Vesper
ENESFRTR
Charts
Articles:SportsHealthHistoryTech
Markets
EUR/USD1.1630 0.30%GBP/USD1.3462 0.33%USD/JPY158.99 0.10%USD/CHF0.7836 0.36%AUD/USD0.7151 0.43%USD/CAD1.3805 0.03%USD/CNY6.8016 0.09%USD/INR95.82 0.13%USD/BRL5.0141 0.05%USD/ZAR16.40 0.47%USD/TRY45.68 0.07%Gold$4,566.10BTC$77,495 0.87%ETH$2,119 0.07%SOL$85.98 0.67%
Tech

Texas Attorney General sues Meta over claims about WhatsApp end-to-end encryption

Ars Technica1 d ago
ShareXWhatsAppTelegramLinkedIn
Exterior view of the Texas State Capitol building in Austin in daylight.
Photo: Ruben Reyes / Pexels

Texas Attorney General Ken Paxton has filed a lawsuit against Meta arguing that the company's advertising of WhatsApp's 'end-to-end encryption' is misleading to consumers. The case, reported by Ars Technica, invokes the Texas Consumer Protection Act.

The complaint alleges that Meta markets WhatsApp as 'fully private' and tells users 'we cannot read your messages', but in reality message metadata (who, to whom, when, how frequently) is stored on Meta servers. The complaint argues that this is inconsistent with the 'end-to-end encryption' claim.

According to the Texas Attorney General's office, Meta's metadata collection allows communication patterns to be identified even though message content is encrypted. The complaint includes the allegation that Meta uses this metadata for advertising-targeting purposes via connections to the Facebook and Instagram data ecosystems.

Meta spokesperson Carl Woog, in a response to Ars Technica, said: 'WhatsApp's end-to-end encryption is among the strongest security standards in the industry; message content can only be read by the sender and recipient. The wording of Meta's claims is fully consistent with the industry standard for end-to-end encryption.'

Cryptography security expert and Johns Hopkins University professor Matthew Green described the case as 'an important test case for how the difference between metadata and content encryption is framed legally'. Green said: 'WhatsApp does provide genuine content encryption; but the who-to-whom messaging pattern remains traceable data.'

The lawsuit is part of the increased judicial activism the state of Texas has displayed against large US technology companies in recent years. Paxton previously reached a $1.4 billion settlement with Google over data-collection practices, and a separate $1.4 billion settlement with Meta over Facebook's face-recognition practices.

Electronic Frontier Foundation (EFF) spokesperson Eva Galperin commented: 'End-to-end encryption claims are critically important for user security. Companies' communication of such claims accurately needs to be subject to judicial oversight.'

WhatsApp has more than 2.5 billion active users globally. The application's end-to-end encryption was launched in 2016 using the Signal Protocol. Message content is encrypted between user devices with symmetric keys, but communication patterns classified as metadata are stored on servers.

Google and Apple's iMessage use similar architectures. Apple in December 2022 launched the 'Advanced Data Protection' feature for iMessage, making end-to-end encryption optional for iCloud backups as well. The Signal application is known for an architecture that commits to minimising metadata collection.

The outcome of the case could set a precedent for marketing language around end-to-end encryption in the United States. Whether the Federal Trade Commission (FTC) will open a parallel review remains unclear. FTC spokesperson Douglas Farrar responded to Ars Technica's request for comment that 'we do not comment on ongoing reviews.' This article is general information; for personal data protection and application selection, independent information sources and advice are recommended.

This article is an AI-curated summary based on Ars Technica. The illustration is a stock photo by Ruben Reyes from Pexels.