A federal investigator at the Commerce Department tried to sound the alarm. He had been looking into claims that Meta could secretly read WhatsApp messages despite the app’s end-to-end encryption, and he wanted other agencies to pay attention. Instead, his outreach appears to have ended the investigation entirely.
The probe’s closure, first reported by Bloomberg in April 2026, leaves a question that matters to more than two billion WhatsApp users worldwide: does the encryption that Meta promises actually keep their conversations private from Meta itself?
What the investigation found, and what killed it
The inquiry was housed within the Commerce Department’s Bureau of Industry and Security (BIS), the agency responsible for export controls and certain technology enforcement. According to Bloomberg, a BIS investigator circulated interim findings about the encryption allegations and attempted to coordinate a response across multiple federal agencies. Rather than broadening the effort, that outreach coincided with the decision to shut the probe down.
Bloomberg’s reporting does not specify which agencies were contacted or what the interim conclusions said. But the sequence of events strongly suggests the investigator’s cross-agency push played a direct role in the shutdown. No senior Commerce Department official has publicly explained whether the problem was the substance of his findings or the way he tried to advance them.
The investigation grew out of a lawsuit filed earlier in 2026 that alleged WhatsApp misled users about the privacy of their messages. The Guardian confirmed the federal review’s existence in January 2026, noting that both Meta and WhatsApp denied the accusations. A BIS spokesperson went further at the time, calling the underlying claims “unsubstantiated.”
Those denials and that single word from BIS remain the only on-the-record statements from the principals involved. No internal Meta documents, no court filings from the lawsuit, and no formal closure statement from BIS have surfaced publicly.
How WhatsApp encryption is supposed to work
WhatsApp uses the Signal Protocol, widely regarded by cryptographers as one of the strongest available systems for end-to-end encryption. When it works as designed, messages are encrypted on the sender’s device and can only be decrypted on the recipient’s device. Not even Meta’s servers can read the content in transit.
But “end-to-end encryption” describes the message pipeline, not everything that happens around it. Meta collects significant metadata, including who messages whom, when, how often, and from what device and location. Cloud backups of WhatsApp chats, unless users separately enable encrypted backups, have historically been stored in readable form on Google Drive or iCloud. And a 2021 ProPublica investigation revealed that WhatsApp employs over 1,000 contract workers who review messages that users report, since reported messages are forwarded in decrypted form from the recipient’s device.
None of that means Meta has a backdoor into encrypted messages. But it illustrates that the privacy picture is more complicated than a single marketing phrase suggests, and it explains why regulators and researchers keep asking questions about what Meta can actually see.
What remains unknown
The most significant gap is the content of the investigator’s interim conclusions. Did his findings support the encryption allegations, undermine them, or land in ambiguous territory? Without that document, the public cannot evaluate whether the probe was closed because the claims lacked merit or because the investigation itself became politically inconvenient.
The underlying lawsuit is similarly opaque. The specific parties, court jurisdiction, and technical claims have not been detailed in available reporting. The allegations could range from a narrow complaint about metadata handling to a broader accusation that Meta maintains a way to access message content. Those are fundamentally different claims with different implications for users.
Meta’s denials, while on the record, cannot be independently verified without a technical audit of the company’s specific implementation of the Signal Protocol. The protocol itself has been reviewed by security researchers, but Meta’s deployment of it, including any proprietary modifications, has not been subjected to a recent, publicly available independent audit. The BIS spokesperson’s use of “unsubstantiated” is a status description, not a verdict. In regulatory language, it means the agency did not find sufficient evidence to support the claims. It does not mean the claims were disproven.
Why the shutdown matters beyond WhatsApp
Cross-agency coordination on technology enforcement is routine, especially when investigations touch national security, consumer protection, or competition policy. The fact that an investigator’s attempt to bring other agencies into the fold preceded the probe’s closure raises a troubling question: can federal regulators effectively scrutinize the privacy promises of dominant platforms when internal coordination itself becomes a liability?
The pattern is not unique to this case. Federal agencies investigating Big Tech increasingly navigate overlapping jurisdictions, political pressures, and technical complexity that can stall or kill inquiries before they produce public findings. When a probe ends without a published technical assessment, users are left relying on the company’s own assurances.
For WhatsApp’s billions of users, the practical situation has not changed. No government body has publicly confirmed or denied that Meta can access encrypted message content. Users who handle sensitive communications, whether journalists, lawyers, activists, or business professionals, may want to weigh platforms where the encryption implementation has been more recently and independently audited, or where the provider has less commercial incentive to analyze user data. Signal, the standalone app built by the nonprofit Signal Foundation, is the most commonly cited alternative.
What to watch next
The story is unlikely to end here. If the underlying lawsuit proceeds, court filings could force disclosure of technical details that the federal probe never made public. Members of Congress who sit on commerce or intelligence committees may press BIS for an explanation of why the investigation was closed. And the investigator himself, whose name has not been reported, could eventually speak publicly or through legal channels.
Until then, the WhatsApp encryption question sits in a familiar and uncomfortable place: serious enough to warrant a federal investigation, but unresolved enough that the public still does not know the answer.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
