Conflicting Messages on Messages: Tx AG Sues Meta About WhatsApp Encryption Claims
Are your messages or documents secure? Are they encrypted? Can third parties, including the government with a warrant, read them?
The answer is not as clear as you might think. The only thing worse than bad security (or encryption) is bad or incomplete security masquerading as good or complete security. Recently, Texas Attorney General Ken Paxton’s filed a consumer protection lawsuit against Meta Platforms, Inc. and WhatsApp LLC. asserting that WhatsApp falsely promised users that their communications were private, end-to-end encrypted, and inaccessible even to WhatsApp or Meta, while Meta allegedly retained access to user communications. State of Texas v. Meta Platforms, Inc. & WhatsApp LLC, Plaintiff’s Original Petition 1–4, No. 26-0393, 71st Jud. Dist. Ct., Harrison Cnty., Tex. filed May 21, 2026.
The petition reproduces WhatsApp’s in-product notice that “messages and calls are end-to-end encrypted” and that only people in the chat can read, listen to, or share them; it also quotes WhatsApp’s public privacy statement that personal messages, photos, calls, and other content stay between the user and chosen recipients, “meaning not even WhatsApp can see them.” Id. at 2, 8–12. Reuters reports that Meta denies the Texas allegations and says WhatsApp cannot access users’ encrypted communications.
Many tech companies make promises about encryption and security – but what exactly those promises are is often hard to say. It’s hard to say what an ordinary user thinks when a company says that data is “secure,” “private,” “encrypted,” “end-to-end encrypted,” “zero knowledge,” or “not even we can read it.”
Those are not the same representation. Encryption in transit usually means data is protected while it moves between the user and the service (Encryption in transit). Encryption at rest usually means data is protected while stored on servers or disks. Since data is always either in transit or at rest, it would be logical to think that an entity that promises that data will be encrypted both in transit and at rest means that the data is “encrypted” all the time. Well, data that is always encrypted is not useful – at some time it has to be able to be decrypted. Additionally, saying that data is encrypted does not tell the user who holds the keys, how those keys are used or shared, and who has access to the keys. An ordinary user, told that their data is encrypted at all times, would assume that this means that only they can view it. Not so fast, kemosabe.
Provider-managed encryption means the provider may still hold or control the keys. Client-side encryption means the data is encrypted before it reaches the provider, but key custody still matters. End-to-end encryption means only the endpoints should be able to decrypt the content. Zero-knowledge or zero-access encryption means the provider should not possess the secret necessary to read the user’s content. From a consumer protection standpoint, it’s not clear that most users would know the difference between these representations.
To a cryptographer, those distinctions are elementary. To an ordinary user, they are usually invisible. When a messaging app says “your messages are encrypted,” many users hear something much stronger: “nobody else can read them.” When the app adds “not even we can read them,” the consumer’s understanding becomes stronger still. The user reasonably thinks the company cannot read the content, cannot hand the content to advertisers, cannot allow employees or contractors to browse it, cannot use it for AI training, cannot produce it in plaintext to the government, and cannot lose it in readable form in a breach.
That is why the Texas Deceptive Trade Practices—Consumer Protection Act matters. The DTPA prohibits false, misleading, or deceptive acts or practices in trade or commerce, including representations that services have characteristics, benefits, or qualities they do not have, and failures to disclose material information intended to induce consumers into a transaction. Tex. Bus. & Com. Code Ann. § 17.46(a), (b)(5), (b)(24). The legal question is not merely whether WhatsApp uses encryption. The question is whether the net impression of its representations would cause reasonable consumers to believe their message content was inaccessible to Meta, WhatsApp, employees, contractors, third parties, or the government, when that allegedly was not true.
The FTC has already treated misleading encryption claims as actionable. In the 2020 Zoom enforcement matter, the FTC alleged that Zoom misrepresented that it provided “end-to-end, 256-bit encryption,” when the company allegedly maintained cryptographic keys and provided a materially different level of protection than users were led to believe. In re Zoom Video Communications, Inc., FTC File No. 192-3167. The principle is direct: some encryption is not the same as the encryption the consumer was promised.
