WhatsApp, the encrypted messaging phone app owned by Facebook, is suing Israeli tech companies for selling information on hidden vulnerabilities that allowed malicious actors to infiltrate and access private communications.
The targets of the lawsuit, NSO Group and Q Cyber Technologies, are both private companies. But this lawsuit is very much about government behavior. The companies' clients include government agencies in places like Mexico, Bahrain, and the United Arab Emirates. According to the suit, the hacking mechanisms sold by NSO and Q Cyber allowed for the targeting of "attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials."
In May, Facebook announced that it had tracked down the source of the vulnerability and shut it down. According to the lawsuit, an NSO employee actually complained to WhatsApp about the fact that they stopped the exploit.
The Washington Post notes that the NSO surveillance tool named "Pegasus" referenced in the WhatsApp lawsuit had previously been used to secretly snoop on Saudi dissident and journalist Jamal Khashoggi before he was murdered by people allegedly connected to Saudi Arabia's government.
On Tuesday, WhatsApp head Will Cathcart contributed an opinion piece to The Washington Post that should give any U.S. government official pause when trying to demand that tech companies provide ways to bypass encryption:
This should serve as a wake-up call for technology companies, governments and all Internet users. Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk. …
Democracies depend on strong independent journalism and civil society, and intentionally weakening security puts these institutions at risk. And we all want to protect our personal information and private conversations. That's why we will continue to oppose calls from governments to weaken end-to-end encryption.
So, while we have any number of government officials in the United States in both political parties and at the Department of Justice insisting that they should be calling the shots on how tech companies handle data privacy, it's also abundantly clear that it is very dangerous to give government officials that sort of control. Attorney General William Barr's attempt to stop Facebook from implementing better data privacy and encryption on WhatsApp puts people in legitimate personal danger from oppression in some countries. Cathcart's resistance is praiseworthy.
Read the lawsuit for yourself here.