Apple Asks to Have Pegasus Spyware Lawsuit Dismissed for Security Reasons
Toggle Dark Mode
Nearly three years ago, Apple filed a groundbreaking legal action against NSO Group, hoping to sue the mercenary spyware maker out of existence. However, now it seems the company is having second thoughts, fearing that the legal process could do more harm than good.
According to Joseph Menn at The Washington Post (Apple News+), Apple has petitioned a court to dismiss the late 2021 lawsuit due to concerns that it would have to disclose information that might help NSO and other companies that develop dangerous iPhone hacking tools.
NSO Group is an Israeli company best known for Pegasus, a controversial Industrial spyware tool that ostensibly only exists for governments to use in fighting terrorism. However, it should come as little surprise that many less ethical regimes have been caught using it to target “enemies of the state,” including journalists and human rights activists.
While Pegasus has been around since 2014, its activities broke into the public consciousness in July 2021 when Amnesty International discovered unknown state-sponsored attackers were actively using the tool to target and spy on “human rights defenders (HRDs) and journalists around the world.” The forensic analysis found that over 80 journalists in 10 different countries had fallen victim to Pegasus and determined the tool to be a source of “widespread, persistent, and ongoing unlawful surveillance and human rights abuses.”
It was never clear where these attacks came from, but since NSO Group claims it only sells Pegasus to government and law enforcement agencies — and charges a substantial price for the tool — it’s a safe bet that these were state-sponsored attacks.
At the same time Apple announced its lawsuit against NSO Group, it pledged to notify iPhone users it believed had been targeted by Pegasus and similar spyware. Less than two weeks later, several US State Department officials were advised their iPhones had been targeted.
Apple had spent years fighting Pegasus on a technical level. However, every time it closed one loophole, NSO Group researchers found another one to exploit. The continuing and expanding attacks on iPhone users prompted Apple to file a lawsuit to hold the company accountable for its role in facilitating what security researchers have called “some of the world’s worst human rights abuses and acts of transnational repression.”
However, after three years of slow legal wrangling, Apple has decided to throw in the towel. In a Monday court filing, it asks for the case to be dismissed without prejudice, stating that continuing the case would put “vital security information at risk.”
When it filed this lawsuit nearly three years ago, Apple recognized that it would involve sharing information with third parties. However, developments since the filing of this lawsuit have reshaped the risk landscape of sharing such information. Apple knows and appreciates that this Court would take the utmost care with the sensitive information relevant to this case. But it is also aware that — now more than ever — predator spyware companies, including those not before this Court, will use any means to obtain this information. Because Apple currently uses its threat-intelligence information to protect every one of its users in the world, any disclosure, even under the most stringent controls, puts this information at risk. Because of the developments since this suit was filed, proceeding forward at this time would now present too significant a risk to Apple’s threat-intelligence program.Apple’s Motion for Voluntary Dismissal – Case No. 3:21-cv-09078-JD
Apple lists three more recent developments that have made it riskier to proceed with the case. First, Apple has built more advanced protections it’s “currently using to protect users from Defendants and other spyware companies” that it naturally wants to keep top secret lest adversaries find ways to circumvent them and attack users’ iPhones in ways that Apple can’t detect or protect against.
Secondly, the landscape of the commercial spyware industry has changed, with the single, powerful NSO Group being “supplanted in part by a growing number of different spyware companies.” As a result, Apple isn’t convinced that trying to topple Pegasus is worth the potential risks, as even a complete victory wouldn’t eliminate the threats posed by malicious spyware from other companies. On the other hand, Apple also applauds the efforts of governments to recognize the risk to their citizens and join together in international agreements to try and take action “to mitigate the devastating impact of spyware.”
Lastly, while this part of the court filing is partially redacted, Apple points to actions that have already been taken by NSO Group and “others” to try and avoid producing information as part of the discovery process. The filing cites a July 2024 article in The Guardian alleging that officials from Israel’s ministry of justice hacked WhatsApp, which is fighting a similar legal battle against NSO Group, to obtain “highly controlled materials connected to the parallel WhatsApp legislation while also seizing documents to effectively put them into protective custody so that NSO Group would be prevented from disclosing them to US courts for national security reasons.
While Apple takes no position on the truth or falsity of the Guardian Story described above, its existence presents cause for concern about the potential for Apple to obtain the discovery it needs.Apple’s Motion for Voluntary Dismissal – Case No. 3:21-cv-09078-JD
This has led Apple to believe it will have difficulty getting anything useful out of NSO Group despite having to disclose a great deal of its own confidential information that could potentially fall into the wrong hands — particularly in a “high threat environment where adversaries aggressively seek this information using any means necessary.”
As the defendant, NSO Group filed to have the case dismissed in January, claiming that Apple was at fault for shipping vulnerable software and allowing criminals and terrorists to communicate in secret. It lost that bid, along with a request to move the case to an Israeli court.
While it may appear that Apple is now giving NSO Group what it wants, the reality is that it’s no longer the mercenary spyware titan it was three years ago. As Ronald Deibert, director of the University of Toronto’s Citizen Lab, told The Washington Post “NSO Group is on the ropes, no longer the only firm in town, and nowhere near as formable as they once were.”
That doesn’t mean mercenary spyware is no longer a threat; merely that there are many more players on the field now. Apple will undoubtedly continue its efforts to beef up iPhone security and track NSO and other spyware vendors to at least ensure that iPhone users are notified when such attacks have attempted to target them. Meanwhile, features like the Lockdown Mode introduced in iOS 16 go a long way in protecting government officials, journalists, human rights activities, and others who are most at risk of being targeted by mercenary spyware like Pegasus.