About government requests for user data
What does end-to-end encryption mean for responding to law enforcement requests?
WhatsApp cannot and does not produce the content of its user’s messages in response to government requests.
The content of all messages sent using WhatsApp are protected by the same Signal encryption protocol that secures messages before they leave your device, which ensures only you and the person you're communicating with can listen to or read what you're sending, and nobody in between, not even WhatsApp. Message content is only kept on your phone (and, if you choose, in the cloud-based backup storage for your phone). You can find more details about how WhatsApp’s end-to-end encryption works in our white paper. For additional information on data we disclose in response to government requests, please see our guidelines for government requests.
What government agencies submit requests for WhatsApp user data?
Who reviews government requests for user data at WhatsApp?
Each LERT analyst receives extensive, rigorous training in WhatsApp’s policies and the requirements for government requests. LERT analysts also receive annual privacy and data protection training. LERT is supported by both in-house and outside counsel. These lawyers are experts in the laws that apply to government requests for user data.
Does WhatsApp individually review each request?
Does WhatsApp receive requests for emergency disclosure?
Yes. In emergencies, law enforcement may submit a written attestation. Based on the circumstances, we may disclose information to law enforcement in response to an emergency disclosure request where we have a good faith reason to believe that the matter involves imminent risk of serious physical injury or death and that WhatsApp may have information to help avert the threat to life.
Does WhatsApp notify users when their data is requested?
We reserve the right to notify users about requests for their information before disclosing it unless we are prohibited by law from doing so or in exceptional circumstances, such as child exploitation cases or an emergency threat to life. We also reserve the right to provide delayed notice upon expiration of a specific non-disclosure period in a court order and when we have a good faith belief that exceptional circumstances no longer exist and we are not otherwise prohibited by law from doing so.
Does WhatsApp ever push back on or challenge a request?
Yes. If we determine that a government request is not consistent with the laws under which the request was issued or our policies, we push back and engage the governmental agency to address any apparent deficiencies. If the request is unlawful, overly broad, legally deficient, or raises International Standards concerns, we will push back on or reject the request. We encourage governmental agencies to submit only requests that are necessary, proportionate, specific, and strictly compliant with applicable laws by advocating for reform of surveillance laws around the world and publishing guidelines for government requests. In addition, we would challenge any order that sought to have us redesign our systems to undermine the encryption we provide to protect people’s data. We would also challenge any attempt to gag us from disclosing the existence of such an order and our efforts to fight it.
What data does WhatsApp disclose in response to government requests?
WhatsApp scrutinizes every government request and produces only the information that is narrowly tailored to respond to each request. Depending on the request WhatsApp’s response may include, if available, basic subscriber information (such as their name, service start date, last seen date, IP address, device type, and email address), and account information (such as a user’s "about" information, profile photos, group information and contacts list). In the ordinary course of providing its service, WhatsApp does not store message logs once the messages are delivered or transaction logs of such delivered messages. In order to comply with a valid legal request, such as a valid Pen Register Trap and Trace Order in the United States, WhatsApp may start collecting message logs and call logs for a particular user indicating who the communication was to or from, the time it was transmitted and from which IP address, and the type of communication (such as a text or call).
Does WhatsApp encrypt message content and calls in transit?
WhatsApp's end-to-end encryption is used when you message another person using WhatsApp Messenger which includes your messages, photos, videos, voice messages, documents, live location, status updates and calls. End-to-end encryption ensures that only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp. This is because with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. Privacy and security is in our DNA, which is why WhatsApp built end-to-end encryption into our app. You can read more about WhatsApp’s end-to-end encryption here.
How does WhatsApp respond to requests made under the US Foreign Intelligence Surveillance Act or the FISA Amendments Act?
WhatsApp follows the same process for all government requests - we review all requests individually; require that requests be made in accordance with the laws under which they are issued and our policies; and produce only information that is narrowly tailored to respond to the request. Information regarding the requests made under the Foreign Intelligence Surveillance Act (FISA) is available in Meta’s Transparency Report with the maximum level of detail permitted under US law.
Does WhatsApp receive and respond to requests under Executive Order 12333?
No. E.O. 12333 provides a legal framework for governing US intelligence activities to be conducted outside of the United States, but does not impose any obligations on a service provider like WhatsApp.
Does WhatsApp produce user data in response to US National Security Letters (NSLs)?
WhatsApp follows the same process for all government requests - we review all requests individually; require that requests be made in accordance with the laws under which they are issued and our policies; and produce only information that is narrowly tailored to respond to the request. WhatsApp would produce the user’s name and length of service in response to a valid NSL. See Meta’s Transparency Report for more information on NSLs.
Does WhatsApp preserve data at the request of government agencies?