A notice to House offices Monday from the chamber’s chief administrative officer said that staffers are forbidden from having WhatsApp on official devices starting next week, prompting a rebuttal from the app’s parent company Meta.
“The Office of Cybersecurity has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use,” the email, seen by CyberScoop, said. As of June 30, “House staff are NOT allowed to download or keep the WhatsApp application on any House device, including any mobile, desktop, or web browser versions of its products. If you have a WhatsApp application on your House-managed device, you will be contacted to remove it.”
Meta wasn’t happy, pointing to a different standard in the Senate that permits WhatsApp while touting the app’s security safeguards.
“We disagree with the House Chief Administrative Officer’s characterization in the strongest possible terms,” said a spokesman, Andy Stone. “We know members and their staffs regularly use WhatsApp and we look forward to ensuring members of the House can join their Senate counterparts in doing so officially.
“Messages on WhatsApp are end-to-end encrypted by default, meaning only the recipients and not even WhatsApp can see them,” Stone continued. “This is a higher level of security than most of the apps on the CAO’s approved list that do not offer that protection.”
According to Meta, the Senate has assessed the risk of WhatsApp and approved it for usage. It’s been working through the process in the House to get it approved there, and is in touch about future steps.
A spokesperson provided a statement from Chief Administrative Officer (CAO) Catherine Szpindor but said there would be no further comment.
“Protecting the People’s House is our topmost priority, and we are always monitoring and analyzing for potential cybersecurity risks that could endanger the data of House Members and staff,” Szpindor said. “We routinely review the list of House-authorized apps and will amend the list as deemed appropriate.”
As of Tuesday afternoon, WhatsApp wasn’t on the CAO’s list of approved apps, according to an internal House page viewed by CyberScoop. It’s not clear what triggered the notice from the CAO. That, in turn, prompted speculation from cybersecurity experts.
Matthew Green, who teaches cryptography at Johns Hopkins University, said on the social media platform BlueSky that one of two key elements the notice pointed to could be the lack of backup encryption, “which is a real issue with WhatsApp. They have an end-to-end encrypted backup mode, but it remains buried in the optional settings. Also you need to make a weird password.”
Green, along with fellow Johns Hopkins professor Thomas Rid, wondered if AI integration into WhatsApp might be an issue. But Rid presented doubts about that.
“I understand that WhatsApp’s AI integration has not come up in Meta’s conversations with House personnel,” Rid said in a Twitter thread. “I still stand by my note above: integrating AI into a secure end-to-end encrypted platform is a bad idea, as it undermines trust, imo.”
It’s also not clear why the ban would apply only to House staff and doesn’t mention lawmakers themselves. Government officials’ use of encrypted messaging apps has heightened as a result of “SignalGate,” when a number of Trump administration officials discussed battle plans in a Signal chat that accidentally included a journalist from The Atlantic. But Signal is on the CAO list of approved apps.
Axios first reported on the CAO notice.
The post Meta confused over WhatsApp ban issued to House staffers appeared first on CyberScoop.