【AI前沿】Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption

WHATSAPP PRIVACYTexas AG sues Meta over claims that WhatsApp doesn’t provide end-to-end encryptionCritics note a lack of factual support in lawsuit filed by US Senate candidate.Dan Goodin–May 22, 2026 2:13 pm|28Credit:

      Getty ImagesCredit:

      Getty ImagesText
    settingsStory textSizeSmallStandardLargeWidth*StandardWideLinksStandardOrange* Subscribers onlyLearn moreMinimize to navThe Texas Attorney General has sued Meta over allegations that the company’s WhatsApp messenger, used by more than 3 billion people, doesn’t provide the end-to-end encryption (E2EE) it has long claimed.Since at least 2016, Meta (then named Facebook) has said WhatsApp provides robust end-to-end encryption, meaning that messages are encrypted on a sender’s device with keys that are available only to the receiver’s. By definition, E2EE means that no one else—including the platform itself—can read the plaintext messages.In sworn testimony before two US Senate committees in 2018, CEO Mark ZuckerbergsaidMeta does “not see any of the content in WhatsApp; it is fully encrypted” and that “Facebook systems do not see the content of messages being transferred over WhatsApp.” The engine for this E2EE is the Signal protocol, an open source code base that multiple third-party experts have said lives up to its promises.In acomplaintfiled Thursday, Texas AG attorneys said Meta’s claims are false and that the company can and does read the unencrypted contents of WhatsApp messages. They said they are filing the action to “prevent WhatsApp and Meta from continuing to willfully deceive [Texans] by misrepresenting that their private communications were just that—private and inaccessible even to WhatsApp and Meta—when, in fact, WhatsApp and Meta have access to all WhatsApp users’ communications in their entirety.”“The gravity of Meta’s and WhatsApp’s violation of users’ privacy and trust cannot be overstated,” the attorneys wrote. “All users were entitled to believe their communications were private when WhatsApp and Meta unequivocally and repeatedly promised that no one—not even WhatsApp and Meta—can access their messages.”In an email, Meta called the allegations “baseless” and vowed to fight the lawsuit in court.He said, she saidThe sole factual evidence cited for the claims is anarticlepublished last month by Bloomberg. It reported that the US Commerce Department’s Bureau of Industry and Security had abruptly closed an investigation into allegations that Meta could access encrypted WhatsApp messages shortly after one of the department’s agents sent an email outlining the probe’s preliminary findings.According to Bloomberg, the January 16 email, sent to more than a dozen officials at other agencies, stated, “There is no limit to the type of WhatsApp message that can be viewed by Meta. The misconduct of Meta and its officers, including current and former high-level executives, involve civil and criminal violations that span several federal jurisdictions.”Thursday’s lawsuit doesn’t indicate that the AG’s office has obtained the email itself or gathered any information from the investigators involved. Instead, it cites only the Bloomberg report for support. The complaint also noted that Meta employees receive plaintext WhatsApp messages that are reported to the company by fellow WhatsApp users. Those messages, however, are taken from the reporting party’s device only after they have been decrypted using the decryption keys available only to the reporting party.The scarcity of factual support for the claims hasn’t been lost on technologists and encryption experts. They note that a thorough reverse engineering of WhatsApp would almost certainly reveal if it was somehow bypassing the protection provided by the Signal protocol.A clean bill of health as of 2023A team of researchers that performed a detailed technical analysis of WhatsApplast yeargave the messenger a clean bill of health, finding that it generally works securely and as described by WhatsApp. They found one design flaw that made it possible for a Meta employee with access to the company’s infrastructure to add new members to a group chat without permission or any interaction from existing members. But even in that case, such an addition is fully visible to all other members.Benjamin Dowling, a senior lecturer in cryptography at King’s College in London and a co-author of the study, said in an email that his team reverse-engineered the WhatsApp cryptographic protocol, meaning the code that makes it work. They found no indication that it was behaving differently from what Meta described. Dowling, however, stressed that the analysis applied only to the WhatsApp client as available in May 2023. Their findings wouldn’t necessarily apply to versions updated since then.He said the closed source status of WhatsApp makes a definitive assessment of the code impossible. He went on to say that except for the resulting lack of code transparency and the weakness u