Skip to main content

Microsoft and Google join Facebook’s legal fight against infamous spyware vendor

Microsoft and Google join Facebook’s legal fight against infamous spyware vendor


Alongside Cisco, VMWare, and the Internet Association

Share this story

A stock image of the Microsoft logo.
Image by Alex Castro / The Verge

A group of high profile tech companies including Microsoft, Google, Cisco, and VMWare have filed an amicus brief in support of Facebook’s legal action against NSO Group, Microsoft has announced. Facebook-owned WhatsApp sued the spyware vendor last year, alleging that its software was used to hack 1,400 devices via a vulnerability in the messaging service. Other companies listed on the filing include the Internet Association, and Microsoft subsidiaries GitHub and LinkedIn.

In response to Facebook’s lawsuit last year, NSO Group has argued it should benefit from “sovereign immunity,” Reuters reports, because it sells its tools to foreign governments. However, in July a judge denied its request to dismiss the lawsuit. Now NSO Group is appealing to overturn the ruling, and it’s this appeal attempt that Microsoft and others are pushing back against. 

“Private companies should remain subject to liability”

In a blog post titled “Cyber Mercenaries Don’t Deserve Immunity” Microsoft outlines three reasons why it believes NSO Group’s actions are concerning, and why it doesn’t deserve the immunity it’s seeking. “We believe the NSO Group’s business model is dangerous and that such immunity would enable it and other PSOAs [private-sector offensive actors] to continue their dangerous business without legal rules, responsibilities or repercussions,” Microsoft’s post says.

First, Microsoft argues that NSO Group’s “weapons” could be incredibly dangerous if they fall into the wrong hands. Second, it says these tools are not subject to the same constraints when they’re made by private companies rather than government security agencies. Governments have to worry about their diplomatic relationships and keeping their own citizens safe, whereas private companies do not. Finally, Microsoft argues that these tools are a threat to human rights, following reports that they have been used on journalists and human rights defenders.

“Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, or knowingly permit their use for such purposes, regardless of who their customers are or what they’re trying to achieve,” Microsoft’s post concludes, “We hope that standing together with our competitors today through this amicus brief will help protect our collective customers and global digital ecosystem.”

NSO Group did not immediately respond to a request for comment. In the past, the company has argued that its software is used by governmental law enforcement agencies to tackle organized crime and terrorism. It says that it investigates any allegations of the misuse of its products.

Multiple reports over the years have alleged that NSO Group’s spyware has been used against targets ranging from journalists and political dissidents. Over the weekend, a report from Citizen Lab claimed its software was used to hack the phones of dozens of Al Jazeera employees, and its previously been reported that the software has been used to target a Spanish politician, and Mexican journalists, among others.