On May 20, 2026, the Knight Institute filed an amicus brief in WhatsApp v. NSO Group, a case concerning Pegasus, a commercial spyware tool developed by NSO Group. WhatsApp argues that NSO Group violated the Computer Fraud and Abuse Act (CFAA), California’s state-law analog, and WhatsApp’s terms of service through its role in the development and deployment of Pegasus.

The district court ruled in favor of WhatsApp in late 2024. A jury awarded damages in 2025, and the district court entered a permanent injunction. NSO Group subsequently appealed the court’s rulings on liability, injunctive relief, and damages.

The Knight Institute’s amicus brief describes the threat to free expression and press freedom that results from the use of commercial spyware like Pegasus. It argues that the global proliferation of spyware is not inevitable, and that U.S. courts can protect Americans and others from the harms of spyware. As the brief explains, companies involved in developing and deploying spyware to access devices without authorization can be held liable under the CFAA and California law.

Status: Briefing ongoing.

Case information: WhatsApp LLC v. NSO Group Technologies Ltd., No. 25-7380 (9th Cir.)