US law enforcement has been investigating allegations by former Meta Platforms Inc contractors that Meta personnel can access WhatsApp messages, despite the company’s statements that the chat service is private and encrypted, according to interviews and an agent’s report seen by Bloomberg News.

The former contractors’ claims – that they and some Meta staff had “unfettered” access to WhatsApp messages – were being examined by special agents with the US Department of Commerce, according to the law enforcement records, as well as a person familiar with the matter and one of the contractors.

Similar claims were also the subject of a 2024 whistleblower complaint to the US Securities and Exchange Commission, according to the records and the person, who spoke on the condition that they not be identified out of concern for potential retaliation. The investigation and whistleblower complaint haven’t been previously reported.  

The allegations under investigation stand in stark contrast to how Meta has marketed WhatsApp: as a private app with default “end-to-end” encryption, which the company’s website says means “no one outside of the chat, not even WhatsApp, can read, listen to, or share” what a user says.

WhatsApp has communicated this level of privacy in its app, in its advertising, and to governments that want access to information on crimes, which Meta has told them is technically impossible to provide because of WhatsApp’s architecture. 

A spokesperson for Meta, which acquired WhatsApp in 2014, said the contractors’ claims are impossible.

“What these individuals claim is not possible because WhatsApp, its employees, and its contractors, cannot access people’s encrypted communications,” the spokesperson, Andy Stone, said in an email.

Meta’s shares dropped about 1% in extended trading.

Last year, two people who did content moderation work for WhatsApp told an investigator with Commerce’s Bureau of Industry and Security that some staff at Meta have been able to see the content of WhatsApp messages, according to the agent’s report summarising the interviews. 

Those content moderators, who worked for Meta through a contract with the management and technology consulting firm Accenture Plc, also alleged that they and some of their colleagues had broad access to the substance of WhatsApp messages that were supposed to be encrypted and inaccessible, according to the report.

“Both sources confirmed that they had employees within their physical work locations who had unfettered access to WhatsApp,” wrote the agent. 

The Bureau of Industry and Security oversees US export controls. The records say the investigating agent worked for the bureau’s Office of Export Enforcement but do not explain what legal theory underpins the inquiry. 

One of the content moderators who told the investigator she had access said she also “spoke with a Facebook team employee and confirmed that they could go back aways into WhatsApp (encrypted) messages, stating that they worked cases that involved criminal actions,” according to the document. It only identifies her with a confidential informant number and doesn’t elaborate on the work of the Meta employee. 

The investigator’s report, dated July 2025, described the investigation as “ongoing”, includes a case number and dubs the inquiry “Operation Sourced Encryption”. The document identifies the agent who conducted the interviews and states that his report was reviewed by an assistant special agent in charge, who is also named.

The inquiry was active as recently as January, according to a person familiar with the matter. The inquiry’s current status and who may be the defined target are both unclear. Many investigations end without any formal accusations of wrongdoing.

A spokesperson for the Bureau of Industry and Security said their “employee’s assertions about WhatsApp encryption practices are unsubstantiated and outside the scope of his authority as an export enforcement agent”. 

“BIS is not investigating WhatsApp or Meta for violations of the export laws,” the spokesperson, Lauren Weber Holley, said in an email. She didn’t directly answer questions about the target of the probe.  

An Accenture spokesperson, Lara Wozniak, referred questions about the inquiry to Meta. “Please contact WhatsApp for comment,” she said. 

Meta has previously been accused of running afoul of rules meant to protect user privacy, including several data and privacy mishaps that ultimately led to a record US$5bil (RM19.69bil) fine by the US Federal Trade Commission in 2019. The alleged violations didn’t involve WhatsApp. Meta’s settlement includes ongoing oversight by the FTC, which is in charge of monitoring Meta’s privacy practices. The company has since installed a chief privacy officer and touts end-to-end encryption as an example of how it makes user privacy a core focus of its consumer products.

The company has repeatedly apologised in the past for its treatment of user data.

