U.S. representatives are warning Public Safety Minister Gary Anandasangaree that the federal government’s lawful access bill could create “significant” risks to the security and data privacy of Americans.
U.S. Congressman Jim Jordan, who chairs the U.S. Committee on the Judiciary, and Congressman Brian Must, who chairs the U.S. Committee on Foreign Affairs, sent a letter to Anandasangaree on May 7, outlining their concerns with Bill C-22, also known as the Lawful Access Act. The letter was first reported by Washington-based media outlet Just The News.
“Canada’s Bill C-22, currently under consideration in Parliament, would drastically expand Canada’s surveillance and data access powers in ways that create significant cross-border risks to the security and data privacy of Americans,” they wrote in the letter.
The letter said the bill would allow Canadian government officials to compel American companies operating in Canada to “build backdoors into their encrypted systems,” which would introduce vulnerabilities for users in both countries that could be exploited by hackers, foreign adversaries, and cyber criminals.
Bill C-22, introduced by Anandasangaree on March 12, would expand law enforcement’s authority to access digital information and subscriber information, introduce new requirements for digital service providers to retain metadata about user activities, and compel telecommunications and online service providers to grant authorities access to user data.
Anandasangaree told MPs on the public safety and national security committee on May 5 that the bill does not support the creation of “backdoors” into platforms, and said it will not require any service providers to provide decryption of end-to-end encryption systems. He also said the bill includes safeguards against “systemic vulnerabilities” that could be exploited by criminals.
The Epoch Times reached out to the minister’s office for comment but didn’t hear back by publication time.
Bill C-22 says a service provider would not be required to develop, implement, assess, test, and maintain operational and technical capabilities for authorized persons to access encrypted data and information if doing so would introduce a “systemic vulnerability.” However, Jordan and Must said the term is vague and subject to a future regulatory process.
The U.S. representatives also raised concern that the bill empowers the public safety minister to issue “secret ministerial orders,” that would only be subject to the intelligence commissioner’s review and kept confidential, and would allow the minister to issue “targeted demands” to individual providers.
“In practice, providers offering end-to-end encryption services will inevitably face directives to create backdoors and architectural changes that bypass or weaken encryption to enable ‘lawful’ interception or data extraction,” they wrote in the letter.
They noted similar laws in other countries, such as the UK, where the government reportedly issued a “secret order” compelling Apple to provide access to users’ encrypted cloud data, which was not even accessible by Apple. This ultimately weakened encryption protections for 35 million iPhone users in the UK in February 2025, the U.S. representatives said.
Incidents like these directly threaten the privacy of people in the United States “who expect and depend upon robust encryption to protect sensitive communications, health data, financial records, and personal correspondence from unwarranted intrusion,” Jordan and Must said.
“Bill C-22 sets a dangerous precedent that could erode the mutual benefits of strong encryption standards,” they said, adding that American companies operating in Canada would either have to compromise the security of their user base, including U.S. citizens, or risk being excluded from the Canadian market.
Either outcome would harm U.S. national security and economic interests, and over time, such pressures would “fracture global cybersecurity norms and weaken our collective defenses against malicious actors who exploit inconsistent standards,” they added.
Modernizing Police Tools
Bill C-22 passed second reading in the House of Commons last month and is currently under study by the public safety and national security committee.
In committee testimony on May 5, Anandasangaree and Justice Minister Sean Fraser told MPs the bill modernizes access of police and intelligence services to digital evidence, but retains judicial oversight.
Fraser said new powers granted in the bill would be especially helpful in cracking down on organized crime, child sexual exploitation, drug trafficking, and human trafficking. He said law enforcement would be able to make a “simple request” during an investigation involving a phone number or IP address, and ask the provider whether the phone number or IP address is on their network.
“If the network comes back and says, ‘yes, in fact, it is,’ that would allow us to move forward with a process that would be approved by a judge,” he added.
Meanwhile, tech giant Meta has warned that Bill C-22 could compel companies to support government surveillance of Canadians’ private information.
Rachel Curran, head of public policy at Meta, told MPs while testifying before the public safety and national security committee on May 7, that the technical assistance obligations in the bill could “conscript private companies into service as an arm of the government surveillance apparatus.”
“As drafted, the bill could require companies like Meta to build or maintain capabilities that break or undermine encryption and force providers to install government spyware directly on their systems,” Curran said.
She noted that it is not possible to build “back doors” to encrypted systems for law enforcement without creating vulnerabilities that could be exploited by “malicious actors.”
Paul Rowan Brian contributed to this report.
Friends Read Free
Copy
Facebook
Tweet