WhatsApp’s Promise
WhatsApp’s consumer-facing promise is one of the strongest in the market. WhatsApp markets itself as “simple, secure, reliable” and “private,” and says users can “message privately.” Its App Store description says WhatsApp is “super simple, reliable and private,” and that “your privacy is our priority.” The Texas petition alleges that WhatsApp went further, telling users that with end-to-end encryption, their personal messages, photos, calls, and other content “stay between you and the people you choose,” meaning not even WhatsApp can see them.” An ordinary user would likely understand that to mean that WhatsApp cannot read message content. Not “usually does not read it.” Not “has policies against reading it.” Not “has controls around employee access.” Cannot. The phrase “not even WhatsApp” conveys a technical incapacity, not merely a privacy preference.
If Meta or WhatsApp can access ordinary message content in plaintext without user action, that would be a strong candidate for a deceptive-practice claim. If the access is limited to user-reported messages, business-message workflows, cloud backups, linked devices, or other exceptions that are clearly disclosed and contextually obvious, the claim becomes narrower. The legal question would then be whether those exceptions were sufficiently disclosed to avoid misleading the ordinary user.
Signal’s Promise
Signal uses even more categorical language. Signal says its “state-of-the-art end-to-end encryption” keeps conversations secure; that Signal “can’t read your messages or listen to your calls”; that “no one else can either”; and that privacy “isn’t an optional mode” but “the way Signal works,” “every message, every call, every time.” Signal’s privacy policy similarly states that Signal “cannot decrypt or otherwise access the content of your messages or calls,” that queued messages are end-to-end encrypted while awaiting delivery, and that message history is stored on the user’s devices. An ordinary user would understand Signal’s promise to mean that Signal cannot read message content and therefore cannot produce plaintext message content to law enforcement from its own servers. The government may still obtain messages from a user’s unlocked device, from a recipient’s device, from screenshots, from endpoint compromise, or from backups if such backups exist outside Signal’s protected architecture. But the user-facing promise is clear: Signal itself says it does not have the message content.
Apple iMessage and iCloud
Apple’s messaging promises are more layered. Apple says iMessage and FaceTime conversations are encrypted end-to-end, “so they can’t be read while they’re sent between devices.” But Apple’s iCloud security architecture distinguishes live message transport from cloud storage and backup. Apple states that Advanced Data Protection expands end-to-end encryption to more iCloud categories, including device backup, Messages backup, iCloud Drive, Notes, and Photos. Apple also warns that, with Advanced Data Protection turned on, Apple does not have the encryption keys needed to help recover that end-to-end encrypted data.
An ordinary user may hear “iMessage is end-to-end encrypted” and assume that neither Apple nor the government can get message content from Apple. That may be true as to messages in transit between Apple devices, but it becomes more complicated when messages are synchronized, backed up, or stored in iCloud without Advanced Data Protection. Apple’s disclosures are more careful than many marketing claims because Apple separates end-to-end encrypted communications from cloud-data categories. But the ordinary consumer may not understand that the confidentiality of iMessage content can depend on iCloud settings, backup configuration, and whether Advanced Data Protection is enabled.
That does not make Apple’s representation inherently false. It does mean that a blanket public understanding of “Apple can never access my messages” is overbroad. The legally safer statement is: iMessage and FaceTime are end-to-end encrypted in transit between Apple devices, but cloud backup and recovery architecture can affect whether stored copies or associated keys are accessible. In fact, in 2024, Apple provided the government with “content” information (not metadata) on 5,915 accounts, including “stored photos, email, iOS device backups, contacts, or calendars,” something it could not do if that data were truly encrypted.
Google Messages
Google Messages says that RCS chats between Google Messages users are automatically upgraded to end-to-end encryption, and that with end-to-end encryption, “no one can read the content sent between you and the other person.” Google separately explains that no one, including Google and third parties, can read “eligible messages” as they travel between the sender’s and recipient’s phones. The word “eligible” does a lot of work. Google’s promise is strong when all conditions are met: Google Messages, RCS, supported participants, and the relevant encryption state. But users do not necessarily think in protocol states. They think in conversations. If a user sends one message that is end-to-end encrypted and another that silently falls back to SMS, MMS, or a non-encrypted cross-platform path, the user may still believe “Google Messages is encrypted.” For the latest Google U.S. reporting period — January 2025–June 2025, Google reports 24,259 search warrant requests, covering 37,078 accounts, with data produced in 89% of warrant requests – that would be content data, not just metadata. So clearly, Google has access to, and the ability to read, review, and produce to the government a lot of data that people might assume is “encrypted.”
