Two billion users trust WhatsApp’s “end-to-end encryption” promise. Former contractors say that trust may be misplaced.
U.S. law enforcement has been investigating allegations that Meta employees could access WhatsApp messages despite the company’s claims that the chat service is completely private and encrypted, according to law enforcement records and interviews obtained by Bloomberg News.
What the Whistleblowers Claim
Former Meta contractors allege they had “unfettered” access to WhatsApp messages — messages that WhatsApp publicly markets as impossible for anyone, including the company, to read.
The investigation, dubbed “Operation Sourced Encryption,” was conducted by special agents with the U.S. Department of Commerce’s Bureau of Industry and Security. Two former content moderators who worked through Accenture told investigators that they and some Meta staff had broad access to supposedly encrypted messages.
One moderator said she spoke with a Facebook team employee who confirmed they could access WhatsApp messages for criminal cases — directly contradicting the company’s public statements.
Similar allegations were also filed in a separate 2024 whistleblower complaint to the U.S. Securities and Exchange Commission.
The International Lawsuit
In January 2026, an international class action lawsuit was filed in U.S. federal court (Dawson et al. v. Meta Platforms, Inc.) with plaintiffs from Australia, Brazil, India, Mexico, and South Africa. The lawsuit alleges Meta can “access virtually all” WhatsApp user communications.
Key claims include:
- Meta maintains internal systems allowing engineers to view, store, and process messages
- Over 1,500 engineers allegedly have access privileges
- Whistleblower documents suggest access for compliance, advertising insights, or AI training
- Meta’s marketing of WhatsApp as “fully encrypted” constitutes fraud
Meta’s Response
“Any claim that people’s WhatsApp messages are not encrypted is categorically false and absurd,” Meta spokesperson Andy Stone told Bloomberg. “WhatsApp has been end-to-end encrypted using the Signal protocol for a decade. This lawsuit is a frivolous work of fiction.”
The company insists encryption keys never leave users’ devices and are never accessible to Meta or WhatsApp.
Meta has also suggested the lawsuit is connected to Quinn Emanuel Urquhart & Sullivan — the law firm representing NSO Group in its appeal against a $167 million judgment for deploying Pegasus spyware against WhatsApp users.
The Technical Reality
Cryptography experts note important distinctions:
- End-to-end encryption protects message content — but not metadata (timestamps, who you message, how often, device info)
- WhatsApp’s code isn’t fully open-source, making independent verification difficult
- When users report messages for abuse, WhatsApp receives up to five recent messages plus metadata
- Cloud backups may not have the same encryption protections unless specifically enabled
The FBI has previously confirmed it can obtain various types of metadata from WhatsApp with legal process — and in one notable case, WhatsApp metadata was key to the arrest of a Treasury Department whistleblower who believed the app was safe for journalist-source communication.
Current Status
A Bureau of Industry and Security spokesperson told Bloomberg the agent’s assertions about WhatsApp encryption practices were “unsubstantiated and outside the scope of his authority” — and that BIS is “not investigating WhatsApp or Meta for violations of the export laws.”
The class action lawsuit remains in its earliest stages. Meta is expected to file a motion to dismiss, and class certification decisions typically take 1-2 years.
What This Means for You
No court or independent investigation has proven Meta can read encrypted WhatsApp messages. These remain allegations.
However, what is confirmed:
- Meta collects metadata from WhatsApp including subscriber info, IP addresses, and device data
- This metadata is shared with authorities upon request
- WhatsApp’s proprietary code prevents public verification of encryption claims
For users requiring maximum security, experts recommend Signal — which is fully open-source and has been independently audited. At minimum, enable WhatsApp’s encrypted backup feature and use disappearing messages for sensitive conversations.
Sources: Bloomberg News, The Signals Network, Cybernews, BitDefender, Computing UK
Still trust WhatsApp with your private messages? Join the discussion on TEG Exchange.