A group of tech companies has filed an amicus brief supporting Facebook’s lawsuit against NSO Group.
Microsoft, Google, Cisco, and VMWare have all joined an amicus brief supporting the lawsuit filed by Facebook-owned WhatsApp against a spyware vendor last year. The lawsuit alleges that NSO Group’s software was used to hack 1,400 devices via a vulnerability in the WhatsApp messaging service.
In response to Facebook’s lawsuit NSO Group has argued the company should benefit from “sovereign immunity” because it sells its tools to foreign governments. NSO Group was denied a grant of sovereign immunity in the Northern District of California in July but has since appealed to the Ninth Circuit to have the ruling overturned.
“We believe the NSO Group’s business model is dangerous and that such immunity would enable it and other PSOAs to continue their dangerous business without legal rules, responsibilities, or repercussions. That’s why today we filed an amicus brief – along with Cisco, GitHub, Google, LinkedIn, VMWare, and the Internet Association – in a legal case brought by WhatsApp against the NSO Group,” said Microsoft in a press release.
Microsoft alleges that the existence of the software used to hack WhatsApp, known as Pegasus, increases the risk that the weapons they create fall into the wrong hands. Microsoft used the example of government-created espionage tools that got into the hands of other governments who used them in attacks like WannaCry and NotPetya. According to Microsoft, those attacks spread like wildfire beyond the targeted victims and ultimately devastated lives and disrupted businesses worldwide.
“The expansion of sovereign immunity that NSO seeks would further encourage the burgeoning cyber-surveillance industry to develop, sell and use tools to exploit vulnerabilities in violation of U.S. law,” said Microsoft.
Microsoft also claims the software is not subject to the same constraints when private companies make it rather than government security agencies. According to Microsoft, governments have to worry about their diplomatic relationships and keeping their citizens safe, whereas private companies do not.
Finally, Microsoft argues that these tools are a threat to human rights. Human rights defenders and technologists are closely watching the lawsuit. Many of the individuals concerned with the outcome of the case have long warned that NSO’s services were being used to harm innocents and stifle political dissidents.
Microsoft noted an analysis of recent cyber-attacks that was able to identify five countries using offensive cyber capabilities between 2012 and 2015, those being: Russia, China, North Korea, France, and Israel. However, since the study, Microsoft claims that the number of countries using cyber-attacks has dramatically increased.
“Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, or knowingly permit their use for such purposes, regardless of who their customers are or what they’re trying to achieve. We hope that standing together with our competitors today through this amicus brief will help protect our collective customers and global digital ecosystem from more indiscriminate attacks,” said Microsoft in a press release.