A US agency abruptly closed an investigation into allegations that Meta Platforms Inc can access encrypted WhatsApp messages, said two people familiar with the matter, ending a law enforcement inquiry into claims that challenge how the company markets the chat service’s privacy.
The probe was shut down soon after a Commerce Department investigator contacted other federal officials early this year to share his conclusions "thus far” and try to coordinate ongoing investigative work, according to records seen by Bloomberg News and the people. They spoke on condition that they and the agent not be identified because they weren’t authorised to discuss the matter and were concerned about retaliation.
Through much of 2025, the special agent had been looking into claims that some Meta employees and contractors could see the content of encrypted WhatsApp messages. Meta has vehemently denied those allegations and said it’s impossible for its workers to read messages because of how the WhatsApp platform is built.
In January, the agent sent more than a dozen officials at other agencies an email summarising his preliminary findings. He wrote that, after 10 months of gathering documents and conducting interviews, he had concluded that Meta stores and can view WhatsApp messages. Bloomberg News reviewed the email and authenticated it with one of the recipients and another person who saw it.
"There is no limit to the type of WhatsApp message that can be viewed by Meta,” wrote the agent with the Office of Export Enforcement inside the Commerce Department’s Bureau of Industry and Security.
"The misconduct of Meta and its officers, including current and former high-level executives, involve civil and criminal violations that span several federal jurisdictions,” he said later in the January 16 message.
The agent repeatedly declined to comment when reached by phone.
Not long after the investigator sent the note, his agency, which oversees US export controls, closed the investigation, according to the people. Both described the shutting of the investigation as abrupt, and one of them said it was done at the direction of senior agency leaders.
The probe’s closing leaves open questions about what evidence the agent gathered and why he was seeking outside involvement for an inquiry dubbed "Operation Sourced Encryption.” It’s also unclear whether any of the officials he emailed picked up the inquiry involving one of the world’s most widely used messaging services.
The agent didn’t specify what laws may have been broken, and his email was not a formal accusation of wrongdoing. Bloomberg hasn’t independently confirmed the agent’s claims, and a spokesperson for the bureau previously dismissed them as "unsubstantiated and outside the scope of his authority as an export enforcement agent.”
A spokesperson for Meta, which acquired WhatsApp in 2014, echoed that sentiment.
"The claim that WhatsApp can access people’s encrypted communications is patently false,” the spokesperson, Andy Stone, said in an email. "Months ago the Bureau of Industry and Security disavowed this purported investigation, calling its own employee’s allegations unsubstantiated and saying the agency is not investigating WhatsApp or Meta for export law violations.”
The Bureau of Industry and Security spokesperson, Lauren Weber Holley, didn’t answer questions from Bloomberg beyond referring to the agency’s previous statement. The bureau "is not investigating WhatsApp or Meta for violations of the export laws,” she said on Jan. 29.
The agent’s statements are contrary to how Meta has marketed WhatsApp: as a private app with default "end-to-end” encryption, which the company’s website says means "no one outside of the chat, not even WhatsApp, can read, listen to, or share” what a user says.
In contrast, the agent wrote in his email that "Meta can and does view and store all the text messages, photographs, audio and video recordings” in an unencrypted format. He wrote that since at least 2019 Meta has had a "tiered permissions system,” giving different people access to a range of WhatsApp content, and that the company has granted such access to contractors and a "significant number of foreign/overseas workers in India.”
Meta announced in 2016 that WhatsApp would be protected by end-to-end encryption, and has since repeated to governments around the world that the platform’s architecture makes it impossible for the company to access conversations. WhatsApp sued in 2021 to challenge Indian rules that would require the company to provide access to encrypted messages.
Two people the agent interviewed, however, described having broad access to WhatsApp messages while doing content moderation work for Meta, Bloomberg previously reported based on other records from the investigation. They did that work through a contract with the management and technology consulting firm Accenture Plc.
Alex Stamos, who was the chief security officer of what is now Meta from 2015 to 2018, said the contractors’ claims are "almost certainly false.” He dismissed the idea that a clandestine way for the company to view WhatsApp messages could be kept secret.
"While I can’t personally vouch for what’s in WhatsApp’s code as I haven’t worked there for years, any widespread backdoor would have to be in the downloaded Android and iOS apps and would be easily found by security researchers,” Stamos told Bloomberg. "Also, a backdoor in WhatsApp would be a massive signals intelligence tool and there is no way Meta would provide that capability to Accenture contractors if they had it.”
Representatives of Accenture didn’t respond to requests for comment. The firm previously referred questions about the investigation to WhatsApp.
The agent’s email went to officials including senior lawyers and attorneys working on cases involving Meta at the Securities and Exchange Commission and the Federal Trade Commission.
The agent’s investigation was prompted by a November 2024 whistleblower complaint to the SEC, according to his email. In 2019, the FTC fined Meta a record US$5bil (RM19.83bil) over accusations that it ran afoul of privacy rules, and the agency took charge of monitoring company privacy practices. The alleged violations didn’t involve WhatsApp.
The company repeatedly apologised in the past for its treatment of user data and has since installed a chief privacy officer.
Representatives of the SEC and FTC declined to comment. – Bloomberg
