The first half of 2025 has seen significant developments to curb the use of spyware, software that can extract users’ data, such as videos, photos and emails, and can turn phones and computers into surveillance devices. In April, the Pall Mall Process, steered by the United Kingdom and France, issued a non-binding, voluntary Code of Practice to tackle threats posed by spyware. As of July, 25 States have signed on. In May, a California jury awarded WhatsApp $167 million in punitive damages against the Israeli company NSO Group for violating the Computer Fraud and Abuse Act, the California Comprehensive Computer Data Access and Fraud Act, and WhatsApp’s terms of service for using WhatsApp servers to install its Pegasus spyware on more than 1,400 users’ devices. And, on July 8, the U.S. Court of Appeals for the Ninth Circuit reversed a district court decision dismissing the Dada case brought by journalists from El Salvador against NSO Group for targeting them with Pegasus. The case has been remanded to the district court to reassess the appropriateness of California as a venue in light of the Appeals Court’s decision. These civil lawsuits play an important gap-filling function as governments have yet to enact binding regulations for this technology.
Legal Frameworks for Addressing Spyware Harms (Lisandra Novo – Just Security)
Related articles
