Oct 29, 2019

Facebook sues Israeli surveillance contractor

Photo: Carsten Rehder/Picture Alliance via Getty Images

Facebook filed a lawsuit on Tuesday against a controversial Israeli private surveillance contractor, NSO Group, for allegedly providing the tools that governments used to try to hack 1,400 cellphones and mobile devices through Facebook's WhatsApp platform.

The big picture: Intelligence groups and law enforcement agencies contract NSO Group to provide spyware that governments can use to surveil the cellphones of perceived threats. While the spyware is intended to track terrorists and criminals, in practice authoritarian regimes often use it to target activists, dissidents, journalists and opposition political figures.

Why it matters: NSO recently announced new processes to investigate human rights abuses, but critics believe misuse of the surveillance tool — as well as competitors' products in the space — will be difficult to curtail.

  • This is the first time that an entity with the power to take on disreputable foreign nations or the NSO itself has done so to prevent spyware misuse.

Facebook alleges that phishing messages harboring NSO's Pegasus surveillance tools were sent over WhatsApp 1,400 times. That, said Facebook, would be a violation of state and federal civil statutes, not to mention WhatsApp's terms of service.

  • Facebook filed the suit in a U.S. district court in San Francisco.

WhatsApp released a blog post explaining the reason for the lawsuit on Tuesday afternoon.

  • The chat app noted it had worked with the University of Toronto's Citizen Lab — a research group devoted to protecting civil society from nation-backed hackers — to investigate a major abuse of the platform discovered in May 2019.
  • The blog post and court documents allege NSO set up phony WhatsApp servers to breach phones in a way that did not require users to answer NSO's calls.
  • At least 100 victims appear to have come from civil society, which WhatsApp calls "an unmistakable pattern of abuse."

According to John Scott-Railton, senior researcher at Citizen Lab, victims included (among others):

  • Prominent religious figures from multiple religions.
  • Well-known journalists and TV personalities.
  • Lawyers working on human rights.

What they're saying:
“In the strongest possible terms, we dispute today’s allegations and will vigorously fight them," NSO said in a statement. "The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. ... It has helped to save thousands of lives over recent years."

Read the lawsuit here:

Editor's note: This story has been updated with comment from NSO Group.

Go deeper

Facebook declares war on government spying

Illustration: Sarah Grillo/Axios

In what could become a landmark case limiting how government surveillance contractors can operate, Facebook is suing Israeli firm NSO Group for allegedly hacking WhatsApp in order to monitor users on behalf of foreign governments.

Why it matters: Firms like NSO sell software ostensibly intended to surveil potential criminals and terrorists. In practice, their tools have been used to commit human rights abuses.

Go deeperArrowOct 31, 2019

Facebook debuts payment system, taking on Venmo

Illustration: Sarah Grillo/Axios

Facebook on Tuesday announced Facebook Pay, an online payment system that will allow users across its services to send payments to one another. The new product, separate from its Libra cryptocurrency effort, puts the social network giant in competition with Venmo and others.

Why it matters: Once again, Facebook will be asking users to hand over more sensitive information when it is under fire for how it manages the information and access it already has.

Go deeperArrowNov 12, 2019

Facebook: 100 developers may have improperly accessed users' data

Mark Zuckerberg. Photo: Drew Angerer/Getty Images

Facebook said in a blog post Tuesday that "roughly 100" software developers may have improperly accessed users' data, including the names and profile photos of people in specific groups on the social network.

Why it matters: Per Axios' chief technology correspondent Ina Fried, it's been clear for a while that the company’s issues with third parties go beyond Cambridge Analytica. This disclosure gives an indication of just how far.

Go deeperArrowNov 6, 2019