If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Canada’s Liberal government has introduced Bill C-22, the Lawful Access Act, 2026, a surveillance bill that compels electronic service providers to store Canadians’ metadata for a year and hands police and intelligence agencies new tools to access it. We obtained a copy of the bill for you here. The bill follows a failed first attempt, Bill C-2, which collapsed under the weight of near-universal criticism from opposition parties, rights groups, and the tech industry. This is a mandatory data retention regime that forces companies to hold location data, device information, and other sensitive metadata on every Canadian, not just those suspected of crimes, ready for law enforcement retrieval via warrant. The logic is familiar: build the haystack first, search it later. Public Safety Minister Gary Anandasangaree framed the bill as a necessary modernization. “Canada is woefully behind our most important allies. Technology has moved forward; our laws are stuck in the previous century,” he said Thursday, flanked by police chiefs and Justice Minister Sean Fraser. RCMP senior deputy commissioner Bryan Larkin added, “There’s an actual series of tools here that will eventually lead to greater success, greater efficiencies in police investigations, greater solvency in crime and, quite frankly, improving the safety of Canadians and, more importantly, addressing the concerns of victims.” The government claims this isn’t surveillance of ordinary Canadians. Anandasangaree was explicit: “I want to be clear what C-22 is not. It is not about surveillance of Canadians going on about their daily lives. It is about keeping Canadians safe in the online space.” The bill does exclude web browsing history and social media activity from its mandatory retention requirements. But the bill doesn’t need to include everything to be seriously invasive. Location data alone tells a story. Where you sleep, where you worship, which doctor you visit, which protests you attend. All stored for a year, accessible to police and CSIS with a warrant, and built into every electronic service provider’s systems by law. Tamir Israel, director of the Canadian Civil Liberties Association’s privacy, surveillance, and technology program, named the distinction that matters most. “Being able to categorically order companies to keep everybody’s information, not just people who are suspected of crimes… is different from getting a company to build a backdoor that then police could walk through to grab information,” he said. “You’re both putting people’s privacy at risk, and you’re creating cybersecurity threats.” That’s the architecture of C-22 in a sentence. Mass data retention treats everyone’s location and device data as pre-collected evidence, stored in advance on the off-chance it becomes useful later. The bill’s most technically alarming section authorizes the Minister of Public Safety to issue secret orders compelling “core” electronic service providers, a category the government hasn’t fully defined yet, to build and maintain surveillance capabilities for law enforcement access. Providers who receive these orders are gagged. They cannot discuss them. The government included limits: these technical capabilities cannot require providers to retain message content, browsing history, or social media activity. They also cannot introduce “systemic vulnerabilities” that weaken encryption or authentication, or create “a substantial risk that secure information could be accessed by a person who does not have any right or authority to do so.” Compared to Bill C-2, C-22 does pull back in one meaningful area. Under the original proposal, police could have approached any service provider, including those bound by professional privilege like doctors and lawyers, to ask whether an individual was a client, for how long, from where, and whether the company knew of other providers who had dealt with that person, all without a warrant. C-22 limits warrantless inquiries to telecommunications companies only, and restricts the question to a simple yes-or-no: is this person a client? Any further information requires a warrant. The bill also creates a new warrant mechanism for Canadian police seeking data held by foreign, almost certainly American, tech companies. A Canadian judge can issue a production warrant that wouldn’t bind the foreign company legally but would give it legal cover to hand over data voluntarily. It’s a workaround, not a solution, and it depends entirely on the company’s willingness to cooperate. Some of the bill’s warrant requirements include a carve-out for “exigent circumstances,” when police argue that getting a warrant would be impractical due to urgency. That exception tends to expand over time. C-22 borrows several provisions from the Strong Borders Act, Bill C-2, which drew fierce opposition before stalling entirely with no movement since September 2025. Anandasangaree acknowledged the retreat explicitly. “One thing I’ve learned is that at times when more work needs to be done on a particular bill, you retreat and you come back. You come back with better consensus, better consultation, and better supports from across the board,” he said. The rework narrows some of C-2’s most aggressive powers. What it doesn’t change is the central premise: that electronic service providers should be required to organize and warehouse Canadians’ sensitive data on behalf of the state, held in readiness for law enforcement use. