\n<\/p>\n
Today\u2019s verdict in WhatsApp\u2019s case is <\/span>an important step forward for privacy and security <\/span>as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone. Today, the jury\u2019s decision to force NSO, a notorious foreign spyware merchant, to pay damages is a critical deterrent to this malicious industry against their illegal acts aimed at American companies and the privacy and security of the people we serve.<\/span><\/p>\n As a reminder, six years ago, our engineers detected and <\/span>stopped<\/span><\/a> an attack by NSO using its spyware tool Pegasus to target over a thousand WhatsApp users, including human rights activists, journalists, diplomats and others in civil society. At the time, we worked with <\/span>Citizen Lab<\/span><\/a> to further investigate and alert the people who we believe were targeted \u2013 <\/span>both so we could learn more about the attack and inform them <\/span>about the steps they can take to secure their devices.\u00a0<\/span><\/p>\n Now, for the first time, this trial put spyware executives on the stand and exposed exactly how their surveillance-for-hire system \u2013 shrouded in so much secrecy \u2013 operates. Put simply, NSO\u2019s Pegasus works to covertly compromise people\u2019s phones with spyware capable of hoovering up information from any app installed on the device. Think anything from financial and location information to emails and text messages, or as NSO conceded: \u201cevery kind of user data on the phone.\u201d<\/span> It can even remotely activate the phone\u2019s mic and camera \u2013 all without people\u2019s knowledge, let alone authorization.\u00a0<\/span><\/p>\n This trial also revealed that WhatsApp was far from NSO\u2019s only target. While we stopped the attack vector that exploited our calling system in 2019, Pegasus has had many other spyware installation methods to exploit other companies\u2019 technologies to manipulate people\u2019s devices into downloading malicious code and compromising their phones. NSO was forced to admit that it spends tens of millions of dollars annually to develop malware installation methods including through instant messaging, browsers, and operating systems, and that its spyware is capable of compromising iOS or Android devices to this day.\u00a0<\/span><\/p>\n Given how much information people access on their devices, including through private end\u2013to-end encrypted apps like WhatsApp, Signal and others, we will continue going after spyware vendors indiscriminately targeting people around the world. These malicious technologies are a threat to the entire ecosystem and it\u2019ll take all of us to defend against it. Today\u2019s ruling shows spyware companies that their illegal actions against American technologies will not be tolerated.<\/span><\/p>\n In this specific case, we know we have a long road ahead to collect awarded damages from NSO and we plan to do so. Ultimately, we would like to make a donation to digital rights organizations that are working to defend people against such attacks around the world. Our next step is to secure a court order to prevent NSO from ever targeting WhatsApp again.<\/span><\/p>\n As always, we encourage security researchers to report security bugs through our <\/span>Bug Bounty<\/span><\/a> program so we can work together to quickly resolve them and protect our users.<\/span><\/p>\n Finally, we\u2019re publishing (unofficial) transcripts of deposition videos that were shown in open court so that these records are available to researchers and journalists studying these threats and working to protect the public. We intend to add official court transcripts once they become available.<\/span><\/p>\n<\/p><\/div>\n