Texas sues Meta: WhatsApp can allegedly bypass encryption

The US state of Texas has filed a lawsuit against the US company Meta based on the unsubstantiated claim that Meta employees can view encrypted content on WhatsApp. Attorney General Ken Paxton made this public and stated that assurances that communication on WhatsApp is completely private and inaccessible are “blatantly inaccurate.” The lawsuit claims that, on the contrary, WhatsApp has access to “virtually all” supposedly private content. This claim is supported by the findings of an investigator from the US Department of Commerce, who claims to have discovered exactly that. However, there is no evidence for this, and experts have long questioned the allegations. Meta has also denied them.

The basis for the lawsuit is primarily the statement of a special investigator who, for the US Department of Commerce last year, followed up on indications that Meta can view encrypted WhatsApp content. This was based on statements from former employees and information from a whistleblower, Bloomberg reported. However, at the end of April, the investigation was abruptly halted, allegedly on orders from upper management. Therefore, it is unclear what evidence was collected during the investigation. According to the financial news service, two people interviewed claimed to have had broad access to WhatsApp messages in their work on content moderation for a contractor.

Backdoor not kept secret

However, the credibility of these statements was already strongly doubted at the time. Meta's former head of security, Alex Stamos, called them “almost certainly false,” Bloomberg quoted. While he could no longer personally vouch for the code of WhatsApp, a necessary backdoor would have had to exist for years and would be downloaded on Android or iOS. There, it would be easily found by security researchers. Furthermore, such a backdoor would be an enormously lucrative entry point that Meta would never leave open for contractors.

In a detailed blog post in February, renowned security researcher Matthew Green dissected the allegations and explained that end-to-end encryption in WhatsApp and other messengers fundamentally takes place on the end device. Any backdoor would therefore have to be built in there, and WhatsApp would be caught. With a high degree of probability, it would be found in the code, and that would expose WhatsApp and Meta to exciting new forms of ruin. He believes the claims might be based on a misunderstanding: if you report content to Meta, for example, for harassment, you transmit it in plain text. Therefore, moderators can see it.

Ken Paxton now sees it differently and explains that the lawsuit is intended to ensure that WhatsApp does not mislead its users. The politician from the Republican party is in the midst of the primary election campaign for a seat in the US Senate, with a runoff election in a few days. In February, he already caused a stir with a lawsuit against TP-Link. In it, he accused the router manufacturer of misleading advertising and of allowing the Communist Party of China access to devices in US homes. A Meta spokesperson categorically rejected the allegations now made and assured that they would defend themselves in court. The lawsuit, case number 26-0393, was filed in Harrison County, Texas.

(mho)