NSO Employees Take Legal Action Against Facebook For Banning Their Accounts

On Tuesday, lawyers representing current and former employees of Israeli surveillance contractor NSO Group took legal action against Facebook to try and get their accounts reinstated after being banned by the social media giant. Motherboard reports: Last month, Facebook itself sued NSO in California for leveraging a vulnerability in the WhatsApp chat program that NSO Group clients used to hack targets. As part of that, Facebook also banned the personal Facebook and Instagram accounts of multiple current and former NSO employees. The new lawsuit argues that Facebook violated its own terms of service by blocking the NSO employees, and it used personal information they shared with Facebook in order to identify them, in violation of an Israeli privacy law. As relief, the lawyers ask the court to make Facebook lift the ban on the accounts. The lawsuit was first reported in Israeli media.

"It appears that Facebook used the [NSO employees'] personal data...in order to identify them as NSO employees (or former employees), in service of imposing 'collective punishment' on them, in the form of blocking their personal accounts," the lawsuit reads in Hebrew. The lawsuit argues that the personal data used to identify them as NSO employees belonged to the individuals, and not Facebook. The legal action says that the NSO employees were banned without warning even though they are "private people, who make private use of the social networks, whose only 'sin' was any association with NSO, as employees or former employees." The lawsuit includes a screenshot of an email Facebook allegedly sent to someone who had their account suspended. Facebook told Motherboard in a statement on Tuesday, "In October we filed a legal complaint which attributed a sophisticated cyber attack to the NSO Group and its employees that was directed at WhatsApp and its users in violation of our terms of service and U.S. law. Such actions warranted disabling relevant accounts and continue to be necessary for security reasons, including preventing additional attacks."

Facebook members have just one right ...

[CaptainDork]

... and that is to leave.

Re:

[timeOday]

Maybe maybe not, if this claim is true: "it used personal information they shared with Facebook in order to identify them, in violation of an Israeli privacy law."

Re:

[NateFromMich]

Maybe maybe not, if this claim is true: "it used personal information they shared with Facebook in order to identify them, in violation of an Israeli privacy law."

All irrelevant. What gives anyone a right to have an account on someone else's website?
You do realize that Facebook is just someone's website, right?
Can you imagine going to court to force Slashdot to let you log into their site?

Re:

[timeOday]

IANAL, especially not in Israel, but if they have a law forcing companies to separate account maintenance data from personal data that is transmitted over the service, offhand that doesn't sound like a terrible idea. I expect AT&T to chase me down at my billing address if I don't pay, even to sell it to a bill collector, but I hope they can't legally listen in on my calls for clues about my whereabouts to chase me down.

I agree that suing to get back onto the site is weird and suspicious however.

Re:

[JaredOfEuropa]

Why is it weird and suspicious to sue to get back on the site? This is about personal accounts, in some cases belonging to people who no longer work for NSO. They have all sorts of personal reasons to want their account back. Access to posts and messages from their friends, for one.

I wouldn’t sue ./ if they banned me for no reason. But if the post decided to no longer deliver any mail to me because they didn’t like the company I worked for, I would take action (yes, false analogy, the mail g

Re:

[CaptainDork]

Access to posts and messages from their friends, for one.

You haven't read the ToS for the Gentle Member have you?

Re:

[jythie]

On the other hand, if this was any other hacker group these bans would be uncontroversial. Group of hackers sells exploits to one of your services, ban-hammer the lot of them. This isn't just 'disagrees with their company politics', but 'company that hacked and profited off their company'. If you can not kick people off your service for attacking your service, then you can't do much.

Re:

[stealth_finger]

Maybe maybe not, if this claim is true: "it used personal information they shared with Facebook in order to identify them, in violation of an Israeli privacy law."

All irrelevant. What gives anyone a right to have an account on someone else's website? You do realize that Facebook is just someone's website, right? Can you imagine going to court to force Slashdot to let you log into their site?

That guy posting about his internet woes should lawyer up.

Re:

[110010001000]

I just chipped in $100. I hope it helps to make your goal.

Re:

[LenKagetsu]

I've reported you to GoFundMe for spamming websites, lying about your health problems, lying about sexual abuse, and seeking pity money.

