Facebook Refutes Alarming Report That It's Reading Your Encrypted WhatsApp Messages

WhatsApp Mark Zuckerberg
Wondering if Mark Zuckerberg and the gang at Facebook are reading your encrypted WhatsApp messages? The social networking site insists it does not, as end-to-end encryption is what keeps everything private. Nevertheless, if you send a message through WhatsApp, it could still end up being read by a Facebook moderator. How so?

End-to-end encryption basically means your data (messages, in this instance) gets scrambled in a way that appears as though it just a random mess of characters. There is a logical order, but unlocking the mystery requires a key, which only the sender and receiver possess. It's virtually unreadable to digital snoops, and that is the main appeal of WhatsApp.

Earlier today, ProPublica published an article purporting to expose "how Facebook undermines privacy protections for its 2 billion WhatsApp users." According to the report, WhatsApp, which is owned by Facebook, maintains an "extensive monitoring operation and regular shares personal information with prosecutors."

Simply put, "the assurances [of privacy] are not true," the report states, pointing to the fact that WhatsApp employs more than 1,000 contract workers in Texas, Dublin, and Singapore who collectively examine millions of private messages that have been reported by users, by way special Facebook software to accomplish the task.

"These contractors pass judgment on whatever flashes on their screen—claims of everything from fraud or spam to child porn and potential terrorist plotting—typically in less than a minute," the report states.

The full report on WhatsApp is somewhat lengthy and seemingly scalding, but from Facebook's vantage point, it appears based on a misunderstanding. This brings us back to the "How so?" question I posed earlier, and the answer is, Facebook's contractors only read WhatsApp messages that get reported to them for various reasons; it doesn't break encryption.

When a user reports a text, image, or video they received, it has already been decrypted. This is akin to forwarding a message, and in this instance, Facebook becomes the intended recipient and therefore holds the decryption key.

Facebook confirmed to 9To5Mac that this is the case, as opposed to the company snooping on messages being sent and received by WhatsApp users. It told the site that when a message is reported, it is basically auto-forwarded to Facebook, so that it can look into the matter. Furthermore, reported messages are sent with end-to-end encryption in place as well, between the recipient who flagged the message, and Facebook.

"We build WhatsApp in a manner that limits the data we collect while providing us tools to prevent spam, investigate threats, and ban those engaged in abuse, including based on user reports we receive. This work takes extraordinary effort from security experts and a valued trust and safety team that works tirelessly to help provide the world with private communication," Facebook said in a statement.

One thing the company did clarify, however, is that when reporting a message, it's not just one message that gets sent. The four preceding messages with the same chat are also forwarded, for context. WhatsApp discloses that "recent interactions" get included when sending a report, but it doesn't specifically state to what extent. Now we know.

So there you have it—Facebook says it doesn't break encryption to read your WhatsApp messages, but it can see certain exchanges if a user reports a message for whatever reason.

Thoughts on all this? Share them with us in the comments section below!