A United States District Court judge, Phyllis Hamilton, found that the NSO Group Technologies had violated state and federal US hacking laws as well as WhatsApp‘s terms of service.
Judge Hamilton granted Whatsap’s motion for summary judgment against the Pegasus spyware maker. The judge finds NSO’s hacking violated the federal Computer Fraud & Abuse Act on the grounds of NSO Group exceeding authorization.
The court concluded that the NSO Group has repeatedly failed to produce relevant discovery and failed to obey court orders regarding such discovery. The court found NSO’s limitation of its production such that it is viewable only by Israeli citizens present in Israel is simply, “impracticable for a lawsuit that is to be litigated in this district.”
The issue before the court was whether sending the Pegasus installation vector exceeded authorized access.
NSO argued that it passed through the Whatsapp servers just like any other message would and that any information that was ‘obtained’ was obtained from the target users’ devices (i.e., their cell phones), rather than from the Whatsapp servers themselves.
The court observed that the NSO is most likely to have first gained access to the Whatsapp software before reverse-engineering and/or decompiling it. The fact that NSO offered no plausible explanation for how they could have gained access to the software without agreeing to the terms of service led the court to conclude that plaintiffs had sufficiently established a breach.
The judgment grants the proceedings, and moves ahead for the hearing deciding on the damages due to the “exceeded authorized access.” The judgment secures not only individual rights but also corporates against illegal surveillance through servers. “All businesses need to bolster their cyber security by deploying zero trust architecture.
Companies must adapt to the continuously changing threat environment, ensure their products are built and operate securely, accelerate movement to secure cloud services, centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these goals,” New York-based technology lawyer Mishi Choudhary said to ETLegalWorld.The companies must not only protect their information but there is a need to revamp the security through investment and evaluation of which is likely to affect the businesses. This was a unique orchestration of unauthorized access for obtaining information through a private company aided by government officials. This was argued by the NSO that the ‘obtaining’ was done by NSO’s government clients, rather than by NSO. “NSO Pegasus installation is not any run-of-the-mill hacking but State enabled interference with fundamental rights of citizens. This kind of surveillance cannot be grouped with other instances of hacking because Governments are the primary users here,” she added.
Our Surveillance laws need an overhaul as they don’t have any judicial or parliamentary oversight like other democracies leaving the Executive to do as they please.New York-based technology lawyer Mishi Choudhary
The judgment will have ripple effects in India. The legal jurisprudence will be of a persuasive nature against the related infringements in the nation states. The usage of intrusive technology is in the backdrop of digital transformation and innovations in communication technologies.
They result in a violation of the right to privacy and freedom of expression but also the notion of personal autonomy and even the physical integrity of individuals. The surveillance practices disclose damages to the very principle of the rule of law and the credibility of democratic institutions.
