Overview
- Google filed a formal submission on Monday warning that Bill C‑22’s secrecy powers and a narrow definition of “systemic vulnerability” could let ministers issue secret orders that force companies to weaken or redesign encryption.
- Apple and Google executives told the House public safety committee on Tuesday that the bill risks creating backdoors that cybercriminals or foreign actors could exploit and they urged courts to review any orders.
- The federal privacy commissioner testified on Wednesday and recommended narrowing retention mandates, allowing his office to probe breaches tied to the law, and spelling out that core authentication and encryption methods must not be weakened.
- Committee MPs including Conservatives are preparing amendments to limit ministerial powers, add transparency and tighten proportionality rules as the government says it will consider changes but denies the bill mandates mass surveillance.
- If passed as written the bill would require designated providers to build new technical capabilities and retain user metadata for up to one year, a change experts say would increase attack surfaces, risk cross‑border legal conflicts, and could prompt some services to reduce or withdraw operations in Canada.