(Credit: Elías Valverde II/The Dallas Morning News via Getty Images)
Texas Attorney General Ken Paxton is suing Meta and WhatsApp, claiming that Meta “misled consumers regarding the strength and scope” of WhatsApp’s privacy protections, though encryption experts have criticized his claims.
WhatsApp provides end-to-end (E2EE) encryption, meaning no one, except the two parties involved, can read the messages, including Meta. Paxton, a Republican currently running for US Senate, claims that “investigations and insider accounts" have shown Meta's claims about being unable to access users' messages to be "blatantly inaccurate.” He alleges that reports suggest WhatsApp employees have been able to access user communications, and that “message content can be pulled and viewed after the message has been sent.”
“I am suing to protect Texans’ privacy and ensure that WhatsApp by Meta does not mislead Texans by unlawfully accessing private conversations and data,” the AG says.
The lawsuit alleges violations of Texas's Deceptive Trade Practices-Consumer Protection Act (DTPA), which allows individuals and businesses to sue companies for false, misleading, or deceptive business practices.
In January, WhatsApp was hit with a class-action lawsuit that said its end-to-end encryption is a sham. Meta, however, called the claims "false and absurd." More recently, Meta says it has tried to engage with the plaintiffs in that case, but isn't getting anywhere. The “so-called ‘whistleblowers’ behind the complaint are confused, deeply misinformed, or acting in bad faith," Meta says.
Paxton is citing a Bloomberg report from April 2026, in which a special agent with the Office of Export Enforcement allegedly examined claims that Meta employees and contractors could view WhatsApp message content. The case was later closed.
Benjamin Dowling, a senior lecturer in cryptography at King’s College London and a co-author of the study, tells Ars Technica that, “all the evidence we are aware of points towards WhatsApp providing users with end-to-end encryption for their message contents.”
Though Dowling's team found “weaknesses in the protocol, such as a lack of user control over things like group membership...we are not aware of any concrete evidence that WhatsApp has broken their promise of end-to-end encryption,” he added.
Kenny Paterson, a researcher at ETH Zurich called the “vast majority” of the lawsuit “general dung-throwing in Meta’s direction,” saying the case was “built on a very thin evidence base.”
It’s important to note that though E2EE protects the messages themselves, it does not hide their metadata, which can reveal what time a message was sent and to whom. WhatsApp metadata has used in investigations that led to people being sentenced for sharing classified US government information—including former Treasury Department official Natalie Edwards, who messaged a BuzzFeed reporter 70 times before an investigation was published.