WhatsApp chief Will Cathcart has strongly refuted allegations that Meta can secretly access users' private messages, labeling these claims as "totally false." In a pointed response, Cathcart took direct aim at Elon Musk and a lawsuit filed by attorneys who previously represented the controversial spyware company NSO Group.
Musk's Security Claims and Legal Action
Cathcart's rebuttal came shortly after Elon Musk posted on X, asserting that "WhatsApp is not secure. Even Signal is questionable. Use X Chat." This statement coincided with a lawsuit filed on Friday in a federal court in San Francisco. The legal action involves users from multiple countries, including Australia, Brazil, India, Mexico, and South Africa, highlighting the global scope of the concerns.
Encryption and Key Security
In his post on X, Cathcart emphasized the technical safeguards in place, stating, "WhatsApp can't read messages because the encryption keys are stored on your phone and we don't have access to them." He dismissed the lawsuit as a "no-merit, headline-seeking" effort brought by the same legal firm that defended NSO Group after its spyware was used to target journalists and government officials.
Lawsuit Allegations and Lack of Evidence
The complaint makes dramatic assertions that Meta employees can request access to any user's messages through an internal system, effectively bypassing the end-to-end encryption that WhatsApp has promoted as a core privacy feature for nearly a decade. According to the 51-page filing, workers allegedly need only submit a "task" to a Meta engineer, who then grants access to a widget that retrieves messages "almost in real-time" based on a user's ID number.
The plaintiffs claim this access is "unlimited in temporal scope," potentially extending back to when users first activated their accounts. However, the lawsuit notably lacks technical evidence to substantiate these claims. It references "courageous whistleblowers" without providing their identities or explaining how they obtained this sensitive information, raising questions about the credibility of the allegations.
Meta's Response and Threats of Sanctions
Meta spokesperson Andy Stone categorically denied the allegations, calling them "categorically false and absurd." Stone affirmed that WhatsApp has utilized end-to-end encryption via the Signal protocol for a decade and described the lawsuit as a "frivolous work of fiction." He further indicated that Meta intends to pursue sanctions against the plaintiffs' legal team, signaling a robust defense against what the company views as baseless accusations.
Industry Reactions and Broader Context
Telegram CEO Pavel Durov added to the controversy by tweeting, "You'd have to be braindead to believe WhatsApp is secure in 2026. When we analyzed how WhatsApp implemented its 'encryption,' we found multiple attack vectors." This criticism from a competitor underscores the ongoing debates over digital security and privacy in the messaging app landscape.
The current lawsuit emerges months after a separate legal action filed by WhatsApp's former security head, Attaullah Baig, who alleged retaliation for attempting to address "systemic cybersecurity failures" at the company. Lawyers from Quinn Emanuel Urquhart & Sullivan and Keller Postman, who are behind the new suit, are seeking class-action status and damages on behalf of WhatsApp's billions of users worldwide, amplifying the potential impact of this case.
As the legal and public relations battle unfolds, the core issues of encryption integrity, corporate accountability, and user trust remain at the forefront, with significant implications for privacy standards in the tech industry.
