The case, led by a special agent in the Commerce Department's Bureau of Industry and Security, focused on claims that some Meta employees and contractors could access...
A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
Yeah, there are lots of ways for this to be true but misleading:
The communications are not encrypted if they have the keys.
The encrypted communications are not the people’s. By the TOS everything is the property of WhatsApp and they can access their own ‘Business Records’ perfectly legally.
A third party, like a federal agency, isn’t WhatsApp. (WhatsApp can also voluntarily give their ‘Business Records’ to said agencies without warrant or subpoena.)
Meta isn’t WhatsApp.
An internal project with an undisclosed codename isn’t WhatsApp.
My favorite option is that they don’t access the encrypted communications, they access messages before encryption takes place and send copies home for safe keeping. With a closed source client they can do anything they want to the plaintext even if they handle the ciphertext appropriately.
Yeah, that or either of the ends is compromised by one of the various commercial spyware which offers zero-click installation of their software or the person you’re talking to is intentionally recording the messages.
End-to-End encryption only protects you from someone eavesdropping on the communication on the line. It doesn’t secure the endpoints or make the participants trustworthy.
Yeah, there are lots of ways for this to be true but misleading:
The communications are not encrypted if they have the keys.
The encrypted communications are not the people’s. By the TOS everything is the property of WhatsApp and they can access their own ‘Business Records’ perfectly legally.
A third party, like a federal agency, isn’t WhatsApp. (WhatsApp can also voluntarily give their ‘Business Records’ to said agencies without warrant or subpoena.)
Meta isn’t WhatsApp.
An internal project with an undisclosed codename isn’t WhatsApp.
Nitpicking; even if they have the keys, the messages can be encrypted. It’s just worthless as they can now decrypt them.
My favorite option is that they don’t access the encrypted communications, they access messages before encryption takes place and send copies home for safe keeping. With a closed source client they can do anything they want to the plaintext even if they handle the ciphertext appropriately.
Yeah, that or either of the ends is compromised by one of the various commercial spyware which offers zero-click installation of their software or the person you’re talking to is intentionally recording the messages.
End-to-End encryption only protects you from someone eavesdropping on the communication on the line. It doesn’t secure the endpoints or make the participants trustworthy.