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Canada’s Bill C-22 Mandates Mass Metadata Surveillance of Canadians appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Microsoft wants your medical records. The company launched Copilot Health this week, an AI feature that pulls together personal health history from wearable devices, lab results, and hospital systems, then lets users ask questions about all of it in a single interface. That’s a significant amount of sensitive data landing in the hands of a company that, notably, isn’t legally required to treat it the way your doctor is. The feature sits inside Microsoft’s broader Copilot product and connects to medical records from over 50,000 US hospitals and healthcare organizations through a platform called HealthEx. Lab results come in through Function, a health tech company. Wearables from Apple, Oura, Fitbit, and more than 50 other manufacturers can link directly to the dashboard. The homepage aggregates step counts, appointment reminders, and other health signals depending on what users opt to share. It also offers access to provider directories, letting users search for doctors by specialty, location, language, and accepted insurance. Microsoft frames this as understanding your health, not replacing your doctor. What it’s actually building is a centralized health surveillance layer that sits above the fragmented ecosystem of hospitals, labs, and wearable companies and aggregates everything into one place. That may be genuinely useful. It also concentrates a significant amount of sensitive personal data in a product that is not HIPAA compliant. That last point matters more than Microsoft’s press release suggests. The Health Insurance Portability and Accountability Act exists to set security requirements for electronic health data and restrict how it can be used and disclosed. Hospitals and doctors who violate HIPAA face fines and potential criminal liability. Microsoft faces neither, because it doesn’t have to be HIPAA compliant to run Copilot Health. Dr. Dominic King, VP of health at Microsoft AI, addressed this directly ahead of the launch: “HIPAA is not required for a direct-consumer experience like this when you’re using your own data.” He went on to say: “However, at Copilot, we think it’s incredibly important that we’re meeting all the best standards out there. So, we will be announcing some updates here on our standing in terms of what are called ‘HIPAA controls.'” What those updates actually entail, King didn’t say. Microsoft does point to an ISO 42001 certification, an international standard covering responsible AI use, traceability, and transparency. It’s a real certification, shared with Microsoft 365 Copilot and Microsoft 365 Copilot Chat. It’s also not a substitute for HIPAA controls, and it doesn’t restrict what Microsoft can do with health data the way federal law restricts your physician. The company says health chats are “isolated from general Copilot and kept under additional access, privacy, and safety controls,” and that data from those chats isn’t used to train its AI models. Users can delete their health data or disconnect data sources at any time. These are big commitments. They’re also voluntary ones, which means Microsoft can revise them at any point by updating its privacy policy. There’s no regulatory backstop if it does. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Microsoft Copilot Health Centralizes Personal Medical Records appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. At a government forum on “hate speech” in Madrid, Spain’s Prime Minister Pedro Sánchez introduced a new digital project with a blunt name: HODIO. The acronym stands for Huella del Odio y la Polarización, translated as the Footprint of Hatred and Polarization. The plan is like a scoreboard for social media speech. A government system will monitor platforms, count what officials classify as hate speech, and release public rankings twice a year. The prime minister made clear that the rankings are meant to apply pressure. “We will publicly display the results so that everyone knows who stops hate, who looks away, and who makes a business out of hate,” Sánchez said. In short, the Spanish government will measure how much objectionable speech appears on major platforms, rate each company, and publish the results for public scrutiny. The system will run through OBERAXE, the Spanish Observatory against Racism and Xenophobia, a government body tasked with monitoring discrimination. OBERAXE will apply “recognized academic criteria,” according to Sánchez, to track the spread of hate speech online. Of course, the government defines what qualifies as hate speech. The same government then measures its presence across platforms. The numbers will become the basis for public rankings. Those rankings arrive with clear consequences. Platforms that perform poorly can expect public criticism, regulatory attention, and the possibility of legal pressure. Sánchez framed the process as a method of accountability. “From now, I think social media must be held publicly accountable for every piece of hate content they allow,” he said. HODIO enters a system that already exists. Sánchez described a coordination mechanism launched in July 2025 between the Spanish government and major technology companies, including Meta, X, Google, and TikTok. Representatives from the companies meet with officials each quarter. The meetings review examples of content that the government classifies as hate speech and discuss how platforms can remove more of it. According to Sánchez, the effort has already produced results. Platforms were deleting 22 percent of flagged content several months ago. The number now stands at 51 percent. He described that improvement as progress. He also called it insufficient. HODIO appears designed to push the number further upward. Public rankings can add a layer of pressure that private meetings lack. Sánchez used the forum to criticize anonymous speech online. He argued that social networks have lowered the barrier for hostility. Platforms have “reduced the cost of hating…because just one click is enough, almost always, from the cowardly anonymity that reinforces impunity and aggressiveness,” he said. The remark places anonymity in the center of the debate. Anonymous speech has