24 December 2020: Yesterday, eight civil society organisations from across the world including Access Now, Amnesty International, Committee to Protect Journalists, Internet Freedom Foundation, Paradigm Initiative, Privacy International, Reporters Without Borders, and Red en Defensa de los Derechos Digitales (R3D) filed an amici brief before the Ninth Circuit Federal Court of Appeals in California. The amici brief urges the Ninth Circuit to dismiss the NSO Group's appeal claiming sovereign immunity from WhatsApp's lawsuit which seeks to hold it liable for using WhatsApp’s servers to the deliver the Pegasus spyware to 1400 targets across the world.
In India, news first broke in October 2019 that at least two dozen human rights defenders including activists, academics, journalists and lawyers were targeted using a highly sophisticated spyware called Pegasus developed by the Israel based NSO Group. Pegasus targeted users by exploiting a vulnerability in WhatsApp, and it could gain complete access to a device by getting the user to click on a link or through a missed call. These revelations led to widespread outrage especially since the targets of the hack were human rights defenders and the NSO Group claims that it only sold Pegasus to government entities.
The fact that the NSO Group's customers are government entities is key to its defence before courts in the United States, and it has argued that the doctrine of sovereign immunity which is typically only available to foreign nation states should also extend to private corporations which act at the behest of foreign nation states. If such an argument is accepted, it would be impossible to hold private corporations accountable for enabling human rights violations by authoritarian regimes.
As the amici brief notes, granting sovereign immunity to the NSO Group would place the surveillance industry wholly outside the framework created by the UN Guiding Principles on Business and Human Rights and leave victims without any remedy. The issue of remedilessness is particularly relevant in the Indian context because there has been no accountability for the Pegasus hack despite multiple parliamentary committees, central government departments and state governments claiming to investigate the issue.
In addition to legal arguments rooted in international human rights law, the amici brief also shines a spotlight on the harm suffered by human rights defenders who were targeted using Pegasus and it features personal accounts of victims from India, Rwanda, Togo and Morocco. In particular, the brief quotes activist, researcher and lawyer, Bela Bhatia who has been defending the rights of Adivasi communities in Chhattisgarh for several years and was one of the Indian targets of the Pegasus hack.
Our executive director, Apar Gupta notes that:
"On October 30 we marked one year of the NSO-Pegasus hack. Despite major headlines in India, there was an absence of any sustained institutional action for the terrible breaches of safety and privacy caused due to NSO Group's Pegasus Spyware. We hope this amici brief helps achieve some redress at a systemic if not individual level for the victims, several of whom are journalists and human rights defenders, for this grossly illegal act of surveillance."
We are extremely grateful to Access Now for coordinating between the amici organizations and also to the litigators from Farella Braun + Martel LLP for their pro bono legal assistance in this case.