The NSO Group, an Israeli firm that makes spyware, was sued by Apple in federal court on Tuesday.
The lawsuit is the second of its kind, and it represents another consequential move by a private company to curb the use of spy tools by governments and companies.
For the first time, Apple wants to hold NSO accountable for what it says was the targeting of Apple users. Apple wants to permanently prevent NSO from using any Apple software, services or devices, a move that could render the company's product worthless, given that its core business is to give NSO's government clients full access to a target's phone.
Apple is asking for compensation for the time and cost it would take to deal with NSO abusing its products. Apple said it would give the money from the damages to the organizations that expose it.
Since NSO was founded in 2010, executives have said that they only sell to governments for lawful intercept, but a series of revelations by journalists and private researchers have shown the extent to which governments have deployed NSO's Pegasus spyware against journalists, activists and dissidents.
The lawsuit was described as a warning shot by Apple executives. Ivan Krstic, head of Apple security engineering and architecture, said in an interview on Monday that Apple will give no quarter if it is weaponized against innocent users, researchers, dissidents, activists or journalists.
The NSO Group has had a number of setbacks. The Biden administration blacklisted two Israeli companies, NSO and Candiru, after they were found to have supplied espionage software to foreign governments.
The ban on American organizations working with NSO is the strongest step the American administration has taken to bring the global marketplace for spyware to heel.
The Israeli government approves the sale of NSO's software to foreign governments and considers the software a critical foreign policy tool. The executive set to take over NSO Group quit after the business was blacklisted, the company said.
The United States Court of Appeals for the Ninth Circuit rejected NSO Group's motion to dismiss Facebook's lawsuit one week after the federal ban. The firm argued that it could claim immunity. The court rejected NSO's argument and allowed Facebook's lawsuit to proceed.
Apple is going to file a lawsuit against NSO on Tuesday. Lookout, a San Francisco mobile security company now owned byBlackBerry, and the Citizen Lab, a research institute of the Munk School of Global Affairs at the University of Toronto, discovered in 2016 that NSO's Pegasus spyware was taking.
The company is at risk of default according to Moody's. NSO has $500 million of debt and has a severe cash flow problem, which led Moody's to lower it by two levels.
NSO gave its government clients access to the full contents of a target's phone, which allowed agents to record phone calls, read text messages, capture sounds and footage off their cameras, and trace a target's location.
The company charged the government $650,000 to spy on 10 people, along with a $500,000 setup fee, according to documents leaked to The New York Times. The documents show that NSO had customers in the United Arab Emirates and Mexico.
Those revelations led to the discovery of NSO's spyware on the phones of human rights activists in the U.A.E. and journalists, activists and human rights lawyers in Mexico.
Card 1 of 6.
A tech company is in trouble. The leak of internal documents by a former Facebook employee has given an intimate look at the operations of the secretive social media company and renewed calls for better regulations of the company's wide reach into the lives of its users.
The person who blew the whistle. During an interview with "60 Minutes" that aired in October, a former product manager at Facebook said that she was responsible for leaking internal documents.
Ms. Haugen testified in Congress. Ms. Haugen testified before a Senate subcommittee that she believed that Facebook was willing to use harmful content to keep users coming back. Facebook executives called her accusations false.
The Facebook papers were published. Ms. Haugen gave the documents to Congress in redacted form. The New York Times was one of the news organizations that received the documents.
NSO said it would investigate any accusations of abuse, but it did not stop the governments from continuing to misuse the software.
The opening for Apple's lawsuit was created in March after NSO's Pegasus spyware was discovered on the phone of a Saudi activist. The Citizen Lab discovered that the NSO's Pegasus spyware had not been seen before. The target of the spyware could be unaware that it was infecting their phones, computers and Apple Watches.
Citizen Lab gave Apple a sample of the zero-click scheme in September. Emergency software updates were issued for its computers after the discovery.
Apple was given a forensic understanding of how Pegasus worked by the sample of Pegasus. The company found that NSO had created more than 100 fake Apple IDs. NSO would have had to agree to Apple's terms and conditions in order to create those accounts, which required that the users' engagement with Apple be governed by the laws of the state of California.
Apple brought its lawsuit against NSO in the Northern District of California.
Heather Grenier, Apple's senior director of commercial litigation, said that this was a violation of the company's terms of service and customers' privacy. To send a clear signal that we are not going to allow abuse of our users, this is our stake in the ground.
Apple said it would offer free technical, threat intelligence and engineering assistance to Citizen Lab and other organizations that were involved in rooting out digital surveillance. Apple said it would donate $10 million and give any damages.
Digital rights experts said Apple's suit was threatening. Ron Deibert is the director of Citizen Lab. No one in their right mind would want to work for that company. This is an industrywide problem, not just one company.
He said that the suit could be a step towards more oversight of the industry.
Mr. Deibert said that steps like this are incomplete. Governments need to do more.
