Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
WhatsApp has prevailed against Israeli spyware maker NSO Group in a US lawsuit over NSO’s abuse of the messaging app to enable the infiltration of the phones of journalists, activists and dissidents with its Pegasus hacking tool.
A judge in the Northern District of California ruled on Friday that NSO breached hacking laws and the terms of its service agreement with WhatsApp by using the messaging platform to inject more than 1,000 devices with its Pegasus spyware.
The ruling in the civil case did not address the rights of the individuals whose phones had been hacked, but it hands a victory to technology groups seeking to prevent their platforms from being abused by groups targeting their users.
Advertisement
It is also a win for Apple, Amazon and other tech giants that supported WhatsApp’s case.
“The court finds no merit in the arguments raised” by NSO Group, judge Phyllis Hamilton ruled. The summary judgment means an upcoming trial will cover only the question of damages, rather than whether NSO can be held liable for its actions.
“After five years of litigation, we’re grateful for today’s decision,” WhatsApp said. “NSO can no longer avoid accountability for their unlawful attacks on WhatsApp, journalists, human rights activists and civil society.”
NSO Group did not immediately respond to a request for comment.
Pegasus can read encrypted messages stored on a phone, turn on its camera and microphone remotely and track its location. Its use has been tied to human rights abuses and the US Department of Commerce has blacklisted the Israeli company.
Advertisement
The legal case was launched after a 2019 Financial Times report that coincided with WhatsApp’s discovery that its services had been hacked by NSO and Pegasus.
The ruling said NSO Group did not dispute that it “must have reverse-engineered and/or decompiled the WhatsApp software” in order to hack phones, but had raised the possibility that it did so before agreeing to WhatsApp’s terms of service.
However, the judge found, “common sense dictates that [NSO] must have first gained access” to the WhatsApp software and NSO had offered “no plausible explanation” for how it could have done so without agreeing to the terms of service. It ruled in favour of WhatsApp’s claim that NSO had violated federal and state hacking laws.
The judge also found that NSO had “repeatedly failed to produce relevant discovery”, including in relation to the Pegasus source code.
“This sets a precedent that will be cited for years to come,” said John Scott-Railton, a researcher at the University of Toronto’s Citizen Lab who has investigated the use of Pegasus.
Advertisement
“This is the most-watched case about mercenary spyware and everyone is going to take note. I predict this will have a chilling effect on other shady spyware companies’ efforts to enter the US market, and investors’ interest in backing their hacking,” he said.
A Waymo robotaxi drives in San Francisco’s North Beach neighborhood this week.
Heather Diehl/Getty Images
hide caption
toggle caption
Advertisement
Heather Diehl/Getty Images
Police in San Mateo, Calif., posted Monday on social media that they had apprehended a pair of teenagers from a Waymo driverless robotaxi after the company alerted authorities to suspected criminal activity. It’s the latest incident involving video surveillance of passengers and others by autonomous vehicles — raising questions about the limits of privacy in such vehicles.
The Facebook post by the San Mateo County Police said: “Parents do you know where your teens are? @waymo does!”
The 15-year-olds were allegedly drinking alcohol and shooting toy guns from the car, according to the police. They said Waymo’s systems detected behavior that then triggered a safety response, after which the company disabled the vehicle and contacted police.
Advertisement
Waymo’s cars, equipped with an array of cameras, microphones and other sensors to monitor passengers and other nearby vehicles, are becoming more common in cities across the United States. Experts say the detention of the two teens in San Mateo highlights a potential — but not inevitable — trade-off between privacy and convenience. It also questions the extent to which companies similar to Waymo are required to hand over private data, including audio and video of passengers, in situations where a crime is suspected.
NPR reached out to Waymo, which is owned by Alphabet, the parent company of Google, for comment on the details of the San Mateo incident and how the company responded, but did not hear back.But on its website, the company says that as many as 29 cameras in its autonomous cars provide an all-around view and “are designed with high dynamic range and thermal stability, to see in both daylight and low-light conditions, and tackle more complex environments.”
“There already exist laws that govern duty to report or even duty to protect” for carriers such as Waymo, according to Alessandro Acquisti, a professor of information technology at the MIT Sloan School of Management. “The privacy problems arise when and if driverless carrier companies used such laws or ethical obligations as a pretext for blanket, indiscriminate accumulation of identifiable data for unspecified future purposes.”
That includes not just monitoring people inside the cars, but outside too. Take, for example, a hit-and-run investigation last year in Los Angeles. Media reported that the police inquiry was aided by video captured by a Waymo taxi that had a clear view of the crime. Critics suggested at the time that authorities were using the company’s vehicles as a mobile surveillance platform. And during 2025 protests in Los Angeles against Immigration and Customs Enforcement crackdowns, demonstrators vandalized Waymos, apparently angry that video recorded by the vehicles could be used by police, although there is no evidence that happened.
Advertisement
In a transparency report, Google says it received nearly 290,000 requests from governments worldwide in the first six months of 2025 for disclosure of user information across all its platforms, including Waymo. The company says that in more than 80% of the requests in those six months, some information was disclosed. “Google carefully reviews each request to make sure it satisfies applicable laws. If a request asks for too much information, we try to narrow it, and in some cases we object to producing any information at all,” the company says.
In an email to NPR, San Mateo Police Department spokesperson Jeanine Luna said that detaining the teens in the Waymo on Monday was “wholly appropriate” under the circumstances. “We received the call of a ‘firearm’ being shot from a moving vehicle,” she said. “Furthermore, the occupants were described as being possibly ‘intoxicated.’” she said.
