WhatsApp Inc.v. NSO Group Technologies Ltd., No. 20-16408 (9th Cir. 2021)
Annotate this Case
WhatsApp sued under the Computer Fraud and Abuse Act and California state law, alleging that NSO, a privately owned and operated Israeli corporation, sent malware through WhatsApp’s server system to approximately 1,400 mobile devices. NSO argued that foreign sovereign immunity protected it from suit and, therefore, the court lacked subject matter jurisdiction because NSO was acting as an agent of a foreign state, entitling it to “conduct-based immunity”—a common-law doctrine that protects foreign officials acting in their official capacity.
The district court and Ninth Circuit rejected that argument. The Foreign Sovereign Immunity Act, 28 U.S.C. 1602, occupies the field of foreign sovereign immunity and categorically forecloses extending immunity to any entity that falls outside the Act’s broad definition of “foreign state.” There has been no indication that the Supreme Court intended to extend foreign official immunity to entities. Moreover, the FSIA’s text, purpose, and history demonstrate that Congress displaced common-law sovereign immunity as it relates to entities.