spyware

The judge ruled NSO caused ‘irreparable harm’ to Meta, but said an earlier award of $168m in damages was ‘excessive’.

A United States judge has granted an injunction barring Israeli spyware maker the NSO Group from targeting WhatsApp users, saying the firm’s software causes “direct harm” but slashed an earlier damages award of $168m to just $4m.

In a ruling on Friday granting WhatsApp owner Meta an injunction to stop NSO’s spyware from being used in the messaging service, district judge Phyllis Hamilton said the Israeli firm’s “conduct causes irreparable harm”, adding that there was “no dispute that the conduct is ongoing”.

Hamilton said NSO’s conduct “serves to defeat” one of the key purposes of the service offered by WhatsApp: privacy.

“Part of what companies such as WhatsApp are ‘selling’ is informational privacy, and any unauthorised access is an interference with that sale,” she said.

In her ruling, Hamilton said that evidence at trial showed that NSO reverse-engineered WhatsApp code to stealthily install its spyware Pegasus on users’ phones, and repeatedly redesigned it to escape detection and bypass security fixes.

NSO was founded in 2010 and is based in the Israeli seaside tech hub of Herzliya, near Tel Aviv.

Pegasus – a highly invasive software marketed as a tool for law enforcement to fight crime and terrorism – allows operators to remotely embed spyware in devices.

NSO says it only sells the spyware to vetted and legitimate government law enforcement and intelligence agencies. But Meta, which owns WhatsApp, filed a lawsuit in California federal court in late 2019, accusing NSO of exploiting its encrypted messaging service to target journalists, lawyers and human rights activists with its spyware.

Independent experts have also said NSO’s software has been used by nation states, some with poor human rights records, to target critics.

Judge Hamilton said her broad injunction was appropriate given NSO’s “multiple design-arounds” to infect WhatsApp users – including missed phone calls and “zero-click” attacks – as well as the “covert nature” of the firm’s work more generally.

Will Cathcart, the head of WhatsApp, said in a statement that the “ruling bans spyware maker NSO from ever targeting WhatsApp and our global users again”.

“We applaud this decision that comes after six years of litigation to hold NSO accountable for targeting members of civil society. It sets an important precedent that there are serious consequences to attacking an American company,” he said.

Meta had asked Hamilton to extend the injunction to its other products – including Facebook, Instagram and Threads – but the judge ruled there was no way for her to determine if similar harms were being done on the other platforms without more evidence.

Hamilton also ruled that an initial award of $168m against NSO for damages to Meta in May this year was excessive, determining that the court did not have “sufficient basis” to support the jury’s initial calculation.

“There have simply not yet been enough cases involving unlawful electronic surveillance in the smartphone era for the court to be able to conclude that defendants’ conduct was ‘particularly egregious’,” Hamilton wrote.

The judge ruled that the punitive damages ratio should therefore be “capped at 9/1”, reducing the initial sum by about $164m to just $4m.

Italy severs links with Paragon spyware after allegations of targeting critics and migrant rescuers spark outrage.

Italy has terminated its contracts with Israeli spyware company Paragon, after revelations that the surveillance technology was used against critics of the government – including journalists and migrant rescue workers – prompted political uproar and calls for a full investigation.

The move was confirmed in a parliamentary report released on Monday by the intelligence oversight committee COPASIR, which found that Italy’s intelligence services had initially paused, then cancelled their use of Paragon’s spyware.

The timeline of the contract’s end remains unclear, especially since Prime Minister Giorgia Meloni’s government had told parliament in February that the deal was still active.

Both the Italian government and Paragon confirmed the termination, but offered diverging narratives.

The controversy has provoked condemnation from opposition parties and media freedom advocates. Italy’s journalists’ union, FNSI, urged prosecutors to determine whether state surveillance laws were broken.

Paragon’s software was allegedly used to target individuals in Italy, including a journalist and members of the migrant rescue organisation Mediterranea, which has frequently criticised Meloni’s right-wing government.

Meta-owned WhatsApp revealed in January that the spyware had been deployed against dozens of users globally — including some in Italy.

Italian government denies illegality

The government has admitted that seven Italians were targeted, but maintains that any surveillance was lawful and overseen by a public prosecutor. It denied engaging in illicit spying and said it had tasked the National Cybersecurity Agency with reviewing the matter.

One of those allegedly targeted, Francesco Cancellato, editor of investigative outlet Fanpage, had claimed to the Reuters news agency and others that he was placed under surveillance.

But COPASIR said it found no evidence supporting the claim. Paragon, in a statement to Fanpage, said it halted services to Italy once Cancellato’s case came to light and claimed the Italian government refused a joint probe into the matter.

Meloni’s office has declined to comment. Meanwhile, opposition lawmakers are demanding that the government explain its role in parliament.

The report also revealed that Italy’s intelligence services had authorised the use of Paragon’s spyware in 2023 and 2024 to monitor a small number of individuals in connection with criminal investigations, including suspected “terrorism”, people smuggling and espionage.

COPASIR defended the surveillance of Mediterranea members Luca Casarini and Beppe Caccia, saying it was not due to their activism but their suspected links to irregular migration. The spyware’s use on them was approved by Undersecretary Alfredo Mantovano, Meloni’s top intelligence adviser, on September 5, 2024.

Mantovano did not respond to requests for comment.

Last month, a Sicilian court ordered Casarini, Caccia and four others to stand trial for allegedly aiding irregular immigration – a case widely seen as a test of Italy’s approach to migrant rescues. All deny the charges.