Re:

[Jesus Q. Christ]

You are aware that lying is a sin?

Re:

[Ryzilynt]

You are aware that lying is a sin?

OH shit, busted by Jesus's brother himself!

Re:

[stealth_finger]

$30 million? LOL fuck off, you didn't even get frosty piss.

Seems reasonable...

[Minupla]

Normally I'm the last person to defend facebook, but I do have to argue that an online service has the right to defend itself against attackers by refusing service. The first line of defense of any online service is authentication and if you have proven yourself to be untrustworthy, revoking your authentication privileges seems like a reasonable and proportionate response.

Re:

[ElectronicSpider]

That's not their style though, or any other intelligence agency really.

Re:

[kot-begemot-uk]

Normally I'm the last person to defend facebook, but I do have to argue that an online service has the right to defend itself against attackers by refusing service. The first line of defense of any online service is authentication and if you have proven yourself to be untrustworthy, revoking your authentication privileges seems like a reasonable and proportionate response.

You are mistaking company and product with a person working for that. If we revoke the authorisation of anyone working for an untrustworthy institution we should probably start by revoking the authorisation of all employees of all government 3 letter agencies in all countries, followed by all political parties and all "stink tanks".

Re:

[sabt-pestnu]

> You are mistaking company and product with a person working for that.

In a similar vein, families of stormtroopers slain in the assault against the Death Star sue the rebellion for wrongful death.

Re:

[stealth_finger]

Bloody peasant.

Re:

[bob4u2c]

Oh, what a give away.

Re:

[Kjella]

Normally I'm the last person to defend facebook, but I do have to argue that an online service has the right to defend itself against attackers by refusing service. The first line of defense of any online service is authentication and if you have proven yourself to be untrustworthy, revoking your authentication privileges seems like a reasonable and proportionate response.

If any NSO employee did something crazy on their personal account in their personal time, would it be a reasonable response to ban their employer? That would be insanity. But somehow if a company does something nasty it's okay to ban all its employees? For the vast majority of people it's just a paycheck, say you were their IT support dealing with broken laptops and Windows updates. Except for very small operations it's not like they're all involved.

Re:

[lucasnate1]

For the vast majority of people it's just a paycheck

Not for the people who get killed by the dictatorships that NSO aids.

Re:

[drew_kime]

If any NSO employee did something crazy on their personal account in their personal time, would it be a reasonable response to ban their employer? That would be insanity. But somehow if a company does something nasty it's okay to ban all its employees?

I'm trying to come up with an example that isn't Facebook or a foreign espionage agency to take my bias out and figure out what I think.

Suppose I'm a member of a country club, and I work at a law firm. My firm sues the country club for alleged employment law violations. Should the club be allowed to kick me out? Does that answer depend on whether I'm directly involved in the lawsuit?

I'm really not sure.

What's unique to the FB situation is that Israeli law apparently says they're not allowed to know what the

Re:

[bickerdyke]

If any NSO employee did something crazy on their personal account in their personal time, would it be a reasonable response to ban their employer? That would be insanity. But somehow if a company does something nasty it's okay to ban all its employees? For the vast majority of people it's just a paycheck, say you were their IT support dealing with broken laptops and Windows updates. Except for very small operations it's not like they're all involved.

If you are working for an organization that has the purpose of committing criminal acts (may be the Mafia, may be a hacking company), should you be allowed to use "it's just a paycheck" as an excuse?

They chose to share that information

[drinkypoo]

The entire reason Facebook was created was to identify people. Granted, it was to identify people to fuck, but so what? They're fucked now.

This is what happens when you work for an espionage company, and don't protect your identity.

If Facebook weren't essentially an arm of the US intelligence community, I could see them actually pulling out of Israel. But I'm sure they're used to make sure that we're getting our money's worth. This battle should be interesting.

Welcome to the law, 2019

[Empiric]

It isn't wrongdoing that is legally punishable, it's identifying wrongdoing that is legally punishable.

Time for a serious recalibration of the law back to ethics.