“Being that the vehicle was disabled (the occupants had every right to exit the vehicle before police arrival, but they did not), a high-risk traffic stop was conducted to ensure the safety of all involved,” Luna added. “They were not arrested and were released to their parents, however, potential charges are still pending dependent on what the video from inside the vehicle shows.”
Autonomous taxis represent an ethical gray area
Robotaxis began to roll out across the U.S. in December 2018, when Waymo launched in Phoenix. These services have been used for less than a decade — so the norms surrounding them aren’t settled, experts agree.
The Facebook post may make Waymo passengers wonder what triggers a police intervention, says Irina Raicu, director of the Internet Ethics program at Santa Clara University. She has used Waymo’s driverless taxis and says ethically, the privacy issues surrounding them sit in a gray area. “There’s something about being in a car without another person that makes you think it’s private.”
Advertisement
“With all these recording devices, we don’t see them, [and] they’re not these obvious things being stuck in our faces,” Raicu adds.
That brings up a key issue: informed consent, Acquisti says.
“It is not clear the extent to which passengers … are reminded that when they step into the car, that they are being monitored, and most likely they are not told in its entirety how the data will be used,” he says.
Bruce Schneier, a cybersecurity and privacy expert and professor at the Munk School at the University of Toronto, believes that Waymo does have a compelling interest in protecting its vehicles. He compares monitoring a robotaxi via cameras to a human taxi driver keeping an eye on passengers in the rearview mirror.
“Maybe the driverless car comes back … and it has all of its cushions slashed, and it’s like, ‘Who the hell did that? Let’s go and look at the tape,’” Schneier suggests. “You can’t have sex in the back of a taxi, right? Someone would say, ‘Stop it.’”
Advertisement
He concludes that some supervision makes sense. In an Uber rideshare, he notes, “most of the time there’s a camera recording the back seat.” (Uber says on its website that it allows drivers to install such cameras for the purpose of “fulfilling transportation services.”)
Waymo robotaxis, while a fairly common sight in the San Francisco Bay Area, are still a novelty in much of the country. And many people are hesitant to ride in one, according to a Pew Research Center poll published this month. The survey found that only 5% of Americans had ever ridden in a driverless car. Meanwhile, 71% of those polled said they would feel uncomfortable in one, with only 7% saying they would be “extremely or very comfortable” riding in one.
For that reason, experts who spoke with NPR said they were optimistic that it’s not too late to shift gears on privacy norms and policies surrounding these vehicles.
Acquisti doesn’t see why privacy measures can’t be built into driverless vehicles.
“I would immediately challenge the notion that people have to be monitored,” he says, noting that privacy-preserving technologies exist and can be installed.
Advertisement
“Driverless cars are coming, but they don’t have to come in this particular incarnation,” Raicu says. “They’re still being designed and redesigned. It’s early days.”
Donald Trump has terminated the remaining members of the independent, federal commission that assists election administration officials nationwide just a few months before the midterm elections, multiple outlets reported Thursday.
The remaining three commissioners of the four-member bipartisan commission were forced out on Thursday in different ways. The one Republican appointee resigned and the other two, Democratic appointees were notified of their terminations via email from the White House presidential personnel office.
“On behalf of President Donald J Trump, I am writing to inform you that your position as Commissioner of the Election Assistance Commission is terminated, effective immediately. Thank you for your service,” the email, seen by Reuters, said.
The White House did not immediately respond to a request for comment.
The Election Assistance Commission serves as a “national clearinghouse of information on election administration”, accredits testing laboratories and certifies voting systems, and maintains the national mail-voter registration form developed by the National Voter Registration Act of 1993, according to the commission’s website. The terminations follow Trump and top administration officials’ advocacy to change vote-by-mail requirements and investigations into the 2020 election outcome, which Trump lost to Democrat Joe Biden.
Advertisement
“It is irresponsible and dangerous that this Administration remains dead set on causing chaos for our election officials across this country,” Arizona secretary of state Adrian Fontes said in a Thursday statement. “This move undermines the integrity of nonpartisan election administration.”
The 2002 law that established the commission, the Help America Vote Act, states the president can appoint replacements to the commission.
It is unclear how Trump will move ahead with the commission.
Former U.S. Olympian David Hearn (left) walks with his attorney Norman Eisen to speak to reporters and protesters gathered after his arraignment at the Superior Court of the District of Columbia in Washington, D.C. on Thursday.
Finn Gomez/Getty Images
hide caption
toggle caption
Advertisement
Finn Gomez/Getty Images
Former U.S. Olympic canoeist David Hearn pleaded not guilty to damaging the Lincoln Memorial Reflecting Pool in D.C. Superior Court Thursday morning.
Federal prosecutors charged Hearn with a single count of destruction of property causing more than $1,000 in damage to the pool.
Hearn has previously claimed, which his attorneys repeated during a short press conference outside the court, that he simply touched the water in the pool out of curiosity.
Advertisement
The Trump administration had just completed a $14 million renovation of the pool.
But shortly after the work finished, peeling paint and algae gathered in the water. The remodel has been largely criticized as a massive failure and waste of taxpayer dollars.
Superior Court Judge Carmen McLean released Hearn on his own recognizance. His next hearing is scheduled for Aug. 5.
Norm Eisen, one of Hearn’s attorneys, spoke to reporters outside of court following the hearing. He said the administration is using Hearn as a “scapegoat … for their own failures.”
“It is not a crime to touch the reflecting pool, to touch water in the United States of America,” he said.
Advertisement
Prosecutors say there is a host of evidence against Hearn.