Pegasus Surveillance: All You Want To Know About The Whatsapp Suit In US Against Israeli Spy Firm [Read Complaint]

Pegasus Surveillance: All You Want To Know About The Whatsapp Suit In US Against Israeli Spy Firm [Read Complaint]

The media reports about Whatsapp suing an Israeli spy firm in the USA for allegedly helping governments of several countries to snoop on roughly 1400 users across four continents sent shock waves across the world.

LiveLaw has accessed the copy of the complaint filed by Whatsapp in the US court. The details of the case are as folllows :

The case was filed by WhatsApp Inc. and Facebook Inc. before the Northern District Court of California, alleging that the Israel based firm named NSO used WhatsApp servers, located in the United States and elsewhere, to send the malware to approximately 1,400 mobile phones and devices of WhatsApp users to infect the Target Devices for the purpose of conducting surveillance.

Last month, WhatsApp had issued an official statement, admitting that the Defendant Company had accessed and used its servers between April and May, 2019, without authorization and had infected target users' devices with Pegasus malware.

Pegasus is a type of spyware known as a remote access Trojan designed to be remotely installed and enable the remote access and control of information, including calls, messages, and location on mobile devices using the Android, iOS, and BlackBerry operating systems.

The Target Users included attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials, including those from India.

Allegedly, NSO was unable to break WhatsApp's end-to-end encryption and thus it developed its malware in order to access messages and other communications after they were decrypted on Target Devices. In order to send this malware to the target devices in the form of a malicious code, NSO created WhatsApp accounts. In the process, it also accessed and used WhatsApp's Signaling Servers and Relay Servers without authorization.

Breach of Contract

In its plea, WhatsApp alleged that NSO was in definite breach of WhatsApp's Terms of Service which prohibited its users from exploiting its Services in impermissible or unauthorized manners, or in ways that burden, impair, or harm WhatsApp, its Services, systems, users, or others.

Since NSO had agreed to WhatsApp's Terms of Service by accessing and using WhatsApp, it was bound by the same.

As per the plea, NSO's actions caused damages to WhatsApp of more than $75,000, in addition to injuring its reputation, public trust, and goodwill.

NSO was also alleged to have violated WhatsApp terms of service that require its users not to:

  • send, store, or transmit viruses or other harmful computer code through or onto its Services;
  • gain or attempt to gain unauthorized access to its Services or systems;
  • interfere with or disrupt the safety, security, or performance of its Services;
  • collect the information of or about its users in any impermissible or unauthorized manner.

Trespass to Chattels

It was argued by WhatsApp that it had legal title to and actual possession of its computer systems and that NSO had intentionally and without authorization interfered with its possessory interest in such computer systems. Thus, NSO was guilty of trespassing chattel.

WhatsApp also submitted that NSO had contravened the provisions of Computer Fraud and Abuse Act, 18 U.S.C. § 1030 and California Comprehensive Computer Data Access and Fraud Act, California Penal Code § 502 because it intentionally accessed and caused to be accessed WhatsApp's computers and Target Devices, without authorization and by means of such conduct furthered the intended fraud and obtained something of value.

Stating that the court had personal jurisdiction over NSO because it obtained financing from California and directed and targeted its actions at WhatsApp computers, several of which were located in California, WhatsApp prayed for injunctive relief and damages pursuant to the aforementioned statues, for breach of contract and for trespass to chattels.

The Court was also said to have personal jurisdiction because NSO had agreed to WhatsApp's Terms of Service that required NSO to submit to the personal jurisdiction of US Courts.

In its plea, WhatsApp has sought permanent injunction enjoining and restraining NSO from:

  1. Accessing or attempting to access WhatsApp's and Facebook's service, platform, and computer systems;
  2. Creating or maintaining any WhatsApp or Facebook account;
  3. Engaging in any activity that disrupts, diminishes the quality of, interferes with the performance of, or impairs the functionality of Plaintiffs' service, platform, and computer systems;
  4. Engaging in any activity, or facilitating others to do the same, that violates WhatsApp's or Facebook's Terms.

The complaint does not reveal the identity of the users targeted by NSO. Quoting sources from the messaging platform, The Indian Express has reported that at least two dozen academics, lawyers, Dalit activists and journalists in India were contacted and alerted by WhatsApp that their phones had been under state-of-the-art surveillance for a two-week period until May 2019.

Earlier this month, a plea seeking NIA Investigation and lodging of FIR against Facebook, WhatsApp and NSO Group under the provisions of the Information Technology Act and Indian Penal Code, for alleged surveillance of certain unnamed Indian journalists and activists, was filed before the Supreme Court of India.

The said plea, filed by former RSS ideologue KN Govindacharya, also sought to restrain the Indian Government from using Pegasus for surveillance purposes, as an interim measure.

Click here to download the petition


[Read the complaint Here]