Illustration: Sarah Grillo/Axios

In what could become a landmark case limiting how government surveillance contractors can operate, Facebook is suing Israeli firm NSO Group for allegedly hacking WhatsApp in order to monitor users on behalf of foreign governments.

Why it matters: Firms like NSO sell software ostensibly intended to surveil potential criminals and terrorists. In practice, their tools have been used to commit human rights abuses.

The big picture: Western governments and human rights advocates have raised their voices about those abuses, but so far they have been unable to stop them. The WhatsApp suit represents a different and potentially stronger kind of threat to the surveillance industry.

  • If NSO and other surveillance software companies lose the ability to transmit spyware over popular, private networks, their ability to infect targets would dramatically decline.
  • "For years, we wondered when private companies were going to reach the breaking point and sue," said John Scott-Railton, senior researcher at Citizen Lab, a University of Toronto outfit dedicated to rooting out cyber weaponry used to commit human rights abuses. "WhatsApp may be the beginning of that other shoe dropping."
  • Citizen Lab worked with Facebook to investigate illicit WhatsApp activity at the center of the lawsuit. The lab has been a thorn in the side of NSO for years, documenting oppressive regimes using the software to spy on journalists, opposition politicians, protesters and religious figures — even advocates for a tax on soda in a country whose leaders did not want a tax on soda.

Details: In the lawsuit, Facebook claims that NSO used WhatsApp to send malware to 1,400 targeted cellphones and mobile devices. A blog post from WhatsApp says that at least 100 of those were civil society targets.

  • The spread of NSO's tools and other firms' spyware isn't limited to WhatsApp. Researchers have seen surveillance products spread using phishing messages on a variety of platforms.
  • Potentially, other tech firms' apps could follow Facebook's lead and seek to enjoin NSO from using their networks. That could include Amazon, which Facebook claims played an unwitting role in NSO's operations by renting the group cloud servers used to anonymize the attacks. Amazon did not reply to questions about whether it would take similar actions.

Context: NSO is a major player in commercial spyware, but by no means alone.

  • Other companies selling commercial spyware include Gamma, Hacking Team, Intellexa, Ability, Verint, Fifth Dimension, and Circles Technologies.

The catch: Spyware contractors operate with the express permission of governments and are based abroad, blurring the issue of U.S. judicial oversight, even as it relates to the use of private networks.

  • "Some of the issues are ones that will need to be litigated out and may need to be negotiated diplomatically," said Michael Daniel, former White House coordinator for cybersecurity and current president and CEO of the Cyber Threat Alliance.

What they're saying: NSO fiercely denies the charges in the Facebook suit, saying in a statement that it "considers any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited. ... This technology is rooted in the protection of human rights — including the right to life, security and bodily integrity."

  • NSO has recently announced new measures that it says are aimed at eliminating the use of its product in human rights abuses.

Go deeper

Updated 19 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 6:15 p.m. EST: 32,062,182 — Total deaths: 979,701 — Total recoveries: 22,057,268Map.
  2. U.S.: Total confirmed cases as of 6:15 p.m EST: 6,967,103 — Total deaths: 202,558 — Total recoveries: 2,670,256 — Total tests: 97,459,742Map.
  3. Health: Cases are surging again in 22 states — New York will conduct its own review of coronavirus vaccine.
  4. Business: America is closing out its strongest quarter of economic growth.
  5. Technology: 2020 tech solutions may be sapping our resolve to beat the pandemic.
  6. Sports: Here's what college basketball will look like this season.
  7. Science: During COVID-19 shutdown, a common sparrow changed its song.
2 hours ago - Podcasts

The child care tax on America's economy

Child care in the U.S. is in crisis, which makes it much harder for the American economy to recover — as providers struggle to stay in business and parents wrestle with work.

Axios Re:Cap digs into the problems and what can be done to solve them, with Vox senior reporter Anna North.

Viral load is a puzzle in COVID-19

Illustration: Eniola Odetunde/Axios

How sick a person gets from a virus can depend on how much of the pathogen that person was exposed to and how much virus is replicating in their body — questions that are still open for the novel coronavirus.

Why it matters: As people try to balance resuming parts of their daily lives with controlling their risk of COVID-19, understanding the role of viral load could help tailor public health measures and patient care.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!