Canadian Law Sparks Alarm Over Digital Privacy

Empty courtroom with wooden tables, chairs, and a door.

As Canada pushes a sweeping new “lawful access” bill, major tech companies are warning they may pull privacy tools from the country rather than help build a quiet surveillance system for millions of ordinary users.^[1]^[2]

Story Snapshot

Bill C-22 would force many digital services to build new technical tools so police and spy agencies can tap data they are already legally allowed to request.^[3]^[6]
Privacy-focused firms like Signal and several virtual private network providers say the bill could require breaking or weakening encryption, and they are openly weighing leaving Canada.^[1]^[2]
Digital rights groups warn the plan will create long-term data retention, secret orders, and pressure to add backdoor-style access, increasing hacking risks for everyone.^[1]^[4]
The fight mirrors wider fears on both left and right that Western governments are steadily trading away privacy and liberty in the name of safety, with little proof it helps.^[1]^[3]^[4]

What Bill C-22 Actually Does To Online Services

Bill C-22, the Lawful Access Act, would not give Canadian police and the Canadian Security Intelligence Service new powers to read messages on its own, but instead would force “electronic service providers” like phone companies, cloud hosts, and big apps to build and keep the technical tools needed to obey future court orders.^[3]^[5] The bill’s Part 2, called the Supporting Authorized Access to Information Act, creates that new framework and targets larger or more important providers first.^[3] Government summaries say the bill only covers data they are already allowed to get under current law, not new content powers.^[3]^[6]

The proposal lets the federal cabinet label certain companies as “core providers,” such as major telecom networks, satellite operators, and other big players, and then set detailed rules that tell them what interception, tracking, or data handover systems they must maintain.^[3] Public Safety Canada explains that these rules are supposed to be “tailored” to each class of provider and that small firms are not meant to face the same heavy demands as national networks.^[3] The law would also allow the Public Safety Minister to issue secret ministerial orders to any provider, core or not, when security officials claim there is an operational need.^[3]

Why Tech Companies Say This Threatens Encryption And Privacy

Critics argue that once the state can quietly order providers to build and keep surveillance-friendly features, it becomes almost impossible to protect true end-to-end encryption or limit how much data is stored on everyone.^[1]^[2]^[4] The Electronic Frontier Foundation notes that Bill C-22 would allow regulations that force many services to retain metadata on users for up to one year, even when those users are never suspected of a crime.^[1] Metadata includes who you contacted, when, where, and how often, which can reveal sensitive patterns about your life.^[1]

Digital rights experts warn that Part 2 would let the Public Safety Minister secretly order companies to add special access capabilities to their systems, as long as the government claims these changes do not create a “systemic vulnerability.”^[1]^[2] Technical critics point out that this phrase is vague and that any hidden access point for law enforcement is also a potential opening for hackers, foreign spies, or abusive insiders.^[1]^[4] Video explainers on the bill describe scenarios where location tracking tools and device identifiers for phones, watches, and tags could be collected in bulk without proof that a specific person committed or will commit a crime.^[2]^[6]

Government’s Safety Argument And Its Limits

The Canadian government says the bill is about speed, not new spying powers, stressing that law enforcement and the Canadian Security Intelligence Service already need warrants or other legal orders to get private information.^[3]^[6] Justice Department material states that new “confirmation of service” and subscriber information tools are meant to help officers find out if a service is even relevant to an investigation and then link basic account details to a suspect faster, but still with judicial approval and “reasonable suspicion.”^[6] Officials also promise that regulations cannot require storage of message content, web browsing history, or social media posts, only certain metadata.^[3]

Supporters argue that criminals and hostile states now use encrypted and online tools as a matter of course, and that without strong access systems, police and security services will fall behind.^[3]^[6] They frame C-22 as a way to modernize old wiretap laws so they fit the age of apps, cloud storage, and global platforms.^[3] The bill adds some checks, such as requiring the Intelligence Commissioner to approve ministerial orders and mandating public annual reports and a formal review of the law three years after it takes effect.^[3] For many critics, though, those safeguards do not answer deeper concerns about secret orders and structural pressures on encryption.^[1]^[4]

Why This Fight Matters Beyond Canada’s Borders

For Canadians of all political stripes, this clash hits nerves that are already raw: people on the right see another globalist-style push for more central control and data hoarding, while people on the left see state and corporate power joining to watch workers and vulnerable groups more closely.^[1]^[4] Civil liberties advocates note that similar “lawful access” plans in other countries often start with promises of tight limits, then slowly expand over time, helped by secret rulings and the fact that regular citizens rarely see how these systems work.^[1]^[4] Once companies build tracking and interception tools for one government, it becomes much easier for others to demand the same.^[1]

DuckDuckGo has joined a growing list of messaging and privacy-focused companies warning they will leave Canada if the Carney government proceeds with Bill C-22, legislation that would require tech firms to facilitate broad surveillance of users.https://t.co/l3ZzoN5mEc

— Juno News (@junonewscom) June 8, 2026

For Americans watching from across the border, C-22 looks like another test case that could set norms that big U.S. companies then copy or face pressure to match.^[1]^[4] If tech firms decide that the only safe way to protect strong encryption is to pull out of Canada, regular users may lose secure apps and privacy services, while less scrupulous platforms stay and comply.^[1]^[2] That outcome would fit a pattern many citizens now fear: powerful insiders trade away everyday freedoms in the name of safety, and the public pays the price in weaker security, less choice, and yet another blow to the promise that hard work in a free society will lead to a better life.^[1]^[4]