What we know so far: Earlier this year, a federal probe into whether Meta's WhatsApp service can access encrypted messages was abruptly shut down, according to two people familiar with the matter. The closure cut short an investigation that had raised technical questions about how the service handles user data behind the scenes.
The case, led by a special agent in the Commerce Department's Bureau of Industry and Security, focused on claims that some Meta employees and contractors could access WhatsApp messages despite the app's use of end-to-end encryption.
After roughly 10 months of collecting documents and conducting interviews, the agent circulated a Jan. 16 email to more than a dozen officials across federal agencies outlining preliminary conclusions. According to records reviewed by Bloomberg and corroborated by recipients, the agent asserted that Meta's systems allow access to message content in ways that conflict with how WhatsApp's encryption has been publicly described.
"There is no limit to the type of WhatsApp message that can be viewed by Meta," the agent wrote in the email. He added that "Meta can and does view and store all the text messages, photographs, audio and video recordings" in an unencrypted format.
The email further described a "tiered permissions system" in place since at least 2019, with access to WhatsApp content extending to employees, contractors and "a significant number of foreign/overseas workers in India."
The agent also wrote that the alleged conduct could involve "civil and criminal violations that span several federal jurisdictions," though he did not specify which laws may have been broken. The email did not amount to a formal accusation, and Bloomberg said it has not independently confirmed the agent's assertions.
Soon after the message circulated, the Bureau of Industry and Security shut down the investigation. Two people familiar with the decision described the closure as abrupt, with one saying it came at the direction of senior agency leadership. The bureau declined to provide additional details beyond a prior statement.
A spokesperson for the agency, Lauren Weber Holley, previously said it "is not investigating WhatsApp or Meta for violations of the export laws," and characterized the agent's claims as outside his authority. Meta echoed that position, saying WhatsApp cannot access people's encrypted messages.
"The claim that WhatsApp can access people's encrypted communications is patently false," Meta spokesperson Andy Stone said. He added that the bureau had already "disavowed this purported investigation, calling its own employee's allegations unsubstantiated."
The dispute centers on whether WhatsApp's implementation of end-to-end encryption fully prevents server-side access to message content. Meta points to its website, which states that no one outside a chat – including WhatsApp itself – can read or listen to messages.
The company has defended that position in multiple jurisdictions, including a 2021 lawsuit challenging Indian regulations that would require traceability of encrypted messages.
Some of the material gathered during the investigation points in a different direction. Two individuals interviewed by the agent said they had broad access to WhatsApp messages while performing content moderation work under contract with Accenture. Accenture did not respond to requests for comment and has previously referred inquiries to WhatsApp.
At least one security expert has questioned whether such access could exist without being widely detected. Alex Stamos, Meta's former chief security officer, said the claims are "almost certainly false," noting that any systemic backdoor would likely be visible in the client-side code distributed through mobile apps.
"While I can't personally vouch for what's in WhatsApp's code as I haven't worked there for years, any widespread backdoor would have to be in the downloaded Android and iOS apps and would be easily found by security researchers," Stamos said. "Also, a backdoor in WhatsApp would be a massive signals intelligence tool and there is no way Meta would provide that capability to Accenture contractors if they had it."
The now-closed investigation, internally referred to as "Operation Sourced Encryption," was reportedly triggered by a whistleblower complaint submitted to the Securities and Exchange Commission in November 2024. The agent's outreach included officials at the SEC and the Federal Trade Commission, both of which have oversight roles in Meta's privacy practices. Representatives from those agencies declined to comment.
With the investigation shut down and no findings made public, it remains unclear what evidence the agent collected or whether any other agency plans to continue examining WhatsApp's encryption.