Facebook’s parent company Meta told lawmakers that Ottawa’s plan to give security agencies increased access to user data has a number of pitfalls, including turning tech companies into surveillance arms of the government.
The government’s Bill C-22, also known as the Lawful Access Act, is currently being studied by the House of Commons public safety committee, where stakeholders and experts are offering recommendations on how the bill could be improved.
MPs heard from tech company Meta Platforms, police services, and law professors at the May 8 meeting.
Rachel Curran, Meta’s head of public policy, said portions of Bill C-22 improve on the Liberal government’s previous attempt to establish a lawful access regime through Bill C-2.
Curran said, however, that Bill C-22 contains several troubling provisions for her company and the industry at large. The second part of the bill, which aims to compel electronic service providers to install systems granting access to security agencies, could “ultimately make Canadians less safe, not more,” she said.
“The technical assistance obligations in part 2 could conscript private companies into service as an arm of the government surveillance apparatus,” she said. “As drafted, the bill could require companies like Meta to build or maintain capabilities that break or undermine encryption and force providers to install government spyware directly on their systems.”
The bill states that a provider would not have to introduce a “systemic vulnerability” to comply with government orders, but Curran said the definition of the term lacks clarity.
Bill C-22 was introduced by Public Safety Minister Gary Anandasangaree in March. Ottawa says it aims to provide tools to security agencies to better tackle crime in a digital environment.
Without judicial authorization, security agencies would be able to ask an electronic service provider whether it offers services to a specific individual, based on a “reasonable suspicion” that a crime has or will be committed. With this information, police would be able to seek judicial authorization for a production order to obtain a wide range of data on the subscriber.
U.S. lawmakers wrote a letter to Anandasangaree this week saying the bill could impact the security and data privacy of Americans. The Epoch Times reached out to Anandasangaree’s office but didn’t hear back by press time.
‘Back Doors’
Appearing before the public safety committee on May 5, Anandasangaree said the bill would neither create “back doors” into digital platforms nor require service providers to decrypt end-to-end encrypted systems.
Curran, however, argued that any system designed to facilitate government access would effectively create “back doors.” Such measures, she said, cannot be implemented without “creating vulnerabilities that will be—not if—will be exploited by malicious actors.”
Curran said governments are still dealing with repercussions from the China-sponsored hack of major global telecommunications companies in 2025. Canadian authorities alerted the public last year, noting how devices registered to a domestic telecommunications company were compromised by actors known under the “Salt Typhoon” cyber threat designation.
She said countries like France and Sweden backed away from implementing measures such as those contained in C-22, while noting that the United Kingdom went ahead, then faced pushback from the U.S. government and civil society groups.
Tech company Apple announced last September it could no longer offer Advanced Data Protection in the UK to new users.
Aside from the technical risks of going ahead with C-22, Curran said the bill risks hurting domestic innovation and Canada’s global competitiveness.
Data Retention
Other concerns raised during the committee meeting included its provision requiring service providers to retain user metadata for a year.
Law professors said this interferes with Section 8 of the Charter which protects against unreasonable search and seizure.
“We know from ample case law that metadata is private and under these provisions, when the minister compels Shaw or Telus to preserve our metadata, the company is doing so on behalf of the state and for a law enforcement purpose. Those are the basic elements of a seizure under Section 8,” said Robert Diab, professor at the faculty of law of Thompson Rivers University.
Michael Geist, the Canada research chair in internet and e-commerce law at the University of Ottawa, said this provision should be removed entirely from the bill, calling it “disproportionate” and likely to be struck down by the Supreme Court.
Geist said that metadata retained on every subscriber regardless of suspicion would amount, in aggregate, to a “comprehensive surveillance map of virtually every Canadian, where and when they go, and who they interact with.”
Metadata from telecommunications providers would include which device connects with which cell tower at what time, giving details on user locations, Geist said.
David Fraser, a partner at law firm McInnes Cooper who also teaches at Dalhousie University, raised further concerns about the bill.
“Under no circumstances should the government be allowed to require an electronic service provider, particularly with a secret order, to make changes to products or services that a business provides,” he said.
Bill C-22 states that electronic service providers cannot disclose if they receive a ministerial order to comply with regulations under the act.
Meta representatives were asked in committee how this could impact their business given that they operate by advertising that they provide security of communications.
“Ultimately, as drafted, the bill has a blanket secrecy provision that would essentially prevent us from being able to explain to our users that these changes had been made,” said Robyn Greene, director of privacy and public policy at Meta, in reference to government-imposed modifications to a company’s systems. “Our users would completely lose trust in the security and privacy protections of our products.”
Police Support
Police agencies have welcomed federal government efforts to create a lawful access regime, citing the complexity of modern crime and investigations.
Toronto Police Chief Myron Demkiw told the committee on May 8 that Bill C-22 is a “step in the right direction.”
“It will provide additional tools for our officers to be able to move investigations forward more quickly, hold offenders accountable, and prevent harm,” he said, adding that early intervention is needed in cases involving violent extremism.
Children’s advocacy groups also support giving additional tools to police to better crack down on child exploitation.
Monique St-Germain, general counsel for the Canadian Centre for Child Protection, said provisions in the bill allowing police to obtain subscriber information are welcome.
“Offenders are able to rapidly change their digital identities through fake accounts,” she said. “It’s very common for offenders to use multiple apps, devices and accounts. Unraveling that web is incredibly complicated, and on top of that, some of these investigations involve multiple jurisdictions and service providers.”
Friends Read Free
Copy
Facebook
Tweet
