Texas Attorney General Ken Paxton has sued Meta, claiming that WhatsApp does not deliver the end-to-end encryption it has promised for years. The lawsuit targets one of the world’s largest messaging platforms, used by more than 3 billion people, and challenges a core part of its privacy claims.
For nearly a decade, Meta has said WhatsApp protects messages with end-to-end encryption, or E2EE. Under that system, messages are locked on the sender’s device and can only be unlocked by the receiver. The platform itself should not be able to read them.
Meta CEO Mark Zuckerberg made that point in sworn testimony before US Senate committees in 2018. He said Meta could not view WhatsApp message content because the service was “fully encrypted.” WhatsApp’s security model relies on the Signal protocol, an open-source system that many researchers regard as strong and reliable.
Texas now says those claims are false.
Texas Files Privacy Lawsuit Against Meta Over WhatsApp Message Access Claims
In a complaint filed on Thursday, the state alleges that Meta and WhatsApp can access the plain text of user messages. Lawyers for the attorney general’s office argue that Texans were misled into believing their private conversations were beyond the reach of Meta, when the company allegedly had access to them.
The lawsuit calls the issue a serious breach of privacy and trust. It says users had every reason to believe that nobody, including Meta, could read their messages.
Meta rejects the claims. The company called the lawsuit “baseless” and said it will fight the case in court.
The case, however, rests on a narrow pool of evidence.
The main factual support in the complaint comes from a Bloomberg report published last month. The report said the US Commerce Department’s Bureau of Industry and Security ended an investigation into claims that Meta could access encrypted WhatsApp messages.
Bloomberg cited a January email from a government agent that claimed Meta faced civil and criminal issues tied to WhatsApp message access. According to the report, the email stated that there was “no limit” to the type of WhatsApp message Meta could view.
The Texas complaint does not suggest that state investigators obtained the email or collected direct technical evidence from the federal probe. Instead, it points largely to the Bloomberg report.
The lawsuit also notes that Meta employees can review WhatsApp messages reported by users. Yet that process does not break encryption. When someone reports a message, the content comes from the user’s own device after it has already been decrypted by the recipient’s keys.
That distinction matters to cryptographers and security researchers.
Experts Skeptical of Claims Regarding WhatsApp Encryption Backdoor
Experts say a hidden system that allowed Meta to bypass WhatsApp encryption would likely leave traces. Because the app can be reverse-engineered, researchers could inspect how it handles message security.
A 2023 academic study that examined WhatsApp’s cryptographic system found no proof that the app secretly bypassed encryption. The researchers did uncover one weakness in group chats. A Meta employee with access to company systems could add a user to a group without approval from existing members. But that change would still be visible to everyone in the chat.
Benjamin Dowling, a cryptography researcher at King’s College London and co-author of the study, said his team reverse-engineered WhatsApp’s security protocol and found no sign that it worked differently from Meta’s public claims.
Dowling stressed one limit. The study only examined the version of WhatsApp available in May 2023. Since WhatsApp is closed source, outsiders cannot inspect every line of code or track all future updates.
Still, he said the available evidence points toward WhatsApp delivering the message confidentiality promised by the Signal protocol.
Other experts share that view.
Experts Question Evidence in WhatsApp Privacy Lawsuit
Kenny Paterson, a researcher at ETH Zurich, said the lawsuit appears to rely on weak support. While he criticized Meta’s broader data practices, he questioned the strength of a case built around one news report.
Matthew Green, a computer science professor at Johns Hopkins University, also expressed doubt. He noted that WhatsApp clients are open to reverse engineering and said a flaw of this scale would likely require major hidden behavior inside the app.
The Texas attorney general’s office did not respond to questions asking whether it had stronger evidence beyond the reported email.
Meta’s privacy history gives critics many reasons for scrutiny. But for now, the lawsuit raises more questions than answers. Unless new technical proof emerges, the claim that WhatsApp secretly breaks its end-to-end encryption remains unproven.