Meta says it cannot see WhatsApp messages because they are encrypted with digital keys – a tool aimed at safeguarding data – that live on users’ phones and aren’t accessible to the company. The investigative report seen by Bloomberg doesn’t include a technical explanation of the contractors’ claims.

WhatsApp on its website says it does, in some instances, allow information about messages to be seen by the company. If someone reports a user or group for problematic messages, “WhatsApp receives up to five of the last messages they’ve sent to you” and “the user or group won’t be notified,” the company says. In those cases, WhatsApp says it receives the “group or user ID, information on when the message was sent, and the type of message sent (image, video, text, etc.).”

Former contractors outlined much broader access.

Larkin Fordyce was an Accenture contractor who the report says an agent interviewed about content moderation work for Meta. Fordyce told the investigator he spent years doing this work out of an Austin, Texas office starting as early as the end of 2018. He said moderators eventually were granted their own access to WhatsApp, but even before that they could request access to communications and “the Facebook team was able to ‘pull whatever they wanted and then send it,’” the report states.

Fordyce confirmed to Bloomberg News that he spoke with the investigator. “I was interviewed a couple times by an agent and can confirm that it was about my time at Meta,” he said. “I felt that sharing what I knew with the government was beneficial to the United States of America.”

Fordyce, 38, said he continued contract work for Meta until 2022. He declined to further discuss the investigation or his work.

The former contractors also discussed the vetting of foreign nationals who did content moderation for Meta, including people from Israel, Ireland, India and China, according to the records. One of them told the agent that the foreign workers had “full access to the same portal to review” content moderation cases as their counterparts in the US, the documents show. One of them said she was asked to train new hires when the content moderation program was being sent to India, and both said that there was little vetting of people hired for such roles, according to the report. 

The agent also gathered records that were filed in the whistleblower complaint to the SEC, according to his report, which doesn’t describe the materials. Representatives of a whistleblower organization referred to in the report didn’t respond to calls or an email seeking comment. The status of the whistleblower complaint is unclear.

Ben Watson, a spokesperson for the SEC, declined to comment on the matter.

The former contractors’ claims resemble ones made in a lawsuit filed on Jan. 23 in US District Court in San Francisco by an international group of plaintiffs. Those plaintiffs alleged that Meta and WhatsApp “store, analyse, and can access virtually all of WhatsApp users’ purportedly ‘private’ communications.” 

The suit, first reported by Bloomberg, cites “whistleblowers” as having helped bring this information to light, though it doesn’t identify them. 

“We’ll continue to push back on false claims, including those shopped by the high-priced plaintiffs’ firm which has filed suit against WhatsApp,” said Stone, the Meta spokesperson. 

Some of the plaintiffs are represented by attorneys who work for Quinn Emanuel Urquhart & Sullivan. That law firm has also represented NSO Group in a lawsuit that WhatsApp brought against the spyware company. Last year, a jury concluded that NSO Group should pay WhatsApp more than US$167mil (RM657.70mil) in punitive damages. 

Stone previously called the lawsuit alleging that Meta can access WhatsApp messages “frivolous” and said that the company “will pursue sanctions against plaintiffs’ counsel”. Those lawyers either didn’t respond to Bloomberg inquires or declined to comment.

Meta’s expansion of end-to-end encryption across its messaging tools, from WhatsApp to Messenger, has drawn criticism over the years, particularly from law enforcement officials tracking terrorism, trafficking and child endangerment. In 2021, WhatsApp sued in India challenging Indian rules that would require the company to provide access to encrypted messages.

Mark Zuckerberg, Meta’s chief executive officer, has recently emphasized WhatsApp’s encryption. 

“The thing that encryption does that’s really good is it makes it so that the company that’s running the service doesn’t see it,” Zuckerberg said in a conversation with podcaster Joe Rogan last year. “So if you’re using WhatsApp, basically, when I text you on WhatsApp, there’s no point at which the Meta servers see the contents of that message.” – Bloomberg