Can Big Tech Save Us From the Power of Government?

WhatsApp, the encrypted messaging phone app owned by Facebook, is suing Israeli tech companies for selling information on hidden vulnerabilities that allowed malicious actors to infiltrate and access private communications.

The targets of the lawsuit, NSO Group and Q Cyber Technologies, are both private companies. But this lawsuit is very much about government behavior. The companies' clients include government agencies in places like Mexico, Bahrain, and the United Arab Emirates. According to the suit, the hacking mechanisms sold by NSO and Q Cyber allowed for the targeting of "attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials."

In May, Facebook announced that it had tracked down the source of the vulnerability and shut it down. According to the lawsuit, an NSO employee actually complained to WhatsApp about the fact that they stopped the exploit.

The Washington Post notes that the NSO surveillance tool named "Pegasus" referenced in the WhatsApp lawsuit had previously been used to secretly snoop on Saudi dissident and journalist Jamal Khashoggi before he was murdered by people allegedly connected to Saudi Arabia's government.

On Tuesday, WhatsApp head Will Cathcart contributed an opinion piece to The Washington Post that should give any U.S. government official pause when trying to demand that tech companies provide ways to bypass encryption:

This should serve as a wake-up call for technology companies, governments and all Internet users. Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk. …

Democracies depend on strong independent journalism and civil society, and intentionally weakening security puts these institutions at risk. And we all want to protect our personal information and private conversations. That's why we will continue to oppose calls from governments to weaken end-to-end encryption.

The lawsuit is using the federal Computer Fraud and Abuse Act and California's own Computer Data Access and Fraud Act to target the two Israeli companies in the U.S. District Court for the Northern District of California. The lawsuit charges the company with violating the terms of use for WhatsApp and arranging for unauthorized access to the private data of the app's users. WhatsApp is asking the court for a permanent injunction stopping NSO Group from accessing WhatsApp and Facebook (and even using the two platforms at all), and compensatory and punitive damages.

So, while we have any number of government officials in the United States in both political parties and at the Department of Justice insisting that they should be calling the shots on how tech companies handle data privacy, it's also abundantly clear that it is very dangerous to give government officials that sort of control. Attorney General William Barr's attempt to stop Facebook from implementing better data privacy and encryption on WhatsApp puts people in legitimate personal danger from oppression in some countries. Cathcart's resistance is praiseworthy.

Read the lawsuit for yourself here.