Last Thursday, NSO Group Technologies Limited and corporate relative, Q Cyber Technologies Limited sought dismissal of the Computer Fraud and Abuse Act (CFAA) suit filed by Apple in December. The defendants’ motion to dismiss levels multiple arguments as to why the suit should proceed no further, including that NSO is protected by the doctrine of sovereign immunity, an argument that failed to gain traction before the Ninth Circuit in a similar case brought by WhatsApp.
Apple contends that NSO has conducted illegitimate business at its users’ expense and should be ordered to desist its conduct and pay remedial damages. Specifically, the suit accuses NSO of abusing Apple’s services and servers to perpetrate 2021 malware and spyware attacks on individuals including government officials, business people, and journalists. Apple further notes that NSO joined a list of U.S. Commerce Department entities singled out for harmful cyber activities in November.
Notably, the suit was filed after the aforementioned Ninth Circuit decision rejecting NSO’s sovereign immunity defense. NSO argued, as it does here, that it is entitled to the protective shield because as an agent of a foreign government, it is entitled to common-law sovereign immunity when acting on behalf of the sovereign. The motion to dismiss notes that though the Ninth Circuit shut down its argument, it has agreed to stay its mandate while NSO appeals to the Supreme Court.
In contrast to Apple’s filing describing NSO as a modern mercenary, NSO describes itself as “an Israeli technology company that designs and markets a highly regulated technology to government agencies for uses such as counterterrorism and investigating serious crimes.”
The motion also refutes allegations made by Apple as to the nature of its business. “NSO does not target anyone, and it contractually prohibits its customers from using the Pegasus technology against anyone not a suspected terrorist or serious criminal,” the defendants contend.
Aside from its sovereign immunity defense, NSO asserts that Apple brought the case in the wrong forum. The defendants argue that litigating in California is burdensome in view of the fact that the company and its employees are located in Israel. Furthermore, Apple neither contends that NSO designed any of its technology in the United States, nor that any of NSO’s foreign government customers ever used NSO’s technology on a device located in the country, the filing says.
Among other arguments, NSO also says that Apple cannot state a claim under the CFAA because the plaintiff “does not allege that NSO unlawfully accessed any computer owned by Apple, and NSO’s alleged access to Apple users’ devices did not injure Apple in any way the CFAA protects.”