Microsoft, Google, and other tech vendors are throwing their considerable weight behind a Salvadoran journalist who is suing notorious Israeli spyware maker NSO Group in the United States after its Pegasus software was found installed on the Apple iPhones of almost two dozen of the news organization’s staff.

The journalist, Carlos Dada, and the Knight First Amendment Institute at Columbia University are appealing a decision in March by a judge in a California Federal Court dismissing the lawsuit, saying that Dada had no standing as a Salvadoran citizen to sue an Israeli company in the United States.

In an amicus brief filed this week supporting Dada’s appeal, Microsoft, Google, and the other vendors – Trend Micro and Microsoft-owned GitHub and LinkedIn – argued that there is considerable standing to sue NSO in the United States, given that the vendors filing the brief and others have worked closely with the Biden Administration to strengthen cybersecurity in the country and that they have spent billions of dollars bolstering the security of their products.

“Consistent with their focus on cybersecurity and protecting their customers from cyber-surveillance attacks, [the vendors] have a strong interest in ensuring that entities who facilitate covert access to their products and services in violation of federal and state law are held accountable in U.S. courts,” they wrote. “Holding bad actors accountable is vital to deterring malicious cyber-surveillance and other cyber-attacks.”

Even if the spyware was not used to target U.S. citizens or officials, the growing use of the tools inflict “substantial harm” on the country’s interest by exploiting products and services sold by U.S. tech companies, according to the vendors.

“The fact that NSO is a foreign entity does not diminish the United States’s interest in protecting American technology companies from NSO’s hacking activities,” they wrote.

Spyware an International Problem

The Biden Administration, other governments, and international rights groups like the University of Toronto’s Citizen Lab, Amnesty International, and Access Now have been pushing back against the growing use of spyware by governments and organizations to monitor and track journalists, human rights activists, political opponents, and similar people. NSO, with Pegasus, is among the most notorious spyware maker – it has admitted to selling the software to about 40 governments – but there are others.

Such software can be installed onto a person’s device without their knowledge and can steal device information, personal data, record browser histories, intercept communications, and record videos and calls.

The U.S. government has put visa restrictions on foreign nationals who abuse the technology and in 2021 blacklisted NSO. Earlier this year, the UK, France, and other countries signed onto the Pall Mall Process, an initiative aimed at combatting the spyware threat.

Dada’s Case

Dada directs El Faro, a news operation in El Salvador that was investigating the country’s government’s relationships with drug groups. Starting in June 2020, the iPhones of at least 22 El Faro employees were infected with Pegasus, which accessed the devices for about 18 months. During that time, the employees were subjected to at least 226 Pegasus infections.

The Knight Institute filed suit on behalf of Dada in 2022, arguing that the case belonged in the United States because it violated the country’s Computer Fraud and Abuse Act and that NSO deploys the spyware requires “deliberate and sustained attacks” on the infrastructure of U.S. companies like Apple, which filed its own lawsuit against NSO in 2021.

Apple also warned in April about spyware attacks on iPhone users.

Spyware a National Security Threat

In a blog post, Amy Hogan-Burney, general manager and associate general counsel for cybersecurity policy and protection for Microsoft, wrote in support of Dada’s appeal that “cyber mercenaries like NSO Group have exploited our technology by attacking our users and we believe that those who have been victimized are entitled to legal recourse even if they are located outside the United States.”

Hogan-Burney also noted that the proliferation of spyware is a national security threat to the United States and that the government has a “strong interest” in protecting U.S. tech companies from being exploited.

Harold Chun, director of security legal at Google, and Charley Snyder, the company’s head of security policy, wrote that “right now, many victims of spyware-enabled attacks are often using U.S.-based platforms — like Android or iOS — outside the United States. Our filing argues that victims of spyware-enabled attacks should be able to take legal action in the U.S. against spyware vendors under existing anti hacking laws — even if they were hacked abroad.”

A Multi-Front Battle

The amicus brief was one of a few spyware-related events this week. Meta’s WhatsApp filed suit against NSO in 2019, accusing the company of exploiting a vulnerability in WhatsApp to secretly deploy Pegasus on users’ devices. The case is continuing to make its way through the courts, with Amnesty International claiming that Israeli officials had seized documents in the lawsuit to prevent their disclosure in U.S. court during pretrial proceedings.

Meanwhile, a member of the European Parliament from Germany, Daniel Freund, who led the push to suspend Hungary’s turn as president of the Council of the EU told journalists this week that he narrowly missed having spyware deployed on his phone, a situation that comes five months after two other members of Parliament found spyware on their devices.

Two week ago, Apple issued a warning to users in 98 countries about spyware after earlier this year sending out a similar alert to users in 92 countries.