Today, we stood alongside various other U.S. technology firms in submitting an intervention brief in Dada v NSO Group Technologies aimed at safeguarding journalists, civil society groups, software providers, and individuals globally from the hazards of malware.

Despite the fact that the utilization of malware generally impacts a small subset of individuals at any given time, its broader repercussions resonate throughout society by contributing to risks to freedom of speech, the unrestricted press, and the honesty of elections worldwide. In order to defend these rights, and advance our legal strategy of setting a legal precedent to halt malicious entities from exploiting ambiguous areas in legislation, today’s submission is intended to heighten the liabilities for malware vendors and provide significant legal redress for victims.

At present, many targets of malware-facilitated attacks frequently leverage U.S.-headquartered platforms — such as Android or iOS — beyond the borders of the United States. Our submission asserts that victims of malware-facilitated attacks should have the ability to pursue legal action in the U.S. against malware vendors according to current anti-hacking statutes — even if they were compromised internationally. This is crucial to limit the avenues of attack exploited by malware vendors — a stance endorsed by entities ranging from GitHub to Microsoft.

Our past endeavors

In recent times, we have observed the malware sector expand to meet the demand for surveillance capabilities. While proponents of malware vendors often highlight the utilization of these tools for crucial law enforcement purposes, numerous instances of abuse have come to light. This disquieting pattern poses an unmistakable and immediate threat to freedom of speech, freedom of the press, and the open Web.

Today’s legal submission extends our continuous efforts to counteract malware, safeguard users, and bolster a secure digital environment. We have consistently strived to pinpoint and expose malware campaigns, raise awareness about the risks, and devise remedies to thwart this escalating menace to civil societies and fundamental human rights.

Our Google Threat Intelligence squad routinely shares our evaluation of the maneuvers and methods employed by malevolent actors. We were the initial major tech company to discover and publicly disclose specifics about NSO’s Pegasus malware in 2017. In our most recent publication, Acquiring Surveillance, we disclosed how NSO Group is merely one among numerous companies fueling this industry. In reality, our analysis reveals that half of the identified 0-day vulnerabilities targeting Google products and Android devices stem from commercial surveillance vendors.

We have been outspoken in advocating for enhanced transparency and accountability from malware vendors, as well as sturdier regulations and supervision to avert the exploitation of these potent tools. Momentum for action is mounting. Over the prior year, the U.S. government and other like-minded nations have taken meaningful strides to curb domestic use of these technologies. Likewise, the Pall Mall process, overseen by the governments of the UK and France, is steering international consensus across government, industry, and civil society on protocols to counter the spread of these digital weapons.

Defending national security

This intervention brief represents another significant milestone in our battle against malware, and the drive to protect journalists and other individuals in the crosshairs of these malevolent instruments. As our brief articulates, we are of the opinion that the malware industry poses a national security hazard to the United States and profoundly affects the concerns of Americans — as well as individuals worldwide. We will persist in leveraging our proficiency, resources, and clout to advocate for heightened safeguards against malware and other online perils.