reclaimthenet.org
Wyden Urges Blanche and Rubio to Fight Canada’s Bill C-22 Surveillance Law
If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.
Ron Wyden wants the Trump administration to treat one of America’s allies as a counterintelligence threat.
The Oregon senator wrote to acting Attorney General Todd Blanche and Secretary of State Marco Rubio, who is doubling as acting national security adviser, on July 16.
His warning centers on an invasive surveillance bill moving through Canada’s Parliament that could turn American technology companies into tools for spying on Americans.
That bill is C-22, the Lawful Access Act. It would require telecoms, messaging apps, and potentially any digital service operating in Canada to rebuild their systems so that police and the intelligence service CSIS can reach into user data. Providers would also have to keep metadata, the record of who contacted whom, when, and from where, for as long as a year, pulling in millions of people suspected of nothing.
Wyden’s alarm runs past Canada’s borders. American law contains no rule stopping US firms from helping a foreign government spy on Americans, even when the target is the president or a senior official.
Ottawa could therefore order a company like Apple or Google to hand over data or weaken its own security, in secret, with an American in the crosshairs. Wyden called that gap “a glaring statutory vacuum.”
The Lawful Access Act “threatens to weaponize American technology infrastructure by enabling the Canadian government to force U.S. companies to secretly facilitate surveillance of Americans, while systematically undermining the security of their products,” he wrote.
Britain already ran the experiment. News broke in February 2025 that the UK had secretly ordered Apple to weaken encrypted iCloud backups.
Then-Director of National Intelligence Tulsi Gabbard told Congress that forcing American firms to engineer backdoors violates privacy rights and opens severe holes for hostile hackers to climb through.
President Trump and Vice President Vance pressed London to pull back. When Wyden’s staff asked British officials whether their laws could block a demand built to spy on Americans, no assurance came.
The senator sketched five ways a foreign government could pry open the vacuum. It could force a company to store an American target’s backups on local servers, where authorities can walk in and seize them. It could demand that end-to-end encryption be switched off for specific targets. It could require a hidden, government-controlled “ghost” key that decrypts protected backups. It could relocate the signing keys that vouch for the authenticity of software updates, leaving them exposed to foreign seizure.
It could push government spyware onto a target’s device through a corrupted update from a company the user trusts.
The US holds leverage over how this ends. The CLOUD Act lets a foreign country that signs a deal with the Justice Department request data straight from American companies, skipping the mutual legal assistance treaty process that can crawl on for months or years. Only Britain and Australia have signed.
Canada is negotiating its first agreement right now. Wyden wants American officials to use that window to lock in “ironclad, explicit prohibitions against these extraterritorial technical and prospective engineering mandates,” and to “take all necessary administrative and regulatory steps to insulate U.S. government officials and the American public from foreign surveillance demands against American firms.”
The companies that would have to build all of this have spent months refusing. Google told a House of Commons committee that C-22 would create “surveillance infrastructure” and hand the Public Safety Minister “sweeping powers to issue secret orders.”
A weak definition of “systemic vulnerability,” it warned, could let the law “decrease overall user security, by creating backdoors that would break end-to-end encryption and create significant cybersecurity risks, facilitating foreign interference and weakening global user privacy.”
The company drew its own line. “Google has never built a backdoor or other mechanism to circumvent end-to-end encryption in our products. If we say a product is end-to-end encrypted, it is end-to-end encrypted.”
Wyden has company in Washington. House Judiciary Chairman Jim Jordan and Foreign Affairs Chairman Brian Mast warned Canada’s public safety minister in May that American firms face a choice between “compromising the security of their entire user base, including US citizens, or risking exclusion from the Canadian market.”
Bill C-22 has passed Canada’s House of Commons and awaits the Senate. Public Safety Minister Gary Anandasangaree has accused the tech companies of misreading it. They have read it closely enough to refuse to build what it asks for.
A backdoor cut into Apple or Google does not know to stop at the border, and Wyden is wagering that this fear will move an administration that privacy arguments alone would not.
If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.
The post Wyden Urges Blanche and Rubio to Fight Canada’s Bill C-22 Surveillance Law appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.