Meta CEO Mark Zuckerberg has admitted that US authorities, including the CIA, can access WhatsApp messages by remotely logging into users’ devices, effectively bypassing the platform’s end-to-end encryption. He made the statement during an appearance on the Joe Rogan Experience podcast, where he explained the limits of encryption in the face of physical access to a user’s phone.
While discussing encryption, Zuckerberg clarified that WhatsApp’s system ensures that Meta cannot view the content of messages. He stated, “The thing that encryption does that’s really good is it makes it so that the company that’s running the service doesn’t see it. So if you’re using WhatsApp, there’s no point at which the Meta servers see the contents of that message.” This safeguard also means that hacking into Meta’s databases would not grant access to private messages. However, he emphasised that encryption cannot protect against direct access to a user’s device.
Zuckerberg’s remarks came in response to a question about US government surveillance raised by host Joe Rogan. The conversation touched on claims by broadcaster Tucker Carlson, who has accused the NSA and CIA of intercepting his messages and emails in an effort to block his plans to interview Russian President Vladimir Putin. Carlson believes the leaked information discouraged Moscow from engaging with him. Rogan asked Zuckerberg to explain how such surveillance could occur despite encryption safeguards.
Zuckerberg highlighted that physical access to a user’s phone renders encryption ineffective. “What they do is have access to your phone. So it doesn’t matter if anything’s encrypted; they could just see it in plain sight,” he explained. He also referenced tools like Pegasus, spyware developed by the Israeli company NSO Group, which can infiltrate devices to access data.
To mitigate this vulnerability, Meta introduced disappearing messages, allowing users to erase message threads after a set period. “If someone has compromised your phone and they can see everything that’s going on there, then obviously they can see stuff as it comes in. So having it be encrypted and disappearing, I think, is a pretty good kind of standard of security and privacy,” Zuckerberg noted.
His comments come amid ongoing debates about digital privacy and government surveillance. End-to-end encryption has been praised for securing user data, but agencies like the CIA and FBI argue it can hinder efforts to combat crime and terrorism. A 2021 FBI training document revealed that US law enforcement can gain limited access to encrypted messages on platforms like iMessage, Line, and WhatsApp, while services like Signal, Telegram, and Wickr provide more robust protections. Additionally, while encrypted messages are secure during transmission, backups stored in cloud services with attached encryption keys may still be accessible to law enforcement.
Zuckerberg’s acknowledgement underscores the persistent challenges of safeguarding digital privacy in an era of advanced surveillance tools.