A two-page letter sent by WhatsApp Inc. and Facebook Inc.’s counsel to the Ninth Circuit Court of Appeals last week advised of a recent U.S. Department of Commerce decision to place NSO Group Technologies Limited on the watchdog’s restrictive “Entity List.” The November 4 filing asserts that as a result, NSO Group has been singled out as a nefarious actor and has not been afforded immunity by the U.S. State Department. It therefore cannot rely on sovereign immunity as a defense for its actions, the filing says.
In October 2019, WhatsApp alleged that NSO Group sent malware through WhatsApp to around 1,400 mobile phones and devices, infecting the devices to spy on users. The following July, an Oakland, Calif. federal court partly dismissed the suit and determined that NSO Group could not assert sovereign immunity as an affirmative defense as derived from its sovereign nation clients. NSO Group and co-defendant Q Cyber Technologies Limited appealed, and the matter is now pending before the Ninth Circuit.
Last week’s submission comes after the parties handed in their written arguments and after a video hearing was held in April. The letter references a determination by the End-User Review Committee (ERC), chaired by the Department of Commerce, concluding that the conduct of NSO Group raised concerns warranting its placement on the list. Specifically, NSO Group and another Israeli entity, Candiru, were named to the list based on evidence that they created and supplied spyware to foreign governments that reportedly enabled those sovereigns to maliciously target government officials, journalists, business people, activists, and others.
WhatsApp argues that the move only underscores its contention that “no established government practice accords foreign-official conduct-based immunity to entities like NSO and that, in any event, NSO cannot qualify for conduct-based immunity.” The affirmative defense has no basis in domestic law, the filing asserts.