long served whistleblowers, dissidents, and activists who face retaliation. In Sánchez’s framing, it serves aggressors who hide behind a screen. The difference in perspective reflects a broader policy direction. Governments across Europe are exploring identification requirements or age verification systems tied to social media accounts. HODIO is one piece of a broader set of proposals Sánchez highlighted during the forum. The Spanish government is pushing measures that include criminal liability for platform executives when illegal content appears on their services. Another proposal targets algorithmic systems that promote or recommend prohibited material. Sánchez also reiterated support for age verification rules that would prevent users under sixteen from accessing social networks. One item drew particular attention. The government is working with Spain’s public prosecutor to pursue what Sánchez described as “infringements committed by Grok, TikTok and Instagram.” The same government that defines hate speech will monitor it, measure it, and issue public ratings of companies based on compliance. Content can disappear from platforms before courts review the decision. Sánchez attempted to address the criticism during his speech. “We are not talking about those who say that we intend to censor,” he said. “We are not talking about uncomfortable opinions. On the contrary. We are talking about messages that, for example, compare people with plagues. Dehumanization again. That justify violence against women or that celebrate aggressions against women. Dehumanization again.” He argued that tech leaders abandoned that understanding when they “decided to impose their political agenda on social networks.” The claim arrived in a speech announcing a government program that monitors speech, scores companies based on removal rates, and coordinates with prosecutors investigating specific platforms. The HODIO reports will appear every six months. Each edition will rank the major platforms based on how much hate speech the system detects. For the companies involved, the incentive structure is clear: censor or else. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Spain’s HODIO Program to Monitor and Rank Social Media Platforms on “Hate Speech” appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. There are regulatory disputes. There are political disputes. And then there is the curious spectacle of a British media regulator cheerfully announcing that being sued in the United States is, apparently, a job well done. That, in essence, is the position of Melanie Dawes, the head of Ofcom, who has decided that legal warfare with American tech companies is proof that her agency’s censorship demand strategy is working. Which is a bit like a traffic warden declaring success because the drivers have begun throwing traffic cones at him. The clash sits inside Britain’s vast new regulatory machine known as the Online Safety Act, a piece of legislation that leads Ofcom to believe it has the power to fine foreign technology companies if they fail to deal with “harmful” speech online. What constitutes “harm” is, of course, decided by the state. And Ofcom has begun using those powers. One of the first targets was the message board 4chan. The platform received a fine from the regulator. Instead of quietly paying it, 4chan’s lawyers did something that appears to have surprised the regulator. They marched into the United States legal system. The dispute has quickly become less about one website and more about a fundamental disagreement between two legal traditions. Britain believes its regulator can impose obligations on foreign platforms run by foreign people on foreign servers. Many American lawyers believe the attempt runs straight into the constitutional wall known as the First Amendment to the United States Constitution. When Dawes appeared on the BBC’s Today program and was asked about the lawsuit, she sounded remarkably cheerful about the conflict. “We’ve seen quite a lot of pushback, but we expected that, and we will use all the tools at our disposal to keep forcing through that change. I mean, it’s very difficult for me to talk about individual investigations. That one remains live…we’ve got significant legal pushback in the US, but I see that as a sign that we’re having the impact we want.” It is an unusual standard for success. Most regulators prefer companies to quietly comply rather than launch cross-Atlantic constitutional fights. The Wider Offensive The dispute with 4chan is only one front. Ofcom has also sent letters to several of the largest social media companies demanding stronger age verification measures: Meta platforms such as Facebook and Instagram Snapchat ByteDance’s TikTok Google’s YouTube Roblox Corporation’s Roblox X Corp.’s X Dawes has given them until the end of April to respond. “I think they’re quite uncomfortable about this. We’ve given them a deadline of the end of April to come back to us. We’re strongly encouraging them to publish those letters when they come back to us. And whether they do or not, we will publish the responses in May. It’ll be a report card on the industry, on those six companies, and we will then follow up with enforcement action where we need to.” The regulator appears desperately eager to prove it can make American platforms sweat. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post UK Speech Regulator Chief Melanie Dawes Says US Free Speech Lawsuits Are “a Sign That We’re Having the Impact We Want” appeared first on Reclaim The Net.

This Post is for Paid Supporters Reclaim your digital freedom. Get the latest on censorship and surveillance, and learn how to fight back. SUBSCRIBE Already a supporter? Sign In. (If you’re already logged in but still seeing this, refresh this page to show the post.) The post Hackers Are Compromising Signal Accounts. Don’t Be Next. appeared first on Reclaim The Net.