But none of the researchers or activists who have gone up against the NSO Group in the past few years have had anything close to the reach or resources of Facebook. That doesn’t mean that WhatsApp will necessarily triumph in its lawsuit, which alleges that between April 29 and May 10 of this year, the NSO Group used WhatsApp to compromise roughly 1,400 mobile phones belonging to users in several countries, including Bahrain, the United Arab Emirates and Mexico. In fact, WhatsApp may have an uphill legal battle ahead especially given that part of its case rests on the Computer Fraud and Abuse Act, which makes it illegal to tap into computers without authorization, and that the devices that were compromised by NSO belong to WhatsApp users, not WhatsApp itself.

WhatsApp does its best to argue that NSO gained access to its own signaling and relay servers without authorization in the process of contacting WhatsApp users, but this is a dicey interpretation of the Computer Fraud and Abuse Act, akin to arguing that you need Google’s permission to send an email to a Gmail user through Google’s servers. And the lawsuit’s claims that the NSO Group’s operations “burdened” WhatsApp’s networks and injured the company’s “reputation, public trust, and good will” are unlikely to carry much weight — especially since many fewer people would have been aware of the Pegasus compromises had WhatsApp not publicized them in this suit.

But whether or not Facebook wins its case against the NSO Group, it’s doing an important service by bringing it in the first place. Just as the United States Department of Justice has filed a series of indictments against Chinese, Iranian and Russian hackers intended to “name and shame” the perpetrators even if they never stand trial and shed light on exactly how they operate, the Facebook lawsuit describes in detail how the NSO Group was able to compromise the phones of WhatsApp users even if those users never actually answered a call, clicked on a link or downloaded a file. The lawsuit lays out not just how NSO exploited WhatsApp software to compromise user phones, but also the underlying technical architecture that the NSO Group and its clients rely on to carry out their surveillance campaigns. For instance, the lawsuit identifies the operators of the malicious servers used by the NSO Group to distribute their spyware to WhatsApp user phones. According to the complaint, these servers were leased by NSO from Choopa, Quadranet and Amazon Web Services, three American-based companies.