The U.S. House of Representatives has banned the use of WhatsApp on government-managed devices for congressional staffers, citing significant cybersecurity concerns around data protection and transparency.
The directive was issued Monday by the House's Chief Administrative Officer (CAO), who informed staff that the Meta-owned messaging app posed a “high risk” due to opaque data handling practices, lack of encryption for stored data, and overall potential security vulnerabilities. The CAO's Office of Cybersecurity emphasized that no versions of WhatsApp, including mobile, desktop, and web, are permitted on any House-managed equipment. According to an internal memo obtained by Axios, staffers found using the app will be contacted for removal instructions.
The CAO's role includes overseeing IT operations and cybersecurity policies for the House, ensuring that legislative work is conducted within secure and controlled digital environments. The office regularly evaluates tools used by lawmakers and staff to manage data privacy risks amid rising geopolitical and cyber threats.
This move aligns with a broader trend of increasing digital hygiene and caution within Congress. In recent years, the House has imposed partial or full bans on tools like DeepSeek, ByteDance-owned applications (including TikTok), and Microsoft's Copilot. OpenAI's ChatGPT has also faced restrictions, with House offices instructed to use only the paid version, ChatGPT Plus, if needed.
Meta, the parent company of WhatsApp, strongly pushed back on the CAO's characterization. Responding to CyberInsider's request for a comment, a spokesperson for WhatsApp expressed disagreement with the decision and characterization of their product as insecure.
“We disagree with the House Chief Administrative Officer’s characterization in the strongest possible terms. We know members and their staffs regularly use WhatsApp and we look forward to ensuring members of the House can join their Senate counterparts in doing so officially. Messages on WhatsApp are end-to-end encrypted by default, meaning only the recipients and not even WhatsApp can see them. This is a higher level of security than most of the apps on the CAO’s approved list that do not offer that protection.” – WhatsApp spokesperson
WhatsApp, one of the most widely used encrypted messaging platforms in the world, offers end-to-end encryption for messages by default, but it does not encrypt messages at rest (data stored on devices or servers), which may have influenced the CAO's risk assessment. Furthermore, the app's reliance on Meta's broader data ecosystem may be seen as introducing additional risk vectors for surveillance or data misuse.
The Chief Administrative Officer has instead endorsed several alternatives deemed acceptable for secure communications within the House, including Microsoft Teams, Amazon's encrypted messaging service Wickr, Apple's iMessage and FaceTime, and the open-source encrypted messaging app Signal. Staffers were also reminded to remain vigilant against phishing attempts and unsolicited texts from unknown sources, an area of growing concern as social engineering tactics become more sophisticated.
Leave a Reply