U.S. representatives are warning Public Safety Minister Gary Anandasangaree that the federal government’s lawful access bill could create “significant” risks to the security and data privacy of Americans.
“Canada’s Bill C-22, currently under consideration in Parliament, would drastically expand Canada’s surveillance and data access powers in ways that create significant cross-border risks to the security and data privacy of Americans,” they wrote in the letter.
The letter said the bill would allow Canadian government officials to compel American companies operating in Canada to “build backdoors into their encrypted systems,” which would introduce vulnerabilities for users in both countries that could be exploited by hackers, foreign adversaries, and cyber criminals.
The Epoch Times reached out to the minister’s office for comment but didn’t hear back by publication time.
Bill C-22 says a service provider would not be required to develop, implement, assess, test, and maintain operational and technical capabilities for authorized persons to access encrypted data and information if doing so would introduce a “systemic vulnerability.” However, Jordan and Must said the term is vague and subject to a future regulatory process.
The U.S. representatives also raised concern that the bill empowers the public safety minister to issue “secret ministerial orders,” that would only be subject to the intelligence commissioner’s review and kept confidential, and would allow the minister to issue “targeted demands” to individual providers.
“In practice, providers offering end-to-end encryption services will inevitably face directives to create backdoors and architectural changes that bypass or weaken encryption to enable ‘lawful’ interception or data extraction,” they wrote in the letter.
They noted similar laws in other countries, such as the UK, where the government reportedly issued a “secret order” compelling Apple to provide access to users’ encrypted cloud data, which was not even accessible by Apple. This ultimately weakened encryption protections for 35 million iPhone users in the UK in February 2025, the U.S. representatives said.
Incidents like these directly threaten the privacy of people in the United States “who expect and depend upon robust encryption to protect sensitive communications, health data, financial records, and personal correspondence from unwarranted intrusion,” Jordan and Must said.
“Bill C-22 sets a dangerous precedent that could erode the mutual benefits of strong encryption standards,” they said, adding that American companies operating in Canada would either have to compromise the security of their user base, including U.S. citizens, or risk being excluded from the Canadian market.
Modernizing Police Tools
Bill C-22 passed second reading in the House of Commons last month and is currently under study by the public safety and national security committee.Fraser said new powers granted in the bill would be especially helpful in cracking down on organized crime, child sexual exploitation, drug trafficking, and human trafficking. He said law enforcement would be able to make a “simple request” during an investigation involving a phone number or IP address, and ask the provider whether the phone number or IP address is on their network.
“If the network comes back and says, ‘yes, in fact, it is,’ that would allow us to move forward with a process that would be approved by a judge,” he added.
Meanwhile, tech giant Meta has warned that Bill C-22 could compel companies to support government surveillance of Canadians’ private information.
“As drafted, the bill could require companies like Meta to build or maintain capabilities that break or undermine encryption and force providers to install government spyware directly on their systems,” Curran said.
She noted that it is not possible to build “back doors” to encrypted systems for law enforcement without creating vulnerabilities that could be exploited by “malicious actors.”
