Agent's Claims on WhatsApp Access Spark Security Concerns
Agent’s Claims on WhatsApp Access Spark Security Concerns
A US agent claimed that WhatsApp encryption is fake, alleging that Meta accesses all unencrypted messages. This revelation has sparked significant security concerns among leaders regarding the safety of consumer apps for sensitive business decisions. 🚨
In early 2026, a remarkable exchange unfolded inside the U.S. Commerce Department. A special agent from the Bureau of Industry and Security (BIS) sent an email asserting something astonishing: Meta’s WhatsApp, despite its public claims of end-to-end encryption, allows the company to access and store all user messages, including texts, photos, audio, and video, in unencrypted form. Just months later, the investigation was abruptly terminated.
After a 10-month probe internally dubbed “Operation Sourced Encryption,” the BIS agent circulated a January 16 email to over a dozen federal officials. According to records reviewed by Bloomberg and corroborated by recipients, the agent asserted that Meta’s systems allow access to message content in ways that conflict with how WhatsApp’s encryption has been publicly described. The email stated, “There is no limit to the type of WhatsApp message that can be viewed by Meta. Meta can and does view and store all the text messages, photographs, audio, and video recordings in an unencrypted format.” 📩
The email also described a “tiered permissions system” in place since at least 2019, granting access not only to Meta employees but also to contractors and a significant number of foreign/overseas workers in India. Additionally, the email suggested that the conduct could involve civil and criminal violations that span several federal jurisdictions, though this was a preliminary conclusion, not a formal accusation.
Shortly after the email circulated, senior leadership at BIS shut down the inquiry. A spokesperson for the agency, Lauren Weber Holley, stated, “The [agency] is not investigating WhatsApp or Meta for violations of export laws.” Meta strongly denied the claims. Meta spokesperson Andy Stone stated, “The claim that WhatsApp can access people’s encrypted communications is patently false.” Meta maintains that only chat participants can read or hear messages on WhatsApp—not even the company itself. However, not everyone agrees with the agent’s claims. Former Meta security chief Alex Stamos said they are “almost certainly false,” noting that any backdoor would have to exist in widely inspected app code. Stamos added, “A widespread backdoor would be easily found by security researchers. Also, a backdoor in WhatsApp would be a massive signals intelligence tool. There’s no way Meta would provide that capability to Accenture contractors if they had it.” 🔍
Still, two individuals interviewed by the agent claimed broad access to WhatsApp messages while performing content moderation work under contract with Accenture. The investigation’s closure leaves key questions unanswered, including what evidence was found and whether WhatsApp’s encryption will be further examined, keeping uncertainty high.