nuance is largely not relevant to the complaint, as NSO allegedly still used Whatsapp's servers to obtain the information, which the judge said violates the federal and state laws.
The judge also shot down NSO's similar arguments against the breach of contract claim.
"The court finds no merit in the arguments raised by defendants," Judge Hamilton wrote.
"Defendants (NSO) do not dispute that they must have reverse-engineered and/or decompiled the Whatsapp software in order to develop the WIS, but simply raise the possibility that they did so before agreeing to the terms of service. However, as discussed above, defendants have withheld evidence regarding their agreement to the terms of service.
"Moreover, common sense dictates that defendants must have first gained access to the Whatsapp software before reverse-engineering and/or decompiling it, and they offer no plausible explanation for how they could have gained access to the software without agreeing to the terms of service," the judge wrote.
Also in the ruling, the judge granted, in part, Meta's request for sanctions against NSO for allegedly failing to comply with requirements to turn over Pegasus source code in a format that could be deciphered by the plaintiffs.
The court has not yet set a date for any trial on damages.