Tech giants including the likes of Microsoft, Google, Cisco, and VMWare have signed today an amicus brief in support of Facebook’s lawsuit against the NSO Group, an Israeli company that makes and sells hacking tools to foreign governments.
Besides the four, the amicus brief was also signed by Microsoft subsidiaries GitHub and LinkedIn, but also by the Internet Association, an industry lobby group representing tens of other tech companies, such as Amazon, Twitter, Reddit, Discord, PayPal, eBay, Uber, and many others.
The amicus brief was filed in a lawsuit Facebook filed against the NSO Group in October 2019.
At the time, Facebook said the NSO Group developed an exploit against the WhatsApp mobile app that it later sold to its government contractors.
A subsequent investigation discovered that the exploit was used to install malware on the phones of more than 1,400 WhatsApp users, including attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.
Facebook argued that the NSO Group was committing a crime. In the months that followed the initial lawsuit, the NSO Group fought the legal case by arguing that it was merely providing software to its government contractors.
With today’s amicus brief, the signatories want to show the judge they stand with FAcebook’s position on the matter of third-party-developed hacking tools.
In a blog post published earlier today explaining its decision to sign the amicus brief [PDF], Microsoft argued that companies like the NSO Group, which are often referred to as cyber mercenaries or PSOAs (private-sector offensive actors), are currently operating in a legal grey area, with no rules.
Tom Burt, Microsoft’s Corporate Vice President of Customer Security & Trust, says that the NSO Group is trying to establish a dangerous legal precedent in the Facebook case by “attempting to cloak itself in the legal immunity afforded [to] its government customers, which would shield it from accountability when its weapons inflict harm on innocent people and businesses.”
Burt, along with the other amicus brief signatories, argued that the creation, use, and management of hacking tools should be restricted to governments only, as governments are subject to international laws and diplomatic consequences for their actions that a company like the NSO Group is not.
“We believe the NSO Group’s business model is dangerous and that such immunity would enable it and other PSOAs to continue their dangerous business without legal rules, responsibilities or repercussions,” Burt said.
A spokesperson for the NSO Group did not return a request for comment.