Top Official Cites Lack of Transparency and Encryption in Messaging App

The US House of Representatives’ top official has issued a memo banning staff from using WhatsApp on government-issued devices, citing potential security risks associated with the messaging app. According to Reuters, the memo was sent to House staff and was prompted by concerns over WhatsApp’s lack of transparency in protecting user data, absence of stored data encryption, and potential security risks involved with its use.

The ban comes on the heels of a hacking campaign targeting about 90 WhatsApp users, including journalists, which was detected and disrupted by Meta in January. The hack was linked to Paragon Solutions, an Israeli spyware maker that was acquired by American private equity giant AE Industrial Partners in December. Paragon Solutions has been identified as a supplier of spyware to several governments, including those of Australia, Canada, Cyprus, Denmark, Israel, and Singapore.

WhatsApp’s security features have been called into question in recent years, with several high-profile hacking incidents and data breaches. In 2019, WhatsApp was hit by a major hacking campaign that affected over 1,000 users, including several high-profile politicians and activists. The hack was attributed to a group of hackers known as NSO Group, which was also linked to Paragon Solutions.

In 2021, WhatsApp announced that it had detected and disrupted a hacking campaign targeting about 1,000 users, including several journalists and human rights activists. The hack was attributed to a group of hackers known as Pegasus, which was also linked to NSO Group and Paragon Solutions.

Despite these incidents, WhatsApp has maintained that it takes user security seriously and has implemented various measures to prevent hacking and data breaches. However, the company has been criticized for its lack of transparency in protecting user data. WhatsApp has been accused of collecting and storing user data, including phone numbers, IP addresses, and metadata, without users’ consent.

In 2020, WhatsApp was fined $267 million by the Irish Data Protection Commission for violating the EU’s General Data Protection Regulation (GDPR). The fine was imposed after WhatsApp failed to provide sufficient information to users about how their data was being collected and stored.

The US House’s decision to ban WhatsApp is likely to be influenced by these concerns over the app’s security and lack of transparency. The ban comes as the US government is increasingly concerned about the use of messaging apps by government officials and employees. In 2020, the US Department of Defense banned the use of TikTok on government-issued devices, citing security concerns.

As the controversy continues to unfold, it remains to be seen whether other government agencies or organizations will follow suit and ban the use of WhatsApp on their devices. The move is likely to have significant implications for the use of WhatsApp in government and other sensitive environments, and may lead to a reevaluation of the app’s security features and capabilities.

“We disagree with the House Chief Administrative Officer’s characterization in the strongest possible terms,” a Meta spokesperson said in an emailed statement. “Messages on WhatsApp are end-to-end encrypted by default, meaning only the recipients and not even WhatsApp can see them. This is a higher level of security than most of the apps on the CAO’s approved list that do not offer that protection.”

However, the US House’s top official remains unconvinced, opting to recommend staff use alternative apps such as Signal, iMessage, FaceTime, and Microsoft Teams instead. These apps offer varying levels of encryption and security, but none match WhatsApp’s default end-to-end encryption.