A federal judge issued a permanent injunction ordering NSO to stop using its Pegasus spyware to target or infect WhatsApp users, a decision Meta praised as a decisive step against the abuse of surveillance tools.
U.S. District Judge Phyllis J. Hamilton ruled that NSO must cease targeting WhatsApp users, attempting to infect their devices, or intercept WhatsApp messages. The judge also required NSO to delete any data obtained through such targeting, noting the prohibition applies to end-to-end encrypted communications safeguarded by the Signal Protocol.
The case stems from Meta’s 2019 lawsuit alleging that NSO used Pegasus to compromise roughly 1,400 mobile phones—belonging to lawyers, journalists, human-rights advocates, dissidents, diplomats, and officials—by creating fake WhatsApp accounts and exploiting Meta infrastructure to mount the intrusions.
In her ruling, Hamilton emphasized that the harm from unauthorized access to private information, and the breach of encryption, constitutes not only reputational damage but a direct business harm to companies offering privacy-protecting services like WhatsApp.
While NSO argued the injunction could force the company out of business, the judge said the harm to Meta’s privacy protections outweighed those concerns, and she also reduced the jury’s punitive damages from $167 million to $4 million, reflecting limits on punitive awards in this case.
