Major technology companies are warning Ottawa that Bill C-22, the federal government’s proposed lawful access legislation, could undermine encryption, weaken cybersecurity protections and force platforms to redesign their systems for government surveillance access.The warnings come as Parliament studies the proposed legislation, which would require telecommunications companies, internet providers and electronic service providers to develop technical capabilities allowing police and intelligence agencies to obtain access to information linked to criminal and national security investigations.Under the bill, the federal government would gain authority to require certain “core providers” to maintain “operational and technical capabilities” related to “extracting and organizing information” and enabling authorized access to it. The legislation would also permit regulations governing the “installation, use, operation, management, assessment, testing and maintenance” of devices or equipment connected to lawful access capabilities. The bill further proposes requiring providers to retain certain metadata, including “transmission data,” for up to one year. Meta said it supports portions of the legislation dealing with lawful access requests, but warned that Part 2 of the bill poses major privacy risks.“Part 2 of Bill C-22 could have a significant negative impact on Canadians’ privacy and cybersecurity, including potentially requiring companies to build or maintain capabilities that break or weaken encryption, and forcing providers to install government spyware directly on their systems,” the company said in a statement published last week..Meta urged Ottawa to amend the legislation “to remove obligations for companies to add third party surveillance tools to their systems,” strengthen protections against introducing “systemic vulnerability,” and establish clearer legal challenge mechanisms for companies contesting requests.Apple issued a similar warning in comments to Reuters.“At a time of rising and pervasive threats from malicious actors seeking access to user information, Bill C-22, as drafted, would undermine our ability to offer the powerful privacy and security features users expect from Apple,” the company said.“This legislation could allow the Canadian government to force companies to break encryption by inserting backdoors into their products — something Apple will never do.”Signal, which operates one of the world’s most prominent encrypted messaging platforms, went even further.Signal vice-president Udbhav Tiwari told the Globe and Mail that the company “would rather pull out of the country than be compelled to compromise on the privacy promises we have made to our users.”Signal has warned the bill could create vulnerabilities that hackers or foreign adversaries may exploit if companies are required to redesign systems for lawful access purposes.The federal government has argued the legislation is intended to modernize investigative tools for police and intelligence agencies in an era of encrypted communications and digital crime.The bill also includes language stating providers cannot be forced to introduce a “systemic vulnerability” into their systems. NordVPN and the Canadian Chamber of Commerce have also issued similar warnings.
