Morning Edition LIVE
Vol. I · No. 1
Est.
MMXXVI

The A.I. Beat

Dispatches from the frontier of machine intelligence
Three
Dollars
← Front page Legal & Policy May 23, 2026 · 6 min read
Legal & Policy

Texas AG Sues Meta Over WhatsApp Encryption Claims in Legally Questionable Move

Ken Paxton's lawsuit alleges WhatsApp doesn't actually provide end-to-end encryption, but critics say the complaint lacks factual support and looks more like campaign positioning.
Texas AG Sues Meta Over WhatsApp Encryption Claims in Legally Questionable Move

Texas Attorney General Ken Paxton filed a lawsuit this week claiming Meta’s WhatsApp doesn’t actually provide the end-to-end encryption it promises users. It’s a bold allegation. It’s also one that legal experts and security researchers are struggling to take seriously.

The complaint, filed in Texas state court, alleges that WhatsApp’s encryption claims amount to deceptive trade practices under Texas law. Paxton’s office argues that Meta has misled millions of users about the privacy protections the messaging app provides.

There’s just one problem: the lawsuit appears to be light on actual evidence.

What the complaint claims

According to Paxton’s filing, WhatsApp’s end-to-end encryption doesn’t work as advertised. The AG’s office hasn’t released detailed technical findings to support this claim. The complaint itself doesn’t cite independent security audits, specific vulnerabilities, or testimony from cryptography experts who’ve examined WhatsApp’s implementation.

This matters because WhatsApp’s encryption protocol, the Signal Protocol, is one of the most scrutinized security implementations in consumer software. It’s been audited repeatedly by independent researchers. The source code for the protocol is public. If there were a fundamental flaw in how WhatsApp implements encryption, we’d likely know about it.

The lawsuit’s timing is also raising eyebrows. Paxton is currently running for U.S. Senate, and taking on Big Tech plays well with both Republican primary voters and privacy advocates across the political spectrum.

Even if you accept Paxton’s premise, the legal case has issues.

Texas’s Deceptive Trade Practices Act requires showing that a business made false or misleading statements that actually harmed consumers. The AG will need to prove not just that Meta’s encryption claims are wrong, but that Texas residents suffered concrete harm as a result.

That’s going to be difficult. If WhatsApp’s encryption works as designed (which all available evidence suggests it does), then users received exactly what was promised. If it doesn’t work, Paxton needs to show how that failure specifically injured Texans in a way that creates legal liability under state consumer protection law.

The complaint also doesn’t address the fact that Meta publishes a transparency report showing it can’t access the content of WhatsApp messages. If the encryption is broken, Meta would need to be lying in regulatory filings, which would create separate federal securities issues that haven’t been raised.

What happens next

Meta will almost certainly move to dismiss. The company has defended its encryption implementation successfully before, and nothing in this complaint suggests Paxton has evidence that previous challengers lacked.

The case could also get removed to federal court, where Meta would have more favorable procedural rules and a judiciary less susceptible to state political pressures.

For WhatsApp’s 2 billion users, nothing changes. The encryption works the same way today as it did before the lawsuit. Your messages are still protected by the Signal Protocol. Meta still can’t read them, regardless of what the Texas AG claims.

The bigger question is whether other state AGs will follow Paxton’s lead. If this lawsuit succeeds in generating headlines without requiring actual proof, it becomes a template for politically motivated tech litigation. That’s bad for everyone who cares about actual privacy protection and good-faith enforcement of consumer protection laws.

Paxton’s office didn’t respond to questions about what specific evidence supports the encryption claims. Until they produce something concrete, this looks less like consumer protection and more like campaign positioning with a legal filing attached.

regulation copyright