WhatsApp is in the news for all the wrong reasons, yet again. Two California residents, Brian Y. Shirazi and Nida Samson, filed a new proposed class action in a US federal court on April 7, 2026, alleging that Meta Platforms and its messaging subsidiary WhatsApp secretly allowed employees, and hundreds of contractors working through Accenture PLC, to intercept, read and store user messages — the very communications the company has long insisted “not even WhatsApp” can see.
The lawsuit, Shirazi et al. v. Meta Platforms Inc. et al., seeks to represent every US-based WhatsApp user who sent or received messages on the platform since April 5, 2016, along with California and Pennsylvania subclasses. It piles on to an earlier January 2026 international class action that made broadly similar claims, intensifying a legal and reputational crisis for one of the world’s most widely-used communication tools. This is the 2nd such lawsuit in the past few weeks.
“Whistleblowers have informed federal investigators that Meta employees and third-party contractors had broad access to the substance of WhatsApp messages that were supposed to be encrypted and inaccessible.” — Shirazi complaint
In fact, My Data Zero has always pointed out this lacuna in the data collection and storage system of tech and other companies around the world. Who monitors company staff where data matters are concerned? There have been numerous cases where employees privy to user data have leaked the information. How do people know what happens to their data once submitted to a bank, a stockbroker, or a lawyer? In that vein, we have published posts too. Here’s one of them:
The Backdoor Allegation
At the heart of both lawsuits is a claim that WhatsApp’s celebrated end-to-end encryption — built on the open-source Signal Protocol — contains a “backdoor” that allows internal staff to circumvent it. According to detailed allegations in the earlier January filing, a Meta engineer can allegedly submit an internal “task” request to view any user’s messages by supplying a user ID. Access is reportedly granted with minimal scrutiny, and a window or widget on the worker’s workstation can then retrieve the target’s full chat history.
The complaint further alleges that Meta enlisted hundreds of Accenture content reviewers — based in the US and globally — beginning around 2021 or 2022, ostensibly to moderate content flagged for fraud or policy violations. However, the suit claims those reviewers had broad access to message substance far beyond any limited moderation function.
A US Department of Commerce investigation, first reported by Bloomberg in January 2026, confirmed that special agents with the Bureau of Industry and Security had examined the whistleblower accounts, adding a law enforcement dimension to what had previously been a civil matter. A 2024 whistleblower complaint to the U.S. Securities and Exchange Commission was also reportedly filed around the same allegations, though the SEC has declined to comment on its status.
Meta’s Denial. And Why Experts Are Divided
Meta has pushed back forcefully. The company has called the lawsuits “categorically false and absurd,” affirming that WhatsApp has used the Signal Protocol for over a decade and that encryption keys never leave users’ devices. Meta spokesperson Andy Stone described the lawsuits in the media as “frivolous works of fiction” and threatened to seek sanctions against plaintiffs’ counsel.
The lawsuit stresses that Meta keeps WhatsApp’s source code proprietary, making it impossible for outside parties to reverse-engineer and confirm that no backdoor exists — “the public simply has to trust Meta.”
Entrepreneurs like Elon Musk have now weighed in, saying that WhatsApp end-to-end encryption claim just cannot be trusted.
Legal charges and What’s At Stake
The plaintiffs have now demanded a jury trial, seeking declaratory and injunctive relief as well as statutory, compensatory, exemplary and punitive damages for the entire class.
This is not Meta’s first brush with privacy enforcement at scale. A record $5 billion FTC fine in 2019 — involving Facebook’s treatment of user data, not WhatsApp — resulted in ongoing oversight and the installation of a chief privacy officer. Any new finding of privacy violations could trigger further FTC intervention under that consent framework.
Why this lawsuit is different from the January one
The earlier international class action (Dawson et al.) excluded US and Canadian users due to WhatsApp’s arbitration clause. The Shirazi filing is specifically designed to address American users, making it a domestic complement to the global case — together they form a pincer around Meta’s legal exposure.
Implications for Users, Regulators, and Industry
User trust: With three billion active users, WhatsApp is the primary messaging platform across South Asia, Latin America, Africa, and much of Europe. If the allegations are substantiated, the scale of potential privacy harm would dwarf most historical data breaches — affecting personal, business, medical, and political communications that users believed were fully protected.
Encryption politics: The cases arrive at a politically charged moment. Governments in the US, UK, EU, India, and Australia have for years pressured Meta to provide “lawful access” to encrypted messages. If Meta has indeed maintained a backdoor, it would lend credibility to long-standing government demands — and simultaneously validate the fears of privacy advocates who warned that such access, once built, is rarely contained to authorized uses.
Contractor risk: The inclusion of Accenture as a named defendant is significant for the broader tech industry. The allegation that content moderation contractors were granted message access raises hard questions about how platform companies manage data access among tens of thousands of outsourced workers — and whether third-party moderators represent an underappreciated privacy surface.
Closed-source trust: Perhaps the most durable takeaway is the argument that proprietary encryption cannot be self-certifying. Both plaintiffs and independent experts have noted that WhatsApp’s refusal to open-source its encryption implementation leaves users unable to verify its promises. This could accelerate enterprise and government migration toward auditable, open-source alternatives such as Signal.
Reference:
https://www.theblaze.com/return/meta-denies-allegations-it-doesn-t-keep-whatsapp-messages-private
Leave a Reply