wordpress blog stats
Connect with us

Hi, what are you looking for?

WhatsApp CEO Will Cathcart demands moratorium on spyware industry in wake of Pegasus scandal

The WhatsApp head also reacted to statements from the NSO Group and disclosed new information about the 2019 Pegasus attack. 

WhatsApp’s chief executive officer Will Cathcart urged governments to step in and impose a complete moratorium on the spyware industry in an interview with The Guardian. He was speaking to the newspaper to disclose new details about the 2019 Pegasus attack on 1,400 WhatsApp users in the aftermath of the Pegasus Project’s revelations

“NSO Group claims that a large number of governments are buying their software, that means those governments, even if their use of it is more controlled, those governments are funding this. Should they stop? Should there be a discussion about which governments were paying for this software?” Cathcart was quoted as saying to the newspaper. 

The Pegasus Project, a consortium of 17 news organisations led by Forbidden Stories and Amnesty International, accessed a list of around 50,000 phone numbers that were potential targets by government clients of the Israeli company NSO Group. Pegasus is military-grade spyware sold only to vetted governments for use against criminals and terrorists. However, the consortium discovered that heads of state, government ministers, diplomats, activists, journalists, and lawyers were included in the list.

Why it matters? This is not the first time that the NSO Group has been accused of violating the privacy of people using its spyware. In 2019, the Financial Times reported that WhatsApp calls were used to inject Pegasus into phones surreptitiously. Cathcart, in his interview, went on to draw parallels between the revelations on Pegasus brought forth in 2019 and 2021

What did Will Cathcart say?   

On the 2019 Pegasus attack against WhatsApp users: Cathcart’s disclosure to the newspaper revealed that senior government officials across the world, including some high-ranking officials in national security, were targeted in the 2019 spyware attack by clients who had purchased Pegasus from the NSO Group. 

Advertisement. Scroll to continue reading.

 “The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then,” Cathcart told The Guardian.

On NSO’s remark that 50,000 is an exaggerated figure: He questioned NSO’s remark of 50,000 surveillance targets being an exaggerated number by citing the attack against 1,400 WhatsApp users over a two-week period in 2019. “It tells us that over a longer period of time, over a multi-year period of time, the numbers of people being attacked are very high,” he explained. Cathcart also said that the attack should be a wake-up call for internet security. “Mobile phones are either safe for everyone or they are not safe for everyone,” he added. 

On the role of the tech industry in the Pegasus affair: He urged the technology industry to raise awareness about the dangers of malware. “It’s not enough to say, most of our users don’t need to worry about this. It’s not enough to say ‘oh this is only thousands or tens of thousands of victims’,” he said.

On whether a backdoor is necessary for law enforcement agencies: Cathcart spoke about the perils of malware and surveillance to the security and privacy of citizens, including the danger in demanding so-called backdoors. In another interview with the Committee to Protect Journalists (CPJ), he said that the backdoor to encryption creates a centralised vulnerability in the whole communications network. 

“The scenario you need to be worried about is: what if a spyware company, what if a hostile government, what if a hacker accessed all of the communications? It’s why, honestly, the proposals from some governments to weaken end-to-end encryption are just terrifying. They aren’t grappling with the nightmare scenario of everyone’s communications in a country being compromised,” Cathcart pointed out.

On how to curb the spyware industry: He has also called for import controls and other kinds of regulations to rein in the spyware industry. “Governments need to step in and have a complete moratorium on the spyware industry. It’s got to stop,” he concluded. 

Edward Snowden, a former computer intelligence consultant and a whistleblower who leaked highly classified information about the National Security Agency’s mass surveillance program in 2013, also echoed the demand for a moratorium on the spyware industry stating that “the consortium’s findings illustrate how commercial malware has made it possible for repressive regimes to place vastly more people under the most invasive types of surveillance.” 

In a statement to The Guardian, an NSO spokesperson said: “We are doing our best to help creating a safer world. Does Mr Cathcart have other alternatives that enable law enforcement and intelligence agencies to legally detect and prevent malicious acts of pedophiles, terrorists and criminals using end-to-end encryption platforms? If so, we would be happy to hear.”

Advertisement. Scroll to continue reading.

Timeline of WhatsApp’s legal response to the 2019 Pegasus attack

  • May 2019: WhatsApp identifies a bug in its call function which had been reportedly exploited by Pegasus to snoop and collect data on phones. 
  • September 2019: WhatsApp informs CERT-In that 121 Indian users were targeted by Pegasus through the vulnerability, adding that “the full extent of this attack may never be known”.
  • October 2019: WhatsApp sues the NSO Group in federal court under US state and federal laws, including the US Computer Fraud and Abuse Act. 
  • April 2020: NSO seeks to dismiss the lawsuit stating that its dealings with foreign governments, which it said use its technology to fight terrorism and other serious crimes, granted it immunity from lawsuits filed in U.S. courts under the Foreign Sovereign Immunity Act (FSIA)
  • July 2020: The court rejects the charge and rules that the lawsuit can go forward following which NSO said that it was reviewing the ruling

 Also read: 

Have something to add? Subscribe to MediaNama and post your comment

Written By

I cover several beats such as crypto, telecom, and OTT at MediaNama. I will be loitering at my local theatre and consuming movies by the dozen when I am off work.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