How WhatsApp’s Recent Lawsuit is Shining a Spotlight on User Privacy

No one thinks it will happen to them – until it does. When a cyberattack hits, it’s quick and merciless for identity theft, account hacking, malware, or more. Fortunately, there are ways to protect yourself from cyberattacks in advance. Below are 4 ways to boost digital security as soon as today.

In October, WhatsApp made headlines by suing the Israeli surveillance firm NSO Group for allegedly compromising the security of approximately 1400 WhatsApp users around the globe. It was a brilliant move for WhatsApp. Not only did it come out as a champion of user privacy, but it also took its parent company, Facebook, perpetually accused of privacy violations, out of the hot seat for a brief moment. While Facebook will still have to answer for its own breaches, WhatsApp’s lawsuit has shown a spotlight on a firm with much more questionable policies.

NSO Group, of course, denied the allegations: “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” the company wrote in a statement. “The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years.”

However, this isn’t the first tussle for NSO Group. Its phone hacking software has been implicated in human rights abuses in the Middle East and Latin America, and its spyware has been accused of playing a role in the death of Washington Post journalist Jamal Khashoggi, who was murdered at the Saudi Arabian Consulate in Istanbul in October 2018.

Lawsuit Details

Legal counsel for WhatsApp filed a lawsuit in a federal court in San Francisco, accusing NSO Group of facilitating government hacking on 4 continents and 20 countries, including Bahrain, United Arab Emirates, and Mexico. The hacking targeted political dissidents, journalists, diplomats, government officials, and more. The lawsuit claims that NSO Group used WhatsApp’s video calling system to send Pegasus malware to users’ mobile devices, allowing NSO clients to gain access to digital data and messages. The lawsuit aims to bar NSO Group from accessing WhatsApp and Facebook services and seeks unspecified damages.

With NSO Group denying the allegations, the case will likely be settled in court. To prove the veracity of its claims, WhatsApp will need to provide clarity on the alleged security breach. Did the “unauthorized access” affect WhatsApp users or servers? If the breach took place at the user level, WhatsApp doesn’t have much legal ground to stand on. If, however, WhatsApp’s systems and servers were the “victims” of the breach, then the argument holds water.

WhatsApp may also claim that NSO Group violated its terms of service, which bans harming other users, sending malware, and reverse-engineering. Since NSO Group is accused of all the above, the argument can be made that it violated the terms of service and thus the access was unauthorized.

A lawsuit which can lead to higher ethical standards

Whatever legal approach WhatsApp takes, the outcome will be significant in the world of user privacy and internet freedom. It has the potential to set a legal precedent, since it is the first time a technology company (not an individual) has sued a surveillance company that targeted its users.