Signaling a major shift in the way Meta approaches users’ privacy, the company recently announced plans to make all of its messaging services — WhatsApp, Messenger, and Instagram DMs — end-to-end encrypted (E2EE).
As part of its initiative, Meta commissioned a human rights impact assessment (HRIA), which concluded that, “Meta’s planned expansion of strong encryption to its Messenger and Instagram services will do more good than harm for human rights, giving the company more ammunition as it fights efforts in the United Kingdom and other countries to carve out exceptions to make police work easier.”
The report also notes that, although “targeted decryption could be considered necessary and proportionate from a human rights perspective, it would require companies to weaken or break encryption, essentially becoming a “backdoor” — a move that creates privacy and security risks.
The HRIA provided several recommendations, including that Meta “investigate client-side scanning techniques.” Meta rejected that recommendation because “People who use E2EE messaging services rely on a basic premise: that only the sender and intended recipients of a message can know or infer the contents of that message.”
PACC agrees that E2EE is essential for digital privacy, fundamentally important for personal and organizational privacy, and to enable data privacy professionals to ensure their organization is complying with governing privacy laws since, without encryption, it is impossible to keep communications secure from unauthorized access.