Meta Messenger
Meta says Messenger now uses default end-to-end encryption for personal messages and calls. In announcing the rollout, Meta stated that content is protected from the moment it leaves the sender’s device until it reaches the receiver’s device, and that “nobody, including Meta, can see what’s sent or said,” unless the user chooses to report a message. Meta’s help materials similarly state that end-to-end encryption ensures only the communicating people can see or listen to what is sent in messages and calls. An ordinary user would understand that to mean Meta cannot read ordinary Messenger message content. The express exception for reported messages helps because it tells users that user-initiated reporting changes the confidentiality model. But the legal risk remains in the details: Does the representation apply to all Messenger conversations, only personal messages, only after migration to default encryption, only certain devices, only certain storage states, and not business chats or other integrated services? If the answer is qualified, the qualification must be as clear as the promise.
Microsoft Teams
Microsoft Teams illustrates the enterprise version of the problem. Microsoft says Teams can use end-to-end encryption for certain meetings, but its own support page states that only audio, video, and video-based screen sharing are end-to-end encrypted. Apps, avatars, reactions, chat, filters, and Q&A are not end-to-end encrypted. Microsoft also explains that Teams always secures meetings in transit and at rest, and that end-to-end encryption is an additional layer that may require forgoing functionality such as transcription. Again, most users would not understand the distinction between saying that data is “end to end” encrypted and is “encrypted in transit and at rest.”
Google Drive and Google Workspace
Google Drive and Google Workspace use a different vocabulary. Google says Drive, Docs, Sheets, and Slides are normally encrypted in transit and at rest, while Workspace client-side encryption adds an extra layer of protection and gives customers control of external encryption keys, making data indecipherable to Google.
An ordinary user who hears “Google Drive is encrypted” may believe that Google cannot read their files. That is not necessarily what “encrypted in transit and at rest” means. It may mean that Google protects files against network interception and infrastructure compromise while still retaining the operational ability to process, index, scan, preview, share, or produce content according to its systems and legal obligations. Google’s separate client-side encryption product is the clue: if ordinary Drive encryption already meant Google could not read the content, client-side encryption would not be a distinct confidentiality feature.
Microsoft OneDrive and Microsoft 365
Microsoft makes similar cloud-storage claims. Microsoft says OneDrive protects data in transit using TLS and discusses encryption at rest as part of Microsoft 365’s layered security architecture. Microsoft also states more broadly that Microsoft 365 content is encrypted at rest and in transit using strong encryption protocols and technologies. Again, that is a real security promise, but it is not necessarily a zero-access promise. An ordinary user may not distinguish between “Microsoft encrypts my files” and “Microsoft cannot read my files.” Those are different. Provider-managed cloud encryption protects against some threats but commonly coexists with search, malware scanning, compliance, e-discovery, recovery, collaboration, and administrative access.
Dropbox
Dropbox says files at rest are encrypted using 256-bit AES and that teams also have the option to create zero-knowledge, end-to-end encrypted folders. Dropbox separately explains that encryption at rest means data is encrypted while on a server, often with decryption keys centrally managed or located within the service environment. This is a useful example because Dropbox expressly distinguishes ordinary encryption from zero-knowledge, end-to-end encrypted folders. An ordinary user who sees only “Dropbox files are encrypted with 256-bit AES” might think Dropbox cannot access the files. Dropbox’s own materials show why that is not necessarily the right inference. Encryption at rest is not the same as provider-inaccessible encryption.
This issue has a history. A 2011 FTC complaint alleged that Dropbox misled users by implying files were inaccessible even to Dropbox employees, while Dropbox allegedly retained the ability to decrypt user files. Dropbox denied the allegations, but the controversy demonstrates the central problem: consumers equate “encrypted” with “unreadable by the provider,” while many cloud services use provider-managed encryption that does not carry that implication.
