On what grounds does Meta deserve the source code here? Unless Pegasus is considered a “derivative work,” the most Meta should be able to demand is money.
They need to know how they were hacked so they can fix the vulnerability. NSO broke the law when they hacked whatsapp, it seems reasonable that they’re forced to share details to prevent others from using the same method.
I’m wondering on what grounds is NSO allowed to keep the names of their co-conspirators (AKA clients) secret?
I think it’s reasonable to require them to share details, but source code is a copyright issue and shouldn’t be given up. I’m guessing the source has a lot more than just the one attack.
But yeah, I’m also surprised they’re not obligated to reveal the names of anyone involved in planning or ordering the attack. Surely that could be subpoenad.