What the Texas Lawsuit Accuses Meta of Doing
Texas Attorney General Ken Paxton has filed a lawsuit against Meta and its messaging service WhatsApp, alleging that the company “misled consumers regarding the strength and scope” of its privacy protections. The complaint argues that Meta’s public statements about being unable to read WhatsApp messages are “blatantly inaccurate,” citing “investigations and insider accounts” that supposedly show employees and contractors could access message content after it was sent. Paxton says he is suing under the state’s Deceptive Trade Practices-Consumer Protection Act, which targets false or misleading business practices, to stop WhatsApp from unlawfully accessing private conversations and data. The suit builds on earlier class-action litigation that labeled WhatsApp’s end-to-end encryption a “sham.” Together, these cases seek to test whether Meta’s marketing around encryption and privacy has crossed the line from optimistic branding into allegedly deceptive conduct.
Meta’s Defense and What Cryptography Experts Say
Meta has strongly rejected the accusations, calling the claims “false and absurd” and suggesting that the so-called whistleblowers behind a related complaint are “confused, deeply misinformed, or acting in bad faith.” The company maintains that WhatsApp provides genuine end-to-end encryption (E2EE), meaning only the sender and recipient can read message contents. Cryptography researchers largely back that core claim. Benjamin Dowling of King’s College London, who co-authored a study of WhatsApp’s protocol, says all available evidence supports that the app does offer E2EE for message content. His team did find weaknesses, including limited user control over aspects like group membership, but no proof that WhatsApp has broken its encryption promise. Kenny Paterson of ETH Zurich has gone even further, describing most of the lawsuit as “general dung-throwing” and arguing that it rests on a “very thin evidence base.”
Encryption, Metadata, and How Messaging App Privacy Really Works
A key nuance in the WhatsApp privacy lawsuit is the difference between encrypted message content and unencrypted metadata. End-to-end encryption generally protects what you write or send, but not necessarily information about the communication itself—such as who you messaged, when, and how often. That metadata can still be highly revealing and has already been used in real-world investigations. In one notable case, metadata from WhatsApp communications helped authorities track leaks of classified US government information, including messages sent by a former Treasury Department official to a journalist before an investigation was published. This illustrates a broader truth about messaging app privacy: even when the encryption is robust, the surrounding data trail can remain accessible to platforms and, with proper legal process, to law enforcement. Users often conflate these layers, assuming “encrypted” means fully invisible, which is rarely the case.
Legal Stakes and What It Means for User Privacy Expectations
By invoking consumer protection laws, the Texas attorney general is not just questioning Meta’s technology, but its marketing narrative. The outcome could influence how companies are allowed to describe “end-to-end encryption,” “private messaging,” and “message access” in ads, app store listings, and help pages. If courts decide that Meta overstated its limits on user data access, other platforms may be forced to rewrite privacy promises to spell out what is and is not protected—especially around metadata and insider access. Even if the lawsuit fails, it amplifies regulatory scrutiny of Meta’s broader privacy practices and encourages users to read claims about messaging app privacy more critically. For ordinary users, the practical takeaway is to treat encryption as one layer of security, not a magic shield, and to assume that some information about your conversations can still be logged, analyzed, or shared under certain legal or corporate policies.