For years, WhatsApp’s strongest selling point has been its claim of end-to-end encryption — the assurance that messages are readable only by the sender and recipient, and not even by the platform that carries them. That promise is now at the centre of a legal complaint in the United States, where a group of plaintiffs has accused Meta Platforms, Inc. of misleading billions of users about the true level of privacy on WhatsApp.
The complaint alleges that despite repeated public statements by Meta, internal access to WhatsApp communications may have been broader than users were led to believe. The case has gained fresh attention after a report by Bloomberg revealed that U.S. government investigators have been examining claims made by former Meta contractors who said they and some company staff had the ability to view message content that was supposed to be encrypted.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
The allegations do not yet amount to formal charges, but they strike at a core pillar of Meta’s public narrative — that encryption places WhatsApp beyond the reach of corporate, governmental or third-party surveillance.
Inside ‘Operation Sourced Encryption’
According to Bloomberg, special agents from the U.S. Department of Commerce have been conducting an inquiry known internally as “Operation Sourced Encryption.” The investigation has focused on statements by two former content moderators who worked on Meta projects through Accenture Plc.
In interviews with investigators, the contractors claimed that Meta employees — and in some cases contractors — had what they described as “unfettered access” to WhatsApp messages. One former moderator reportedly said she had personally accessed message content and had spoken with a Facebook employee who claimed the ability to retrieve WhatsApp messages from earlier periods, including in cases tied to criminal investigations.
An internal report written by an agent from the Department of Commerce’s Bureau of Industry and Security in July 2025 noted that both sources independently confirmed the existence of such access among colleagues. Bloomberg reported that the inquiry was still active as recently as January 2026, though the documents did not specify the legal basis for the probe or identify a clear target.
The investigation appears to sit at the intersection of technology oversight and export enforcement — an unusual posture that reflects how encryption has become both a commercial feature and a matter of national security concern.
Meta Pushes Back, Agencies Distance Themselves
Meta has categorically denied the allegations. In a statement to Bloomberg, Andy Stone, a company spokesperson, said that the claims were technically impossible. “WhatsApp, its employees, and its contractors cannot access people’s encrypted communications,” he said, reiterating the company’s long-standing position.
The Bureau of Industry and Security also sought to downplay the implications of the investigator’s remarks, saying that conclusions drawn about WhatsApp’s encryption were “unsubstantiated and outside the scope” of the agent’s authority as an export enforcement official.
Still, the conflicting accounts underscore the opaque nature of modern digital infrastructure. Even if message content itself remains encrypted, critics have long argued that metadata, backups, device-level access and moderation tools can complicate simple assurances of privacy — distinctions that are rarely clear to ordinary users.
A Familiar Reckoning for Meta
The WhatsApp controversy revives a pattern that has followed Meta across its platforms. The company has repeatedly faced legal and regulatory scrutiny over privacy practices, most notably a $5 billion fine imposed by the U.S. Federal Trade Commission in 2019 for violations linked to Facebook. That settlement led to years of enhanced oversight and compliance obligations, even as Meta sought to reframe itself as a privacy-centric company.
WhatsApp, acquired by Facebook in 2014, has played a central role in that repositioning. Meta executives have frequently described encryption as a moral and technical boundary — a safeguard against surveillance and misuse. The company’s website and public filings assert that it is “technically impossible” for WhatsApp to read user messages.
The current allegations, even if ultimately unproven, threaten to erode that narrative at a moment when trust in digital platforms is already fragile. For governments, the case raises questions about how encrypted services are policed. For users, it reopens a simpler but more personal concern: whether private conversations are truly private.
As the investigation continues quietly in the background, Meta finds itself once again defending not just a product feature, but a promise that underpins its relationship with billions of people worldwide.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
