If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Canada’s Public Safety Minister is telling Apple, Meta, and Signal that they don’t understand his own surveillance bill. They understand it fine. That’s the problem. Bill C-22, the Lawful Access Act, would force telecoms, internet companies, and social media platforms to rebuild their systems so police and the Canadian Security Intelligence Service (CSIS) can access user data more easily during investigations. It would also require providers to stockpile metadata on every subscriber for up to a year, regardless of whether those people are suspected of anything. The bill has the backing of police chiefs across the country and CSIS, who have long argued they are stymied by outdated legislation in a digital world. The government describes this as organizing information “like a filing cabinet, where certain types of information would be available with legal authorization.” That filing cabinet contains a year’s worth of data showing where every Canadian goes, when they go there, and who they communicate with. On a mobile network, that metadata includes which cell towers each phone connects to and when. Retained at scale, it amounts to a comprehensive surveillance map of the population. Public Safety Minister Gary Anandasangaree said at a press conference Wednesday that tech companies are “using this as an opportunity to double down.” He added that “Tech giants are misinterpreting some of the safeguards that are already built in, including on ensuring that encryption is not in any way interrupted as part of Bill-22.” The list of people who supposedly can’t read keeps growing. Apple warned that the legislation “could allow the Canadian government to force companies to break encryption by inserting back doors into their products — something Apple will never do.” The company added that “at a time of rising and pervasive threats from malicious actors seeking access to user information, Bill C-22, as drafted, would undermine our ability to offer the powerful privacy and security features users expect from Apple.” Apple has already shown it will follow through on threats like these. It pulled its Advanced Data Protection feature from the United Kingdom rather than comply with a Technical Capability Notice ordering it to create access to encrypted iCloud data and is now litigating the order before the Investigatory Powers Tribunal. If Bill C-22 passes unchanged, Canadians could lose the same protections. Signal, the encrypted messaging service, went further. Vice-president Udbhav Tiwari told the Globe and Mail that Signal “would rather pull out of the country than be compelled to compromise on the privacy promises we have made to our users.” Tiwari added in a statement that “end-to-end encryption is incompatible with exceptional access, no matter how creative the route taken to achieve it,” and called provisions that force vulnerabilities into communications systems “a grave threat to privacy everywhere.” Meta’s head of Canadian public policy, Rachel Curran, told a Commons committee that the bill’s technical assistance obligations “could conscript private companies into service as an arm of the government’s surveillance apparatus.” She told MPs that “it is not possible to build back doors to encrypted systems for law enforcement without creating vulnerabilities that will be exploited by malicious actors,” and warned that “weakening encryption affects not only the target of an investigation but all Canadians who rely on secure communications for banking, accessing healthcare, running their businesses, or simply communicating with loved ones.” In 2024, the Salt Typhoon hack exploited a system built by internet service providers specifically to give law enforcement access to user data. The very type of backdoor infrastructure Bill C-22 would mandate became an entry point for one of the most significant foreign intelligence breaches in recent memory. When you build surveillance doors into communications systems, you don’t get to choose who walks through them. The bill does include language saying providers aren’t required to comply if doing so would introduce a “systemic vulnerability.” But the definition of that term is unclear and essential terms like “encryption” are left to be defined later through regulation, while ministerial orders can override those same regulations. The bill would also allow the federal government to secretly order companies to weaken encryption or create backdoors and Meta’s Robyn Greene told the committee that if the government quietly mandates changes to a platform’s security architecture, Meta would be legally prohibited from telling its own users. Secret orders to weaken security, with a gag clause preventing disclosure. The government calls this “encryption-neutral.” If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Canada Says Critics Don’t Understand Its Surveillance Bill appeared first on Reclaim The Net.