A federal agent said WhatsApp's encryption is a lie. Then the investigation was shut down

Skye Jacobs

Posts: 2,012   +59
Staff
What we know so far: Earlier this year, a federal probe into whether Meta's WhatsApp service can access encrypted messages was abruptly shut down, according to two people familiar with the matter. The closure cut short an investigation that had raised technical questions about how the service handles user data behind the scenes.

The case, led by a special agent in the Commerce Department's Bureau of Industry and Security, focused on claims that some Meta employees and contractors could access WhatsApp messages despite the app's use of end-to-end encryption.

After roughly 10 months of collecting documents and conducting interviews, the agent circulated a Jan. 16 email to more than a dozen officials across federal agencies outlining preliminary conclusions. According to records reviewed by Bloomberg and corroborated by recipients, the agent asserted that Meta's systems allow access to message content in ways that conflict with how WhatsApp's encryption has been publicly described.

"There is no limit to the type of WhatsApp message that can be viewed by Meta," the agent wrote in the email. He added that "Meta can and does view and store all the text messages, photographs, audio and video recordings" in an unencrypted format.

The email further described a "tiered permissions system" in place since at least 2019, with access to WhatsApp content extending to employees, contractors and "a significant number of foreign/overseas workers in India."

The agent also wrote that the alleged conduct could involve "civil and criminal violations that span several federal jurisdictions," though he did not specify which laws may have been broken. The email did not amount to a formal accusation, and Bloomberg said it has not independently confirmed the agent's assertions.

Soon after the message circulated, the Bureau of Industry and Security shut down the investigation. Two people familiar with the decision described the closure as abrupt, with one saying it came at the direction of senior agency leadership. The bureau declined to provide additional details beyond a prior statement.

A spokesperson for the agency, Lauren Weber Holley, previously said it "is not investigating WhatsApp or Meta for violations of the export laws," and characterized the agent's claims as outside his authority. Meta echoed that position, saying WhatsApp cannot access people's encrypted messages.

"The claim that WhatsApp can access people's encrypted communications is patently false," Meta spokesperson Andy Stone said. He added that the bureau had already "disavowed this purported investigation, calling its own employee's allegations unsubstantiated."

The dispute centers on whether WhatsApp's implementation of end-to-end encryption fully prevents server-side access to message content. Meta points to its website, which states that no one outside a chat – including WhatsApp itself – can read or listen to messages.

The company has defended that position in multiple jurisdictions, including a 2021 lawsuit challenging Indian regulations that would require traceability of encrypted messages.

Some of the material gathered during the investigation points in a different direction. Two individuals interviewed by the agent said they had broad access to WhatsApp messages while performing content moderation work under contract with Accenture. Accenture did not respond to requests for comment and has previously referred inquiries to WhatsApp.

At least one security expert has questioned whether such access could exist without being widely detected. Alex Stamos, Meta's former chief security officer, said the claims are "almost certainly false," noting that any systemic backdoor would likely be visible in the client-side code distributed through mobile apps.

"While I can't personally vouch for what's in WhatsApp's code as I haven't worked there for years, any widespread backdoor would have to be in the downloaded Android and iOS apps and would be easily found by security researchers," Stamos said. "Also, a backdoor in WhatsApp would be a massive signals intelligence tool and there is no way Meta would provide that capability to Accenture contractors if they had it."

The now-closed investigation, internally referred to as "Operation Sourced Encryption," was reportedly triggered by a whistleblower complaint submitted to the Securities and Exchange Commission in November 2024. The agent's outreach included officials at the SEC and the Federal Trade Commission, both of which have oversight roles in Meta's privacy practices. Representatives from those agencies declined to comment.

With the investigation shut down and no findings made public, it remains unclear what evidence the agent collected or whether any other agency plans to continue examining WhatsApp's encryption.

Permalink to story:

 
"Two people familiar with the decision described the closure as abrupt, with one saying it came at the direction of senior agency leadership. The bureau declined to provide additional details beyond a prior statement." Of course it DID.

we dont want CIA and other tools to not have access to people's private affairs and if it's high level politicians blackmail them a little.
 
How else would Meta make a profit off it? It would not surprise me if there were some monetary incentive behind the investigation being shut down.
 
Last edited:
There are NO encrypted apps out there that their owners can’t access. Meta, Signal, Telegram, it’s all an illusion. They’ve been data mining us for at least the better part of the last 20 years.

Patriot Act that was ready to go post 9/11, anyone?
 
There are NO encrypted apps out there that their owners can’t access. Meta, Signal, Telegram, it’s all an illusion. They’ve been data mining us for at least the better part of the last 20 years.

Patriot Act that was ready to go post 9/11, anyone?

We’ve had mass surveillance on the US population since at least the 90s - the biggest difference between now and then is, that the internet wasn’t in place as it is now to spread said knowledge around like it does today.
 
some Meta employees and contractors could access WhatsApp messages despite the app's use of end-to-end encryption.
This makes no sense whatsoever.
It's either a total lie and no one in Meta can access the messages (so it's essentially a smearing campaign against Meta), or there is no end-to-end encryption. Both simply can't be true together. End-to-end encryption means only the other end, and no intermediary, can access the message. If that's not the case, end-to-end encryption is simply not there.

