Texas AG WhatsApp Encryption Suit Thin Evidence

It's built on one report. So when you consider that over 3 billion people rely on WhatsApp's end-to-end encryption, Ken Paxton's office alleges Meta can and does read unencrypted messages, but the strategic signal isn't about a sudden technical revelation. Read alongside the political calendar, this suit raises a sharper question about how encryption debates are being weaponized by state actors who find the technology inconvenient.

The Evidence Behind the Texas AG WhatsApp Encryption Suit

It's just a Bloomberg article. That report detailed how the US Commerce Department's Bureau of Industry and Security abruptly closed an investigation into whether Meta could access encrypted WhatsApp messages. Ars Technica recounted the Jan. 16 email from an agent in that probe. Sent to more than a dozen officials at other agencies, it stated, "There is no limit to the type of WhatsApp message that can be viewed by Meta." But the Thursday lawsuit doesn't indicate the Texas AG's office obtained the email itself, gathered any information from the investigators involved, or conducted its own independent technical assessment. So the complaint simply points to the Bloomberg story as the evidentiary backbone.

What the Bloomberg Report Actually Said

It's inherently shaky ground. The email's dramatic phrasing has understandably captured attention, but the underlying investigation was closed without any public findings, and no subsequent enforcement action has emerged from the federal level. That's a point not lost on the security community that's spent years examining WhatsApp's code. And the Texas AG WhatsApp encryption suit repackages a preliminary and contested internal agency note as the foundation for consumer protection claims in state court.

Zuckerberg’s Sworn Promises and the Signal Protocol

“We do not see any of the content in WhatsApp; it is fully encrypted. Facebook systems do not see the content of messages being transferred over WhatsApp.”

Mark Zuckerberg gave that testimony in 2018. It was delivered before two US Senate committees and it articulates the compact Meta has offered users since at least 2016, with the engine for the encryption being the open source Signal protocol, a widely audited code base that third-party experts have consistently found to live up to its claims. The complaint acknowledges the protocol's role. But it insists Meta's promises are false. So stripping away the marketing, the core tension is clear: an attorney general with an election-year incentive is pitting a sealed government email against a publicly vetted cryptographic architecture.

Cryptographers Push Back on the Suit’s Premise

Benjamin Dowling, a senior lecturer in cryptography at King’s College London and co-author of a detailed 2023 technical analysis of WhatsApp, stated that his team reverse-engineered the WhatsApp cryptographic protocol as available in May 2023. It matched Meta's description. Dowling wrote: "Our reverse-engineering of WhatsApp and all the evidence we are aware of points towards WhatsApp providing users with end-to-end encryption for their message contents." The study identified a design weakness that could allow a Meta employee with infrastructure access to add new members to a group chat without consent, an addition that remains fully visible to all participants. Dowling underlined it's not global stealth.

“The contents of the complaint do not provide any evidence otherwise.”

But there's no concrete evidence. Matthew Green of Johns Hopkins University noted that WhatsApp clients are fully available for reverse engineering, and for such a sweeping vulnerability to exist, 'something very bad would have to be happening inside that app.' Kenny Paterson of ETH Zurich described the lawsuit as 'general dung-throwing in Meta's direction,' adding that the case rests on 'a very thin evidence base: essentially, one news article is referenced to support the actual accusation,' and none of the experts Ars Technica interviewed could point to concrete evidence that WhatsApp's end-to-end encryption has been broken in the way the Texas AG alleges.

The Political Dimension of the Texas AG WhatsApp Encryption Suit

Meta calls the allegations 'baseless.' It vows to fight the lawsuit in court. That's not merely a legal reflex. The company knows that if a state can destabilise its privacy narrative with a news clipping, the reputational damage could ripple far beyond one courtroom. The timing adds another layer. Ken Paxton is heading into the final stretch of a US Senate primary runoff against incumbent John Cornyn. So the Texas AG WhatsApp encryption suit lets him position as a consumer advocate, taking on Big Tech over privacy failures. But whether that political calculation yields electoral dividends depends on voters, and the legal arithmetic is far less certain.

But it's not platform-level interception. The complaint notes Meta employees can receive plaintext WhatsApp messages users report, those messages are decrypted on reporter's device with keys only that party holds, and conflating this with wholesale surveillance misreads client-side reporting. Still, the allegation gives the complaint a superficial plausibility that may resonate in a political context even if it dissolves under technical scrutiny.

What Comes After a Lawsuit Built on One Article

Litigation is the path forward. Meta's pledged to contest the claims. Should the case proceed to discovery, the court might compel the company to disclose information about its encryption implementation, but the threshold question remains whether the complaint meets even a basic pleading standard. Unless the Texas AG’s office produces additional evidence beyond the Bloomberg report, the suit risks being dismissed as a publicity vehicle rather than a substantive enforcement action. So industry observers will watch closely because a ruling that entertains such thin factual support could embolden other state attorneys general to test encryption claims with similarly slender reeds.

Meta's privacy record is poor. But WhatsApp's encryption has withstood years of independent analysis, so the Texas AG suit doesn't offer a new reason to doubt that infrastructure. It's a lesson in how easily an unresolved, closed federal investigation can be reshaped into a courtroom narrative, especially when a statehouse race hangs in the balance. The encryption conversation will continue. But for now the technical consensus is holding: the emperor's clothes are not missing, just being sued for not existing.