Class action lawsuit: WhatsApp encryption allegedly ineffective
A class action lawsuit against Meta claims that WhatsApp message end-to-end encryption is just a facade. Meta strongly denies this.
Whatsapp app on smartphone
(Image: PixieMe/Shutterstock.com)
Does the promised end-to-end encryption of messages on WhatsApp only exist on paper? This is precisely what a class action lawsuit against Meta, filed with the United States District Court for the Northern District of California, claims (26-cv-00751-LB).
The plaintiffs, WhatsApp users from Australia, Brazil, India, Mexico, and South Africa, refer to information from whistleblowers within the company, according to which employees have access to user messages despite encryption. In a statement to the US financial news agency Bloomberg, Meta called the allegations “absurd” and “completely fabricated”.
WhatsApp has been using the Signal protocol since April 2016. It is known that the metadata of communication, i.e., who communicated with whom and when via WhatsApp servers, is not end-to-end encrypted. However, this is said to be the case for the message texts. The Signal protocol, which is open source, is considered secure in this regard.
Videos by heise
Plaintiffs rely on whistleblowers
The plaintiffs, on the other hand, claim that WhatsApp has built in a “kleptographic backdoor”. The encryption would therefore function correctly from a technical standpoint. However, additional code would ensure that, for example, the app additionally sends the decryption keys to a Meta server or that the app creates copies of the unencrypted messages before sending them and transmits them to Meta. In any case, according to the lawsuit, it is easy to access messages within the company. Only for prominent individuals are there higher hurdles, but these can also be overcome. Even deleted messages could still be retrieved later.
Employees at Meta who discovered this alleged breach of trust were instructed to “stay in their lane,” according to the lawsuit. A possible connection is also drawn to the murder of Saudi journalist Jamal Khashoggi, who used WhatsApp for sensitive communication.
Meta calls lawsuit “unserious”
The plaintiffs accuse Meta of violations of various US laws, including the US Wiretap Act, and are seeking damages. Meta, on the other hand, called the lawsuit “unserious” to Bloomberg and is even considering legal action against the lawyers. “Any claim that WhatsApp users' messages are not encrypted is categorically false and absurd,” said spokesperson Andy Stone. “WhatsApp has been continuously encrypted using the Signal protocol for a decade. This lawsuit is an unserious fabrication.”
(mki)
