A United States jury has ordered Israeli spyware maker NSO Group to compensate WhatsApp with $167.3 million (over Rs 1,417 crore) in punitive damages in connection with a cyber espionage lawsuit filed in 2019, according to AFP.
Additionally, the jury mandated that NSO Group pay $444,719 (around Rs 37 lakh) as compensatory damages.
WhatsApp, which is owned by Meta, initiated legal proceedings in a federal court in Northern California in 2019, accusing the Israeli firm of deploying its Pegasus spyware through the messaging app to infiltrate users’ devices, including those of journalists and human rights defenders.
According to WhatsApp, the Pegasus spyware was allegedly used to breach the privacy of 1,400 users over a two-week span between April and May 2019.
A US court, in a December ruling, sided with Meta, concluding that NSO had unlawfully exploited a security flaw in WhatsApp to insert surveillance software into users’ phones. The ruling settled the question of liability, and the matter moved forward to determine the scale of financial penalties.
In response to the verdict, Meta stated it marked a significant milestone in upholding user safety and data protection. The company called the decision “the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone.”
Gil Lainer, NSO Group’s Vice President for Global Communication, responded to the ruling by stating they would “carefully examine the verdict’s details and pursue appropriate legal remedies, including further proceedings and an appeal,” according to AFP.
He further asserted, “We firmly believe that our technology plays a critical role in preventing serious crime and terrorism and is deployed responsibly by authorized government agencies.”
Pegasus, once installed on a device, can typically access a wide range of personal data including phone calls, emails, encrypted messages, images, and geolocation — all without alerting the user.
NSO Group, a prominent cyber intelligence provider, claims it licenses Pegasus only to carefully selected government clients with strong human rights track records, asserting that the tool is meant for tracking criminals and terrorists.
However, in July 2021, revelations by a consortium of 17 media organizations along with Amnesty International indicated that the spyware had been misused for unauthorized surveillance of journalists, activists, and political figures globally, including individuals in India.
High-profile Indian names among the alleged targets included Congress leader Rahul Gandhi, former Election Commissioner Ashok Lavasa, Union Ministers Ashwini Vaishnaw and Prahlad Singh Patel, industrialist Anil Ambani, former CBI Director Alok Verma, and many human rights defenders including the late SAR Geelani.
The Indian government, however, rejected these claims. In Parliament, IT Minister Ashwini Vaishnaw asserted in July 2021 that “illegal surveillance was not possible in India.”
In response to these disclosures, the Supreme Court of India set up a technical committee to investigate the charges. By August 2022, the court revealed that five out of 29 mobile phones examined by the panel contained some form of malware, though it could not be conclusively identified as Pegasus.
More recently, on April 29, the Supreme Court noted that while it was not inherently problematic for the Indian state to possess spyware for national security objectives, it expressed unease regarding the alleged misuse of such tools against private individuals. The next hearing in this matter is scheduled for July 30.
In November 2021, the US government placed NSO Group on a trade blacklist, declaring that the company had engaged in activities “contrary to the foreign policy and national security interests of the US.”
 in punitive damages in connection with a cyber espionage lawsuit filed in 2019, according to AFP.){kind=link}