Meta’s Board Chair, Mark Zuckerberg, has acknowledged that US authorities, including the CIA, can read WhatsApp messages by remotely logging into a user’s device and bypassing the end-to-end encryption of the platform.
During a conversation on the Joe Rogan podcast, Zuckerberg explained that while the encryption on WhatsApp prevents Meta from seeing the content of users, it does not protect against physical access to a user’s phone. He made this comment in the context of a question from Rogan about Tucker Carlson’s efforts to secure an interview with Russian President Vladimir Putin. In February, Carlson accused the US authorities, particularly the NSA and CIA, of interfering with his attempts to conduct the interview, claiming that they had spied on him by reading his messages and emails and then feeding his plans to the media, which then deterred Moscow from agreeing to the interview. Rogan asked Zuckerberg to explain how this could have happened if the encryption was supposed to protect the messages.
“The thing is that the encryption is really good at keeping the company that provides the service from seeing it. So, if you’re using WhatsApp, there’s no place where the Meta servers can see the content of the message” Zuckerberg said, noting that even if someone were to hack into Meta’s data, they could not access the private texts of users. He added that the same rules apply to the Signal news service, which Carlson used, as it employs the same encryption. However, this encryption does not prevent law enforcement from accessing messages stored on a device.
“You have simply access to the phone, so it doesn’t matter if something is encrypted, they can still see it” he explained. Zuckerberg mentioned tools like Pegasus, a spyware developed by the Israeli firm NSO Group, which can be installed on a phone to access data without the user’s knowledge.
According to Zuckerberg, the fact that private messages of users can be threatened by a direct intrusion into their devices is the reason why Meta developed disappearing messages, which delete the exchanged messages after a certain time. “If someone has compromised your phone and can see everything that’s going on, then they can see everything that’s coming in . so, I think, encrypting and making things disappear is a pretty good standard for security and privacy” he stated.
These comments from Zuckerberg come in the midst of an ongoing debate over digital privacy and government surveillance. While end-to-end encryption is praised for protecting user data, services like the CIA and FBI have argued that it can hinder the fight against crime and terrorism. A 2021 FBI training document suggested that US law enforcement agencies can have a limited access to encrypted messages from services like iMessage, Line, and WhatsApp, but not from platforms like Signal, Telegram, Threema, Viber, WeChat, or Wickr. Even if encrypted messages are inaccessible during transmission, reports indicate that backups stored in cloud services can be accessible to law enforcement if a key is provided, even if the messages themselves are encrypted.