A BIS special agent claimed in early 2026 that Meta’s WhatsApp encryption is fake and that the company can access and store all user messages in an unencrypted form, a claim that prompted an internal probe nicknamed “Operation Sourced Encryption.” After roughly 10 months of document collection and interviews, the agent circulated a January 16 email to officials across federal agencies outlining preliminary conclusions, according to TechSpot and records reviewed by Bloomberg corroborated by recipients.
The email described a tiered permissions system in place since at least 2019, granting access not only to Meta employees but also to contractors and a significant number of foreign/overseas workers in India, and suggested potential civil and criminal violations spanning multiple jurisdictions.
The BIS subsequently shut down the inquiry, with a spokesperson stressing that the agency was not investigating WhatsApp or Meta for export-law violations, while Meta denied the claims as patently false, insisting only chat participants can read messages. Some observers, including former Meta security chief Alex Stamos, argued the claims are almost certainly false, noting that a backdoor would be difficult to conceal in widely inspected app code.