Instagram will eliminate end-to-end encryption of private messages (DM or direct messages) after May 8, Meta announced on its help page for the platform. The move comes at a time when law enforcement agencies are trying to address threats of terrorism and child sexual abuse.
“Very few people were opting in to end-to-end encrypted messaging in DMs, so we’re removing this option... Anyone who wants to keep messaging with endto-end encryption can easily do that on WhatsApp,” said a Meta spokesperson.
It is contrary to what Meta CEO Mark Zuckerberg had to say in a Facebook note from 2019 (last edited in 2021). He wrote, “As I think about the future of the Internet, I believe a privacy-focused communications platform will become even more important than today’s open platforms. Privacy gives people the freedom to be themselves and connect more naturally, which is why we build social networks.”
The note was put out in the months following the Cambridge Analytica scandal, which involved millions of Facebook users having their personal data compromised without their consent.
At a time when governments are pushing for backdoors and surveillance capabilities, the rollback is worrying and raises the question if governments could be emboldened to demand weaker encryption elsewhere. “I find this rollback deeply alarming,” Shahzad Ahmed Memon tells The Telegraph in an email. Memon is a senior lecturer in the department of computer science and digital technologies at the University of East London’s School of Architecture, Computing and Engineering, UK. He continues, “Meta’s decision to bin end-to-end encryption (E2EE) on Instagram represents a troubling regression in the landscape of digital sovereignty. By characterising the retreat as a response to ‘low adoption’ despite the feature never being established as a functional default, Meta has essentially designed a self-fulfilling prophecy to justify a strategic retreat. This creates a massive data liability from May 8, 2026, when billions of private messages will shift from ‘unreadable static’ to ‘readable data’ stored on Meta’s servers, creating a lucrative honeypot for hackers, rogue insiders and state-sponsored surveillance.”
This sets a precedent, according to Memon, that could easily lead to demands for similar weak points in other apps, framing standard digital hygiene as something reserved for people with something to hide.
Critics of encryption argue that E2EE creates blind spots, making it difficult to detect child exploitation or CSAM.
Is removing encryption on Instagram DM a way to solve the problem, The Telegraph asked professor Nishanth Sastry, who is associate head of research and innovation at the University of Surrey’s School of Computer Science and Electronic Engineering in the UK.
He replied, “It is a way to solve the problem, but may not be the only way. And very questionable if it is an effective way of combating CSAM. AI interventions on Insta servers may not be able to distinguish real CSAM from the fond grandmother taking a perfectly legitimate picture of her grandchild in the bath.”
Once end-to-end encrypted (E2EE) option is removed, what does this mean for the training of Meta’s generative AI models?
“This depends on the architecture of the Instagram servers specifically, and the separation that Meta enforces. However, I would agree with thatin effect, Meta will now be able to recover user messages and use them as training data,” said Benjamin Dowling, senior lecturer in cryptograph at King’s College London, UK.
Removing E2EE on Instagram DM may also affect journalists, activists or whistleblowers who could be using Instagram for initial outreach. “I would advise them to switch to E2EE services that have been verified by academics and experts, such as the Signal protocol, before the May 8 deadline,” said Dowling.
Mary Aiken, professor of forensic cyberpsychology, University of East London, UK, said “privacy, collective security and technological vitality should be treated as co-equal imperatives; none should have automatic primacy over the others”.
She said, “The real policy challenge is balance. How to preserve civil liberties and trust in technology while ensuring society retains the means to protect the public from exploitation, criminality and systemic harm.”