Anyone who wants privacy should not trust end-to-end encryption claims, unless they're using a thoroughly examined open source solution. When using a closed source messaging service, the sender should encrypt the message prior to sending, with an encryption key known only to the recipient.
 
If there's a warrant, meta can provide all the information and (live) access to the account of choice. So technically there is a backdoor. How else would you do it?

Example: https://www.politie.nl/informatie/waarom-tapt-de-politie-informatie.html

Door elektronische communicatie af te tappen. Denk aan WhatsAppberichten, sms-berichten en internetverkeer zoals downloads, videogesprekken en internetfora.

Translation: by electronic communication such as, Whatsapp messages, video calls. They can get in with ease if they want to. What withholds Meta to train their whole AI stuff purely on a billion of chats?
 
CIA can already break into any encrypted app as their Cyber Dept. are made up of Super Cyber Geeks from the Military and civilian pool. They're not your average people as their office is filled with all sorts of things they bring in from figures to Lego models, etc. I can imagine it might look like a hobby shop.
 
Ok...let me ask a question.
DO YOU THINK, the FCC, commerce department, CIA, FBI, or any other government agency is going to just allow something that "can't be hacked" by government to be used?
The reason they call it "encrypted" is to get clowns to say/do stuff and then they can read it.
Meta probably has a back door into it anyway. It's FREE...that should tell you all you need to know.
 
There are NO encrypted apps out there that their owners can’t access. Meta, Signal, Telegram, it’s all an illusion. They’ve been data mining us for at least the better part of the last 20 years.

Patriot Act that was ready to go post 9/11, anyone?
This is simply untrue. A basic understanding of mathematics and encryption can dissuade you from this idea.

Meta being untrustworthy is known though, even before it was shown yet again that they are untrustworthy.
 
It's important to point out that WhatsApp's initial release was May 3, 2009. E2E encryption was added to the messenger, in or around April 5, 2016. That is almost 7 years―damn near a full decade―where its default state was presumably to send all data in cleartext, through Facebook's servers, unless proven otherwise. I mean, this is the same company that caused the Cambridge Analytica scandal, so it is safe to assume that, however they implemented OpenWhisper's Signal protocol derivative (presumably, in a modular sense), it was retrofit into the system. They probably did not rebuild their entire infrastructure from the ground up, to accommodate it; they simply built it on top of their existing systems. Which is to say, bypassing E2E is very likely trivially easy. Also, they tend to hold the encryption keys. Most people are not technically savvy-enough to maintain or use key verification systems, so they tend to give them to Facebook as a "backup"...kind of like giving the police a copy of your house key "for safe keeping".

Nowadays, though, none of this matter. Companies don't even need to maintain the pretense that they aren't actively spying on their users; people will voluntarily dox themselves on TikTok―practically posting their full legal name, address, maybe their SSN if they're feeling particularly "spicy", DOB and just about any other relevant PII if you asked nicely enough―so "privacy" is basically thrown right out the window. Don't need it anymore.

Fame (or infamy) matters more than discretion these days.
 
This is simply untrue. A basic understanding of mathematics and encryption can dissuade you from this idea.

Meta being untrustworthy is known though, even before it was shown yet again that they are untrustworthy.

My best friend told me Whatsapp's server create your "private" encryption keys. They can read anything they want when they want. If the user creates that private and public encryption key then it more difficult to crack.
 
Certainly not surprised. Meta, going back to the early days of Facebook, was always a Fed project to collect information domestically and abroad. Dating all the way back to the passing of the "Patriot Act".
 
My best friend told me Whatsapp's server create your "private" encryption keys. They can read anything they want when they want. If the user creates that private and public encryption key then it more difficult to crack.
No surprise at all. Create "private" keys for you then keep a copy... haha
 
If the user creates that private and public encryption key then it more difficult to crack.
It's a combination of technological illteracy and convenience.

Everyone with a WhatsApp account can create their own encryption key, but...most won't. It's too complicated for the average person to figure out, so they just let the platform "handle it", I.e. give them the keys, for safe keeping.
 
It's insane that we as a people are OKAY with what standards our government have fell down to.

We have actual murdering cannibals leading our administration and major corporations like microslop, and we still sit down and take it, and even pay them to continue their evil.

Several government agencies have forgone the guise of public service and corruption is expected.

what is going on.

Because there's barely any good as it is alternative to those products. Where do you go if Instagram was bloated with bots, fake ads and now a ton of advertisements (forced). Where do you go if the majority keeps using whatsapp. Where do you go if the majority keeps using windows. Where do you go if the majority in EU has been using US products and now is forced to have their data exploited because there's a data act in the US that grants them access to pretty much everything in the name of national security.

Just saying.
 
Back