ProPublica recently reported that Facebook hired 1000 workers around the world to review WhatsApp messages that are flagged as “inappropriate.” WhatsApp markets itself as a private messaging platform that secures those messages with end-to-end encryption that only the participants can view. Billions of people around the world use WhatsApp and other such “secure” messaging services to exchange private, sensitive business or personal messages.

When Facebook purchased WhatsApp in 2014, both companies assured their users that their messages could not be accessed by either company. However, we have now learned that Facebook not only reviews flagged messages, but has on occasion shared those messages with the Department of Justice and other law enforcement agencies in criminal investigations. ProPublica discovered that hourly contract workers in Texas, Ireland and Singapore review millions of users’ content using Facebook software to sift through private messages, images and videos that have been reported by WhatsApp users as improper. These workers then review the flagged content for claims of fraud, child porn, terrorism and the like.

The head of WhatsApp dismissed the report as a non-story, asserting that its end-to-end encryption platform is secure even as the company works with law enforcement to solve crimes. In fact, ProPublica discovered more than a dozen instances where data from WhatsApp was used in criminal prosecutions since 2017. WhatsApp defends its actions arguing that it hired the workers to identify and remove the worst abusers from the platform, not to control or moderate content.

While the benefits of uncovering crimes involving child pornography or terrorist plots may outweigh users’ privacy, the real question is whether contract employees of a for-profit company should be the ones making those decisions. When law enforcement seeks to review a user’s content – emails, web searches, messages – it must obtain a court authorized warrant based on probable cause. The standards used by WhatsApp, and its parent company Facebook, do not require probable cause or an independent determination by a judge. What standards and training, if any, are provided to these contract employees to review private communications is unknown. The old adage -let the buyer (in this case user) beware applies. End-to-end encryption is only as private as the platform it’s on.

Stahl Gasiorowski Criminal Defense is here for all your criminal legal needs. We are experienced in all types of complex criminal matters involving a many types of electronic evidence. To contact the firm’s NJ office, call 908.301.9001 and to contact the firm’s NYC office, call 212.755.3300, or email Mr. Stahl at rstahl@stahlesq.com.