Supreme Court dismisses spyware company NSO Group’s claim of immunity

The Supreme Court dismissed on Monday an attempt by the Israeli spyware vendor NSO Group to claim immunity from legal challenges.

NSO Group filed a petition for a writ of certiorari last year, arguing that under common law it could not be hauled before a judge as it was merely an agent of the foreign governments to whom it sold its products.

The same claim of immunity had previously been dismissed twice by U.S. courts, first by a California district court and then by the Ninth Circuit. The Supreme Court’s website on Monday was updated to say that NSO Group’s most recent petition had also been denied.

The petition was made in response to a legal challenge brought in 2019 by the messaging company WhatsApp over the use of the Pegasus hacking tool to target its infrastructure and approximately 1,400 users.

NSO Group could now be forced to turn over documents to litigants as part of that case and several other claims being brought against it, most of them alleging the company’s involvement in human rights abuses.

Carrie DeCell, senior staff attorney at the Knight First Amendment Institute at Columbia University, said the institute welcomed the decision.

The Knight First Amendment Institute is currently challenging the spyware vendor “on behalf of journalists and other members of the leading Central American news organization El Faro” whom it argued are “the victims of spyware attacks using NSO Group’s Pegasus technology.”

In a rare moment of unity for the technology industry, WhatsApp’s initial lawsuit against NSO received the support of competitors including Google and Microsoft, alongside other tech companies such as Cisco and Dell. WhatsApp is owned by Facebook parent company Meta.

Apple subsequently brought its own legal action against NSO.

"We're grateful to see the Supreme Court rejected NSO's baseless petition," WhatsApp spokesman Joshua Breckman told The Record. "NSO’s spyware has enabled cyberattacks targeting human rights activists, journalists, and government officials. We firmly believe that their operations violate U.S. law and they must be held to account for their unlawful operations."

The Israeli company has denied every allegation that its tools have been misused. “NSO does not operate Pegasus, has no visibility into its usage, and does not collect information about customers or who they monitor,” the company has said in past statements. “NSO licenses Pegasus solely to law enforcement and intelligence agencies of sovereign states and government agencies following approval by the Israeli government. When we determine wrongdoing, we terminate contracts.”

The company has never explained how it can determine wrongdoing if it has no visibility into how customers use Pegasus, and the Israeli government has repeatedly declined to comment about its approval process for exporting the software.

NSO Group was sanctioned last year by the U.S. Department of Commerce, alongside the Russian security firm Positive Technologies, Singapore-based Computer Security Initiative Consultancy and another Israeli company called Candiru, for developing and selling hacking tools.

The Department of Commerce explained: “These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent.”

Updated on Jan. 10 at 8:34 am EST to include a statement from WhatsApp.