Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

In what could become a landmark case limiting how government surveillance contractors can operate, Facebook is suing Israeli firm NSO Group for allegedly hacking WhatsApp in order to monitor users on behalf of foreign governments.

Why it matters: Firms like NSO sell software ostensibly intended to surveil potential criminals and terrorists. In practice, their tools have been used to commit human rights abuses.

The big picture: Western governments and human rights advocates have raised their voices about those abuses, but so far they have been unable to stop them. The WhatsApp suit represents a different and potentially stronger kind of threat to the surveillance industry.

  • If NSO and other surveillance software companies lose the ability to transmit spyware over popular, private networks, their ability to infect targets would dramatically decline.
  • "For years, we wondered when private companies were going to reach the breaking point and sue," said John Scott-Railton, senior researcher at Citizen Lab, a University of Toronto outfit dedicated to rooting out cyber weaponry used to commit human rights abuses. "WhatsApp may be the beginning of that other shoe dropping."
  • Citizen Lab worked with Facebook to investigate illicit WhatsApp activity at the center of the lawsuit. The lab has been a thorn in the side of NSO for years, documenting oppressive regimes using the software to spy on journalists, opposition politicians, protesters and religious figures — even advocates for a tax on soda in a country whose leaders did not want a tax on soda.

Details: In the lawsuit, Facebook claims that NSO used WhatsApp to send malware to 1,400 targeted cellphones and mobile devices. A blog post from WhatsApp says that at least 100 of those were civil society targets.

  • The spread of NSO's tools and other firms' spyware isn't limited to WhatsApp. Researchers have seen surveillance products spread using phishing messages on a variety of platforms.
  • Potentially, other tech firms' apps could follow Facebook's lead and seek to enjoin NSO from using their networks. That could include Amazon, which Facebook claims played an unwitting role in NSO's operations by renting the group cloud servers used to anonymize the attacks. Amazon did not reply to questions about whether it would take similar actions.

Context: NSO is a major player in commercial spyware, but by no means alone.

  • Other companies selling commercial spyware include Gamma, Hacking Team, Intellexa, Ability, Verint, Fifth Dimension, and Circles Technologies.

The catch: Spyware contractors operate with the express permission of governments and are based abroad, blurring the issue of U.S. judicial oversight, even as it relates to the use of private networks.

  • "Some of the issues are ones that will need to be litigated out and may need to be negotiated diplomatically," said Michael Daniel, former White House coordinator for cybersecurity and current president and CEO of the Cyber Threat Alliance.

What they're saying: NSO fiercely denies the charges in the Facebook suit, saying in a statement that it "considers any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited. ... This technology is rooted in the protection of human rights — including the right to life, security and bodily integrity."

  • NSO has recently announced new measures that it says are aimed at eliminating the use of its product in human rights abuses.

Go deeper

Democrat Mark Kelly sworn in to U.S. Senate

Photo: Courtney Pedroza/Getty Images

Astronaut Mark Kelly (D) was sworn in to the U.S. Senate on Wednesday after defeating incumbent Sen. Martha McSally (R-Ariz.) last month for the seat once held by the late Sen. John McCain.

Why it matters: Kelly's swearing-in by Vice President Mike Pence narrows the Republican majority and moves the Senate balance to 52-48.

Senate Armed Services chair dismisses Trump threat to veto defense bill

Sen. Jim Inhofe. Photo: Anna Moneymaker/Pool/AFP via Getty Images

Sen. Jim Inhofe (R-Okla.), chair of the Senate Armed Services Committee, told reporters Wednesday that he plans to move ahead with a crucial defense-spending bill without provisions that would eliminate tech industry protections, defying a veto threat from President Trump.

Why it matters: Inhofe's public rebuke signals that the Senate could have enough Republican backing to override a potential veto from Trump, who has demanded that the $740 billion National Defense Authorization Act repeal Section 230 of the Communications Decency Act.

Scoop: Uber in talks to sell air taxi business to Joby

Illustration: Sarah Grillo/Axios

Uber is in advanced talks to sell its Uber Elevate unit to Joby Aviation, Axios has learned from multiple sources. A deal could be announced later this month.

Between the lines: Uber Elevate was formed to develop a network of self-driving air taxis, but to date has been most notable for its annual conference devoted to the nascent industry.