Texas AG Sues Meta over Claims that WhatsApp Doesn't Provide End-to-End Encryption

WhatsApp’s claim of end‑to‑end encryption has long been a cornerstone of its global appeal, with more than three billion users relying on the Signal protocol to keep conversations private. The Texas Attorney General’s lawsuit challenges that narrative, alleging Meta can read unencrypted messages despite public assurances from Mark Zuckerberg and technical documentation. The complaint’s primary evidence is a Bloomberg story about a halted Commerce Department probe, a source that Meta has labeled unfounded. This legal strategy underscores a growing trend of state attorneys general targeting tech giants over privacy promises, even when concrete technical proof is sparse.

Technical experts, however, remain largely unconvinced by the allegations. A 2023 independent analysis that reverse‑engineered the WhatsApp client found the encryption implementation consistent with Meta’s public statements, noting only a minor design flaw that permits a Meta employee to add users to group chats without consent—a vulnerability that does not enable mass message decryption. Researchers from King’s College London and ETH Zurich emphasized that the open‑source Signal protocol, combined with WhatsApp’s client architecture, still provides strong confidentiality. Their consensus suggests that, absent new forensic evidence, the lawsuit rests more on political optics than on demonstrable cryptographic failure.

The timing of the suit aligns with Attorney General Ken Paxton’s Senate primary runoff, hinting at a possible electoral calculus. By positioning himself as a defender of Texan privacy, Paxton may aim to galvanize voter support while pressuring Meta to adopt more transparent data practices. For Meta, the case could trigger costly litigation and compel additional disclosures about its messaging infrastructure, even if the core encryption remains intact. Industry observers will watch how this state‑level challenge influences broader regulatory approaches to encryption guarantees across the United States and beyond.