Meta’s removal of end-to-end encryption from Instagram direct messages by May 8, 2026, deserves a critical assessment that goes beyond the binary of “privacy good, removal bad.” The decision involves genuine trade-offs, competing values, and institutional interests that are more complex than the polarized responses it has generated suggest. A critical assessment requires engaging honestly with all of these dimensions.
The child safety argument is genuine. Law enforcement agencies and child safety organizations are not inventing the harms they describe. Child sexual abuse material is shared through encrypted messaging platforms, and the inability to detect this content is a real obstacle to protecting real children. Any assessment of Instagram’s encryption removal that dismisses this concern is incomplete.
The privacy argument is also genuine. Hundreds of millions of people use Instagram to communicate privately about matters that are legitimately their own business. The removal of technical privacy protection from their communications is a real harm — even if it is an invisible harm that most users will not directly experience in their daily use of the platform.
The commercial argument deserves acknowledgment rather than being treated as a conspiracy theory. Meta’s business model creates real incentives to access private message data. Tom Sulston of Digital Rights Watch is not engaging in speculation when he raises this concern — he is making an observation about structural incentives that is grounded in a straightforward analysis of Meta’s revenue model.
The regulatory argument is the most important one for the long term. Whether or not you agree with Meta’s specific decision, the ability of a company to make this kind of change — affecting hundreds of millions of users, communicated through a help page update, without regulatory scrutiny — reflects a gap in existing data protection frameworks that has implications well beyond Instagram.
A critical assessment of this decision does not require concluding that it was right or wrong. It requires taking seriously all of the genuine interests at stake — privacy, safety, commercial logic, regulatory adequacy — and asking whether the process by which the decision was made, and the outcome it produced, was adequate to those interests.