I really hope they lose. If they win, WhatsApp (and by precedent, everyone else) is less incentivized to invest in technical solutions, and exploits will still be bought and sold among even shadier players.
Take the Saudis for example. They have a desire to hack phones, an unlimited budget for hacking tools, and no ethics. The market will create other players to capture the millions of dollars they have on the table, and they’ll do it out of reach of the courts.
WhatsApp is facing brand damage because people are hearing that they can get hacked (and in some cases, possibly die) if they use their software. Their two options are to either invest in better security, or use the legal system. I think it’s better for everyone if the only option is for companies to actually fix their software.
If WhatsApp paid whatever NSO does to acquire bugs, nobody would sell to NSO.
This is the same reason that Apple recently increased their bounty. Nobody was giving bugs to Apple because the grey market paid more.
WhatsApp would still be plenty incentivized to make their software secure. They understand that this wouldn't get rid of the exploit market, or state actors. I'm sure WhatsApp has been focusing a lot on security lately because of the brand damage.
Even if it wasn't effective in practice, entering this lawsuit can be seen as a message to users that WhatsApp is serious about protecting people's privacy.
Setting a precedent here might force remaining actors to stay shady instead of acting in the open, which would make it harder for them to operate (so they'd be less effective).
However, I have no idea what other consequences a precedent here might have. Definitely interesting.
