The $167 million verdict that Meta Platforms just secured against Israeli spyware-maker NSO Group isn’t just a courtroom win. It’s a shot across the bow of the private surveillance industry – and a signal that US courts refuse to gloss over abuses of digital privacy as collateral damage in the fight against crime or terror.
After just one day of deliberation, a federal jury in California awarded Meta $167 million in punitive damages against NSO. That figure isn’t just symbolic. It reflects the jury’s finding that NSO’s conduct was malicious, oppressive, or fraudulent.
The spyware in question, Pegasus, is no ordinary code. It exploited a vulnerability in WhatsApp’s system to infect 1,400 users’ devices without their knowledge – granting NSO’s clients (which include foreign governments) the ability to track targets, activate microphones and cameras, and access nearly every aspect of a person’s private digital life.
Used against critics
Those targets included journalists, political dissidents, and human rights advocates. The spyware was deployed not against criminals, but critics. And now, for the first time, a jury has declared that what Meta described as “despicable” hacking comes at a high cost.
This isn’t just a win for Meta. It’s a precedent-setting moment in the legal fight over spyware. Until now, private surveillance vendors operated in a legal gray zone – asserting immunity based on their government clients.
This verdict makes clear that spyware vendors can be held directly accountable in US courts, governmental immunities notwithstanding.
Surveillance tech regulation
Of course, collecting the money may prove difficult.
Nevertheless, the judgment itself is valuable because it marks the first time a court has imposed real financial liability on a spyware maker – and it opens the door for others to do the same.
It also bolsters efforts by the United States government to draw red lines around the use of commercial spyware.
The Biden administration has already blacklisted NSO, citing its role in enabling transnational repression. This jury verdict will only increase pressure on policymakers to regulate surveillance tech more aggressively – and to treat digital privacy not just as a user expectation, but more like a civil right.
In the end, this case was not about how powerful spyware can be. We already knew that. It was about whether the people who build and sell it can operate without consequence. The jury has answered: Not anymore.
The writer, an attorney, leads the American law firm Ehrenstein|Sager, specializing in commercial law, litigation, and high-risk international arbitration.