CIA can read WhatsApp messages – Zuckerberg

Meta CEO Mark Zuckerberg has acknowledged that US authorities, including the CIA, can access WhatsApp messages by remotely logging into users’ devices, effectively bypassing the platform’s end-to-end encryption.

Speaking on the Joe Rogan Experience podcast on Friday, Zuckerberg explained that while WhatsApp’s encryption prevents Meta from viewing message content, it does not protect against physical access to a user’s phone.

His comments came in the context of a question by Rogan about Tucker Carlson’s quest to set up an interview with Russian President Vladimir Putin. In February last year, while speaking about finally succeeding in talking to Putin after three years of failed attempts, Carlson blamed the US authorities, namely the NSA and the CIA, for stalling his efforts. According to Carlson, the agencies spied on him by tapping his messages and emails, and leaked his intentions to the media, which “spooked” Moscow from talking to him. Rogan asked Zuckerberg to explain how this could have happened given encryption safeguards that are supposed to protect messages.

“The thing that encryption does that’s really good is it makes it so that the company that’s running the service doesn’t see it. So if you’re using WhatsApp, there’s no point at which the Meta servers see the contents of that message,” Zuckerberg said, noting that even if someone were to hack into Meta’s databases, they could not access users’ private texts. The Signal messaging app, which Carlson used, uses the same encryption, according to Zuckerberg, so the same rules apply. However, he noted that encryption does not stop law enforcement from viewing messages stored on devices.

“What they do is have access to your phone. So it doesn’t matter if anything’s encrypted, they could just see it in plain sight,” he clarified. Zuckerberg mentioned tools such as Pegasus, a spyware developed by the Israeli company NSO Group, which can be covertly installed on mobile phones to access data.

According to Zuckerberg, the fact that users’ private messages can be jeopardized by directly breaking into their devices is the reason Meta came up with disappearing messages, where one can have one’s message thread erased after a certain period of time.

“If someone has compromised your phone and they can see everything that’s going on there, then obviously they can see stuff as it comes in… So having it be encrypted and disappearing, I think is a pretty good kind of standard of security and privacy,” he stated.

Zuckerberg’s remarks come amid ongoing debates about digital privacy and government surveillance. While end-to-end encryption is lauded for protecting user data, agencies like the CIA and FBI have argued it can impede efforts to combat crime and terrorism. A 2021 FBI training document indicated that US law enforcement can gain limited access to encrypted messages from services like iMessage, Line, and WhatsApp, but not from platforms such as Signal, Telegram, Threema, Viber, WeChat, or Wickr. Additionally, while encrypted messages cannot be intercepted during transmission, reports indicate that backups stored in cloud services may be accessible to law enforcement if an encryption key is attached.