At least previously, the command and concure infrastructure used to deliver the malicious payload, trigger the infection and manage the device consisted of hundreds of servers operated by NSO.The only way Apple is going to win here is if they have evidence/proof that the NSO Group themselves were personally involved in using their own spyware tool to spy on people because as it stands, all the NSO Group does is make spyware tools and sells them onto 3rd parties. This is no different to gun makers. When someone is killed by a gun, the gun manufacturer is never taken to court and sued for causing the persons death. Gun manufacturers provide a 'tool', they are not responsible for how that 'tool' is used. Same goes for NSO Group, they make a spyware 'tool', they cannot be held responsible for how others use it.
If people think NSO Group is at fault here then please explain to me how? They make a tool and sell it to 3rd parties and they are being sued for how it is being used. Gun Manufacturers make a tool and sell it to 3rd parties but they never get sued for how it is used. Please explain the difference because I cannot see there is any difference but yet Apple is suing NSO Group for breaches of CFAA. So why aren't gun manufacturers sued for crimes of murder or manslaughter?, they make a tool that people use to kill others and they get away with it. NSO Group makes a tool that people use to spy on others and they are being sued. Something is not right here.
This would likely mean that you can’t really use the gun analogy. To make that comparable you it would be equivalent to the gun salesman not giving you the weapon, rather the buyer would tell him where to point and ask to pull the trigger.
However the case is not only related to the delivery of malware as without a US victim it might be unclear if a US court has juristriction. The other part is related to the development and testing of the malware as that can’t be done without breaking the EULA.