Overview
- Public Safety Minister Gary Anandasangaree told reporters this week that the government will introduce amendments to Bill C-22 to clarify encryption protections and define what metadata may be retained.
- Major tech companies including Apple and Google told the House public safety committee they fear the bill’s secret ministerial orders and broad language could force firms to weaken end-to-end encryption or install access mechanisms that create exploitable vulnerabilities.
- The bill would require certain ‘core’ providers to build capabilities for lawful access and mandate retention of user metadata for up to one year, a retention period the government intends to keep in place despite privacy objections.
- Encrypted services and VPN providers such as Signal, DuckDuckGo and NordVPN have warned they may withdraw from Canada rather than compromise no-logs or encryption promises, raising risks to consumer choice and digital services availability.
- The legislation remains under fast-moving committee review with the minister pushing to pass it before Parliament’s summer break on June 19, leaving debating points on secrecy, judicial oversight and a narrow definition of ‘systemic vulnerability’ unresolved and likely to draw legal challenges.