Act only according to that maxim by which you can at the same time will that it should become a universal law.
--Immanuel Kant

Or, alternately, "Y'all need Jesus."

Re:

[Ryzilynt]

it's identifying wrongdoing that is legally punishable.

I disagree. I don't think that merely identifying legal wrongdoing should be punishable.

Guy : "hey that dude just stole a loaf of bread!"

Lawman "Ok sir put your hands above your head, you are under arrest"

Guy "but I didn't steal the bread, I just told you, that guy stole the bread"

Lawman "yes but you that identified the wrongdoing, you are going to rot in jail scumbag"

Re:

[Empiric]

I'm in full agreement with what you are saying. Not sure where I might have been unclear, but I was commenting on the unfortunate state of the direction of the legal system, both with respect to the situation described by the original article, and legal/political battles currently deeply affecting the U.S. government.

Re:

[bob4u2c]

Sadly you jest, but this does happen.

There was a recent story of someone being stabbed. Across the street was a group attending a party who saw the incident. The police were on the scene within a minute and a member of the group started shouting at the police that the person they wanted was starting to run away. The police then proceeded to arrest the member of the group that was shouting at them for the crime. Their logic; he was playing mind games and trying to throw them off.

In the end the charge

Re:

[JaredOfEuropa]

FB aren’t being sued for identifying wrongdoing, but for taking inappropriate action in response. If you see one kid nicking candy from your store, you can’t just ban his friends from the premises as well.

Re: Welcome to the law, 2019

[pommiekiwifruit]

"Not more than two school kids allowed " - every small shop

Re:

[JaredOfEuropa]

Yup, but no specific bans based on association.

Re:

[Zero__Kelvin]

"If you see one kid nicking candy from your store, you can’t just ban his friends from the premises as well."

You can if they are adult employees of an organization that has a mission statement that specifies candy stealing as its objective. In fact you can do so in any case since in the USA stores have the right to refuse service to anyone so long as it isn't based on their status as a protected class.

Re:

[jythie]

Yeah, but if that kid was part of an organized criminal gang that included both the direct thefts and indirect roles like resale and payroll, it would not be inappropriate for a store to ban the lot of them.. 'oh, I didn't steal from you, not my department, I just handled the accounting and was paid with the profits from stealing from you'.

Re:

[Local ID10T]

If you see one kid nicking candy from your store, you can't just ban his friends from the premises as well.

Yes, I can. "You, and your friends, are not welcome here. Get out and don't come back." is a perfectly legitimate response to catching them in the act of thievery. I can refuse service to anyone, for any reason (assuming I am not violating a federal/state protected class law).

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[NateFromMich]

Facebook could simply decide unilaterally that the musings of a country of nine million -- smaller than the entire state of California

California? That's the most populous state and a terrible comparison.
How about smaller than 10 US states, and roughly the population of New Jersey.
https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[JaredOfEuropa]

FB is free to stop doing business in Israel, and free to threaten to do just that. However while they are doing business there, they should abide by local law. One of those laws (apparently) says that they cannot use certain information to identify people they’d like to ban, even if those people posted the info themselves.

Re:

[the_B0fh]

So, in other words, it would be perfectly fine to do the banning in California?

Re:

[jythie]

Well, that would be one solution. If Israeli laws protect a non-state actor that they do not want on their network, then they can frame it as they are unable to be compliant with local laws and thus will not operate in that country.

for once facebook does the right thing

[Hongkonger2047]

sues the company screws the people that are doing the evil deeds, the employees. Well done facebook! Keep up the good work!

Gotta say it.

[LenKagetsu]

The NSO cry out in pain as they hack you.

Collective punishment

[BeCre8iv]

Israeli surveilence firm complains about collective punishment.

Does anyone else see the irony of this?

NSO are major assohles, make no mistake.

[BAReFO0t]

They are one of THE key groups responsible for the totalitarian spying and surveillance shit in the world.

Any non-

rogue states must consider them in the same category as the groups that did 9/11, or are manufacturong biological, chemical or nuclear weapons for any state or other terrorist who pays.

Frankly, the US should send out a special ops team, and off them like Bin Laden. And they probably would, if this wasn't Massa Israel we are talking about.