Entrar
Agent’s claims on WhatsApp access spark security concerns
A US agent claimed WhatsApp encryption is fake and Meta can access messages; the probe was abruptly shut, raising security concerns.
A US agent claimed WhatsApp encryption is fake, alleging Meta accesses all unencrypted messages, but Commerce Department abruptly shut the probe, leaving leaders questioning if consumer apps are safe for sensitive business decisions.
In early 2026, a remarkable exchange unfolded inside the U.S. Commerce Department that has since sparked debate across cybersecurity, privacy, and corporate governance circles. A special agent from the Bureau of Industry and Security (BIS) sent an email asserting something astonishing: Meta’s WhatsApp, despite its public claims of end-to-end encryption, allows the company to access and store all user messages, including texts, photos, audio, and video, in unencrypted form. Just months later, the investigation was abruptly terminated.
“After roughly 10 months of collecting documents and conducting interviews, the agent circulated a Jan. 16 email to more than a dozen officials across federal agencies outlining preliminary conclusions.” reported TechSpot. “According to records reviewed by Bloomberg and corroborated by recipients, the agent asserted that Meta’s systems allow access to message content in ways that conflict with how WhatsApp’s encryption has been publicly described.”
After a 10-month probe internally dubbed “Operation Sourced Encryption,” the BIS agent circulated a January 16 email to over a dozen federal officials.
“There is no limit to the type of WhatsApp message that can be viewed by Meta. Meta can and does view and store all the text messages, photographs, audio and video recordings in an unencrypted format.” reads the email the agent wrote.
The email also described a “tiered permissions system” in place since at least 2019, granting access not only to Meta employees but also to contractors and “a significant number of foreign/overseas workers in India.”
The email also suggested the conduct could involve “civil and criminal violations that span several federal jurisdictions,” though he did not specify which laws. Importantly, this was not a formal accusation, it was a preliminary conclusion from an internal investigation that would soon be scrubbed from existence.
However Shortly after the email circulated, senior leadership at BIS shut down the inquiry.
“The [agency] is not investigating WhatsApp or Meta for violations of export laws,” said a spokesperson for the agency, Lauren Weber Holley.
Meta strongly denied the claims.
Meta says that only chat participants can read or hear messages on WhatsApp—not even the company itself. It has also defended this stance in court, including a 2021 case against India’s traceability rules.
Not everyone agrees with the agent’s claims. Former Meta security chief Alex Stamos said they are “almost certainly false.” He noted that any backdoor would have to exist in widely inspected app code, making it easy for researchers to find. He also argued Meta wouldn’t share such powerful access with contractors.
“A widespread backdoor would be easily found by security researchers,” Stamos said. “Also, a backdoor in WhatsApp would be a massive signals intelligence tool. There’s no way Meta would provide that capability to Accenture contractors if they had it.” said Stamos.
Still, two individuals interviewed by the agent claimed broad access to WhatsApp messages while performing content moderation work under contract with Accenture, which did not respond to comment requests.
The investigation’s closure leaves key questions unanswered, including what evidence was found and whether WhatsApp’s encryption will be further examined, keeping uncertainty high.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, WhatsApp)
Note: Social media platform Facebook is currently experiencing international outages; incident not related to country-level internet disruptions or filtering 