Apple Sues ‘Notorious’ NSO Group Over Pegasus Spyware
Apple Sues ‘Notorious’ NSO Group Over Pegasus Spyware
Apple has sued the Israeli company NSO Group and subsidiary Q Cyber for allegedly violating an anti-hacking law by installing spyware on iPhones.
“Defendants are notorious hackers — amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse,” Apple alleges in a complaint filed Tuesday in U.S. District Court in San Jose, California.
Apple’s complaint draws on press reports about Pegasus, including a July 2021 Washington Post article stating that NSO and its clients have used the software to spy on journalists, activists, government officials and others in more than 50 countries.
“According to defendants and news reports, Pegasus is installed remotely on a device through fraud or deception,” the lawsuit reads. “Pegasus can record using a device’s microphone and camera, track the phone’s location data, and collect emails, text messages, browsing history, and a host of other information.”
Among other claims in the complaint, Apple alleges that Pegasus violated the Computer Fraud and Abuse Act — an anti-hacking law dating to 1986 — by accessing the operating system on Apple devices without authorization and installing “highly invasive software.”
“Defendants’ access was without authorization because Apple’s users never consented to defendants’ accessing their devices to install their Pegasus spyware,” Apple alleges.
Apple’s lawsuit comes several weeks after a federal appellate court ruled that Facebook and WhatsApp could proceed with a lawsuit against NSO Group over Pegasus spyware.
NSO, which denied wrongdoing, says it was protected by the Foreign Sovereign Immunity Act because the company’s clients are foreign governments. The Foreign Sovereign Immunity Act generally immunizes foreign governments from lawsuits in the U.S., except for some lawsuits related to terrorism.
A three-judge panel of the 9th Circuit Court of Appeals rejected that argument, ruling that the law only protects “foreign states,” not private companies that license technology to the government.
“Whatever NSO’s government customers do with its technology and services does not render NSO an ‘agency or instrumentality of a foreign state,’ as Congress has defined that term,” Circuit Judge Danielle Forrest wrote in an opinion joined by Judges Mary Murguia and Ryan Nelson. “Thus, NSO is not entitled to the protection of foreign sovereign immunity.”
On Monday, NSO Group asked the 9th Circuit to reconsider that ruling.
“NSO designs and markets its technology for the exclusive use of foreign states in lawful investigations,” the company wrote in its motion for reconsideration. “Foreign states, not NSO, operate the technology and choose how and when to use it. NSO provides limited support, entirely at the direction of its foreign-state customers.”
The 9th Circuit hasn’t yet ruled on NSO’s request.
(29)