Proton Drive
Proton Drive makes a stronger version of the cloud-storage promise. Proton says its end-to-end encryption means that only the user and chosen recipients can decrypt and read files. Proton also explains that end-to-end encryption keeps information private so only the communicating parties can see it. An ordinary user would understand Proton’s statement to mean that Proton cannot read the file content. That is the same kind of categorical promise at issue with Signal and WhatsApp. If true, it is a significant privacy differentiator. If false, it would be materially misleading because the central value proposition is provider-inaccessibility.
Telecom Texting, SMS, and RCS
Traditional carrier text messaging is the least intuitive for consumers. Users often think “texts” are private because they feel like direct phone-to-phone communications. But SMS and many cross-platform messaging configurations are not end-to-end encrypted. After the Salt Typhoon telecom compromises, CISA advised high-value individuals to use only end-to-end encrypted communications and to adopt messaging applications that guarantee end-to-end encryption. Reuters reported that U.S. cyber officials advised senior officials and politicians to avoid ordinary calls and texts and use end-to-end encrypted communications instead. An ordinary user who asks whether “text messages are secure” will get an answer that depends on whether the message is SMS, MMS, RCS, iMessage, Google Messages RCS, cross-platform RCS, carrier-routed messaging, or an app-based encrypted message. That is the point. The user sees one conversation bubble. The security model may change message by message.
The Government-With-a-Warrant Question
The question “can the government read it with a warrant?” has no single answer.
If the provider has plaintext or the practical ability to decrypt, the government may be able to compel production of content through an appropriate legal process. If the provider truly lacks the keys, the government may still obtain content from the user’s device, the recipient’s device, an unlocked phone, a forensic extraction, a cloud backup, screenshots, a cooperating participant, malware, endpoint compromise, or a backup provider. End-to-end encryption protects content in transit and against provider-side access. It does not make endpoints invulnerable, prevent recipients from disclosing messages, or stop law enforcement from searching a device under a valid warrant.
That distinction is essential. “Not available from the provider” is not the same as “not available to the government.” A warrant for Meta may be useless for Signal message content if Signal lacks it. A warrant for the phone may be very useful if the messages are present on the unlocked device. A warrant for iCloud may be useful depending on backup settings and Advanced Data Protection. A warrant for Google or Microsoft cloud storage may be useful if the provider can access plaintext. A warrant for Proton may be less useful for file content if Proton truly lacks the decryption keys, though metadata, account information, recovery data, payment information, IP logs, or shared-link records may still exist, depending on the service and retention practices.
The Deception Analysis
Whether any of these statements is false or deceptive depends on the total net impression, not merely on whether one technical sentence is accurate. The relevant question is what an ordinary, reasonable user would take away.
If a company says “encrypted in transit and at rest,” and clearly explains that the provider may still process, access, recover, scan, or produce content, the statement is probably not deceptive. If the company says “end-to-end encrypted,” an ordinary user will likely understand that the provider cannot read the content. If the company says “not even we can read it,” the company has made a very strong representation of technical inability. If the company says “zero knowledge,” the company is representing that it does not possess the secret necessary to access the protected data. If the company says merely “secure,” the analysis depends on context, but the word may still mislead if paired with lock icons, privacy slogans, or “only you” language that implies provider inaccessibility.
The most dangerous marketing move is to use a strong privacy phrase in the headline and reserve the exceptions for a support page. “Your messages are private” cannot be materially contradicted by “except when backed up, reported, synced, routed to businesses, processed for AI, reviewed for safety, stored in support tickets, or retained in logs” unless the consumer sees and understands those limitations before relying on the claim.
The compliance rule is simple. Do not ask whether the data is encrypted. Ask encrypted from whom. Encrypted from network attackers? Encrypted from thieves who steal a disk? Encrypted from the cloud provider? Encrypted from employees? Encrypted from contractors? Encrypted from enterprise administrators? Encrypted from the government, serving the provider with a warrant? Encrypted from the recipient? Encrypted from malware on the user’s own device?
The ordinary user does not care whether the lock is elegant. The ordinary user wants to know who has the key.
