NSO Employees Take Legal Action Against Facebook for Banning Their Accounts

On Tuesday, lawyers representing current and former employees of Israeli surveillance contractor NSO Group took legal action against Facebook to try and get their accounts reinstated after being banned by the social media giant.

Last month, Facebook itself sued NSO in California for leveraging a vulnerability in the WhatsApp chat program that NSO Group clients used to hack targets. As part of that, Facebook also banned the personal Facebook and Instagram accounts of multiple current and former NSO employees.

The new lawsuit argues that Facebook violated its own terms of service by blocking the NSO employees, and it used personal information they shared with Facebook in order to identify them, in violation of an Israeli privacy law. As relief, the lawyers ask the court to make Facebook lift the ban on the accounts. The lawsuit was first reported in Israeli media.

“It appears that Facebook used the [NSO employees’] personal data…in order to identify them as NSO employees (or former employees), in service of imposing ‘collective punishment’ on them, in the form of blocking their personal accounts,” the lawsuit reads in Hebrew.

The lawsuit argues that the personal data used to identify them as NSO employees belonged to the individuals, and not Facebook. Lawyers representing the current and former NSO employees were not immediately available to comment.

Do you work for NSO Group, or did you used to? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The legal action says that the NSO employees were banned without warning even though they are “private people, who make private use of the social networks, whose only ‘sin’ was any association with NSO, as employees or former employees”

The lawsuit includes a screenshot of an email Facebook allegedly sent to someone who had their account suspended.

“This account has been disabled relating to litigation with NSO Group,” the email reads.

Facebook’s own lawsuit was in response to NSO’s product using a vulnerability in WhatsApp. NSO clients used the technique to target over 1,400 WhatsApp users, including activists, lawyers, and human rights defenders, according to researchers at Citizen Lab, who helped WhatsApp with its investigation.

While NSO markets its products as tools to combat terrorism and serious crime, researchers have repeatedly found NSO’s products being used to hack journalists and activists, from Mexico, to Saudi Arabia, to the United Arab Emirates. WhatsApp previously told Motherboard that some of the 1,400 targeted users were also instances of states spying on other states.

Facebook told Motherboard in a statement on Tuesday, “In October we filed a legal complaint which attributed a sophisticated cyber attack to the NSO Group and its employees that was directed at WhatsApp and its users in violation of our terms of service and U.S. law. Such actions warranted disabling relevant accounts and continue to be necessary for security reasons, including preventing additional attacks.”

Facebook did not immediately respond when asked if there is evidence suggesting NSO employees used their personal accounts to mount attacks.

NSO said in a statement “We’re proud of the work our employees do every day to help governments save lives around the globe. As far as this lawsuit is concerned, this is an independent action by NSO Group employees.”

Update: This piece has been updated to include a statement from NSO Group.

Subscribe to our cybersecurity podcast, CYBER.