US Government Also Received a Whistleblower Complaint That WhatsApp Chats Aren't Private (yahoo.com)
- Reference: 0180712176
- News link: https://yro.slashdot.org/story/26/02/01/037202/us-government-also-received-a-whistleblower-complaint-that-whatsapp-chats-arent-private
- Source link: https://finance.yahoo.com/news/us-investigated-claims-whatsapp-chats-212251244.html
> Similar claims were also the subject of a 2024 whistleblower complaint to the US Securities and Exchange Commission, according to the records and the person, who spoke on the condition that they not be identified out of concern for potential retaliation. The investigation and whistleblower complaint haven't been previously reported...
>
> Last year, two people who did content moderation work for WhatsApp told an investigator with Commerce's Bureau of Industry and Security that some staff at Meta have been able to see the content of WhatsApp messages, according to the agent's report summarizing the interviews. [A spokesperson for the Bureau later told Bloomberg that investigator's assertions were "unsubstantiated and outside the scope of his authority as an export enforcement agent."] Those content moderators, who worked for Meta through a contract with the management and technology consulting firm Accenture Plc, also alleged that they and some of their colleagues had broad access to the substance of WhatsApp messages that were supposed to be encrypted and inaccessible, according to the report. "Both sources confirmed that they had employees within their physical work locations who had unfettered access to WhatsApp," wrote the agent... One of the content moderators who told the investigator she had access said she also "spoke with a Facebook team employee and confirmed that they could go back aways into WhatsApp (encrypted) messages, stating that they worked cases that involved criminal actions," according to the document...
>
> The investigator's report, dated July 2025, described the investigation as "ongoing," includes a case number and dubs the inquiry "Operation Sourced Encryption..." The inquiry was active as recently as January, according to a person familiar with the matter. The inquiry's current status and who may be the defined target are both unclear. Many investigations end without any formal accusations of wrongdoing...
>
> WhatsApp on its website says it does, in some instances, allow information about messages to be seen by the company. If someone reports a user or group for problematic messages, "WhatsApp receives up to five of the last messages they've sent to you" and "the user or group won't be notified," the company says. In those cases, WhatsApp says it receives the "group or user ID, information on when the message was sent, and the type of message sent (image, video, text, etc.)." Former contractors outlined much broader access. Larkin Fordyce was an Accenture contractor who the report says an agent interviewed about content moderation work for Meta. Fordyce told the investigator he spent years doing this work out of an Austin, Texas office starting as early as the end of 2018. He said moderators eventually were granted their own access to WhatsApp, but even before that they could request access to communications and "the Facebook team was able to 'pull whatever they wanted and then send it,'" the report states...
>
> The agent also gathered records that were filed in the whistleblower complaint to the SEC, according to his report, which doesn't describe the materials... The status of the whistleblower complaint is unclear.
Some key points from the article:
"The investigative report seen by Bloomberg doesn't include a technical explanation of the contractors' claims."
"A spokesperson for Meta, which acquired WhatsApp in 2014, said the contractors' claims are impossible."
One contractor "said that there was little vetting" of foreign nationals hired to do content moderation for Meta, saying this granted them "full access to the same portal to review" content moderation cases
[1] https://it.slashdot.org/story/26/01/27/0550249/lawsuit-alleges-that-whatsapp-has-no-end-to-end-encryption
[2] https://finance.yahoo.com/news/us-investigated-claims-whatsapp-chats-212251244.html
Enhanced security (Score:1)
If you have any type of account recovery or backup enabled then your keys are with the service provider. Usually thereâ(TM)s an option to enable enhanced security which clearly mentions no recovery or backup possible if you forget password.
In this case you chats will also open only on 1 device while other devices will say they canâ(TM)t display the chat (though few apps do offer e2e on multiple devices too)
Content Moderators? (Score:2)
If the messages are end to end encrypted, why even have content moderators?
Re: Content Moderators? (Score:2)
Presumably reporting a message uses the client to upload a set amount of messages as the report for them to moderate. Given this new news perhaps the client upload was never needed.
Using WhatsApp can get you killed (Score:2)
[1]https://edition.cnn.com/2018/1... [cnn.com]
[1] https://edition.cnn.com/2018/12/02/middleeast/jamal-khashoggi-whatsapp-messages-intl/
Inspired by the Off-the-Record Messaging protocol (Score:2)
Their encryption is inspired by, if not directly based upon, the [1]Off-the-Record Messaging (OTR) protocol [wikipedia.org].
Being a [2]public-key encryption protocol [wikipedia.org], OTR messages can have the session key encrypted by more than one PK key, meaning that more than just the user's intended recipient can read the data.
The "perfect forward secrecy" and "plausible deniability" are still in effect, but you have two Bobs in the [3]Alice and Bob encryption model [wikipedia.org].
[1] https://en.wikipedia.org/wiki/Off-the-record_messaging
[2] https://en.wikipedia.org/wiki/Public-key_cryptography
[3] https://en.wikipedia.org/wiki/Alice_and_Bob
Keys (Score:2)
Key management is a huge pain in the ass. If you aren't personally dealing with the keying hassles, your communications are neither private nor secure.
At best, there might be a corporate policy somewhere that says that employees should not snoop.
"private" != "end-to-end encrypted" (Score:2)
For chats to be private, quite a few additional requirements have to be fulfilled. For example, user private keys only on user devices and inaccessible to WhatsApp.