- Canada commits to amending Bill C-22 to better define encryption and metadata rules
- The move follows a massive backlash from major tech and privacy companies.
- The Minister of Public Safety remains convinced that the bill “must be adopted”
Following strong backlash from tech giants, privacy advocates and some top VPN providers, the Canadian government has announced it will amend the controversial lawful access legislation known as Bill C-22.
The proposed legislation is designed to help law enforcement and the Canadian Security Intelligence Service (CSIS) access digital information during high-stakes investigations. However, critics have argued that its sweeping technology requirements would effectively force companies to embed backdoors in encrypted platforms, putting global cybersecurity at risk.
On Wednesday, Public Safety Minister Gary Anandasangaree confirmed that the government was drafting amendments “to ensure clarity on what encryption is”, while promising to better define metadata in the legislation.
Despite the planned revisions, Anandasangaree stressed that broader push for the bill to give authorities legal access to citizens’ data would continue.
“This is something that needs to happen,” he told reporters, emphasizing that police and intelligence agencies need updated tools to combat evolving technological threats.
Tech giants and VPNs threaten to disappear
The government’s decision to revise the bill comes after weeks of harsh criticism from the technology sector. Under the As originally worded, Bill C-22 would require undefined electronic service providers to retain metadata for up to one year and adapt their systems to transmit intercepted data to warrant investigators.
Additionally, the legislation authorizes the Minister of Public Safety to issue secret orders requiring vendors to retrieve data or track devices, orders that companies would be legally prohibited from disclosing to their users.
This sparked a unified defense of privacy from major players in the industry. Meta and Apple have sounded the alarm, while Google has joined the privacy backlash, warning a parliamentary committee that the legislation “could facilitate foreign interference and weaken user privacy globally.”
We will not be far behind if Bill C-22 is passed. In their current state, VPNs would almost certainly require us to log user credentials. Signal is not headquartered in Canada, so they can just shut down the Canadian servers, but our head office is. We pay an ungodly amount of taxes to these corrupt… https://t.co/SUb4yDV7o5May 14, 2026
Erik Neuenchwander, Apple’s senior director of user privacy and child safety, testified Tuesday about the dangers of weakening security.
“When you create a backdoor in an encrypted device, anyone can access it, and since everything depends on encryption, we can’t take that risk,” Neuenchwander told lawmakers.
The privacy community has also been vocal.
Proton VPN said compromising its no-logs policy was out of the question, while ExpressVPN also argued that its no-logs architecture and encryption are “non-negotiable.”
Secure messaging app Signal, alongside NordVPN and Windscribe, has threatened to completely withdraw its services from Canada if forced to comply with surveillance requirements.
Political opposition and next steps
The Canadian security community has long argued that encryption leaves them ahead of criminals. Speaking to CBC, the National Security and Intelligence Committee of Parliamentarians (NSICOP) said encryption, along with the large volume of digital data, makes it “difficult and sometimes impossible to collect the information necessary to conduct effective investigations.”
Although Anandasangaree said the new amendments would aim to bring the bill’s encryption provisions in line with their U.S. counterparts, the move did not entirely quell political opposition.
As reported by CBC, Conservative Leader Pierre Poilievre said his party “will have to look at” the amendments first, but added: “So far we are extremely suspicious,” accusing the government of trying to build “a surveillance state.”
The Minister of Public Safety has responded to protests from the tech industry, questioning its commitment to user safety. “I think there are a number of areas of misinformation,” Anandasangaree argued. “We live in a world where big tech companies, whether it’s Apple or Google or other big tech companies, operate without any form of accountability.”
With the Liberal government holding a majority, it can pass the revised Bill C-22 without the support of the Conservatives, NDP or Green Party, all of whom have expressed opposition. It remains to be seen how far the new amendments will go to actually protect user privacy.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
