Serious questions have emerged in the United States over the privacy architecture of WhatsApp, with federal agencies examining allegations that personnel linked to Meta Platforms may have had access to user messages despite longstanding claims of end-to-end encryption.
According to people familiar with the matter and law-enforcement records, U.S. authorities reviewed complaints from former Meta contractors who alleged that certain employees and contract workers involved in content moderation could access WhatsApp chats. The inquiry was conducted by a specialised enforcement unit operating under the U.S. Department of Commerce and had not been publicly disclosed earlier.
The allegations strike at the core of WhatsApp’s privacy assurances. The platform has consistently marketed itself as a secure messaging service where messages are protected by default end-to-end encryption — a system it says ensures that only the sender and recipient can read the content, with no access for the company itself.
Meta has strongly rejected the claims. A company spokesperson said that WhatsApp’s encryption framework makes it impossible for the company, its employees or its contractors to view encrypted communications. The allegations, Meta maintained, are technically unfeasible and contradict how the service is designed to operate.
However, investigative records indicate that some former content moderators told authorities they had access to message content that was supposed to be encrypted. These individuals were engaged through a third-party consulting firm and were involved in reviewing content linked to potential criminal activity. The documents suggest that certain internal tools allowed moderators to examine message substance in select cases.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
The records do not clearly explain how such access would have been possible within an end-to-end encrypted system. Investigators reportedly assigned an internal code name to the inquiry and described it as ongoing at the time of documentation. Officials familiar with the process cautioned that many such probes conclude without formal findings or charges.
Subsequently, representatives associated with the U.S. Commerce Department said some assertions made by an enforcement agent were unsubstantiated and clarified that there was no active investigation into Meta or WhatsApp for violations of export control laws. Even so, the episode has intensified debate around the transparency of Meta’s data-protection practices.
The scrutiny comes against the backdrop of Meta’s history of privacy controversies. In earlier years, the company faced major penalties over data-handling lapses and pledged sweeping reforms to rebuild trust. WhatsApp’s encryption model has since been highlighted by Meta as a cornerstone of its renewed privacy posture.
WhatsApp acknowledges that in limited circumstances — such as when a user reports a chat or group — the service may receive a small number of recent messages for review. The company says this occurs only with user initiation and does not undermine the broader encryption framework.
Former contractors, however, allege a far wider scope of access. Their accounts suggest that content reviewers across multiple countries used similar systems and that vetting and oversight standards varied, particularly as moderation operations expanded globally.
Parallel to the federal review, WhatsApp and Meta are facing a civil lawsuit in the United States alleging that the company can store, analyse and potentially access private user communications. Meta has described the lawsuit as baseless and said it will contest the claims vigorously.
Digital privacy experts say the controversy underscores a wider global concern over how technology platforms balance encryption promises with content moderation, law-enforcement cooperation and internal oversight. As messaging apps become critical infrastructure for billions of users, confidence in their security claims has significant geopolitical and commercial implications.
For now, Meta continues to insist that WhatsApp’s encryption remains intact and uncompromised. Yet the combination of whistleblower allegations, federal scrutiny and ongoing litigation has ensured that the company’s privacy assurances will remain under close examination.
As investigations and legal proceedings evolve, the credibility of WhatsApp’s encryption model — and the broader trust placed in Big Tech privacy claims — is likely to remain a focal point for regulators, users and the global technology industry alike.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
