Apple and Meta are publicly opposing portions of Canada’s proposed lawful access legislation, warning that Bill C-22 could weaken encryption protections, introduce systemic cybersecurity risks, and force technology companies to facilitate government surveillance capabilities.
The criticism centers primarily on Part 2 of Bill C-22, a controversial section that would require electronic service providers to maintain technical capabilities allowing law enforcement and intelligence agencies to access data under authorized orders. While the Canadian government insists the legislation is “encryption neutral,” both firms argue the bill’s wording could effectively compel providers to undermine end-to-end encryption.
Apple issued a sharply worded statement this week, saying the proposal threatens the privacy and security protections built into its products.
“At a time of rising and pervasive threats from malicious actors seeking access to user information, Bill C-22, as drafted, would undermine our ability to offer the powerful privacy and security features users expect from Apple,” the company stated. “This legislation could allow the Canadian government to force companies to break encryption by inserting backdoors into their products – something Apple will never do.”
Meta delivered similar concerns during testimony before Canada’s Standing Committee on Public Safety and National Security on May 7. Rachel Curran, Meta’s Director of Public Policy for Canada, warned lawmakers that Part 2 grants sweeping powers with insufficient safeguards and unclear legal definitions.
Meta argued the bill could require companies to “build or maintain capabilities that break, weaken, or circumvent encryption” and potentially force providers to install government spyware directly into their systems. The company also criticized vague language surrounding “systemic vulnerabilities,” noting the legislation lacks a clear process for firms to challenge problematic government orders.
Canadian officials say the bill is necessary to modernize investigative tools for the digital era and address difficulties police face when requesting subscriber information or electronic evidence from providers.
According to the Department of Justice, Part 1 of Bill C-22 introduces narrower investigative measures, such as subscriber information production orders and “confirmation of service” demands, designed to help police determine whether providers hold relevant account data. The government says these tools include judicial oversight, review mechanisms, and limits preventing warrantless access to message content.
However, the broader technical assistance obligations in Part 2 go much further. Meta warned that creating lawful access mechanisms inevitably introduces exploitable weaknesses, pointing to the fallout from the China-linked “Salt Typhoon” cyberattacks that targeted telecommunications infrastructure.
The company also noted that several allied governments have recently retreated from similar proposals. France and Sweden abandoned encryption-related surveillance plans last year, while Apple withdrew its Advanced Data Protection service from the UK after British authorities reportedly demanded backdoor access capabilities.
Public Safety Minister Gary Anandasangaree’s office has rejected claims that the legislation mandates encryption backdoors, stating that “nothing in Bill C-22” compels companies to weaken security protections. Government officials maintain the proposal aligns Canada with lawful access frameworks already used across other G7 and Five Eyes nations.
Meta urged lawmakers to split Part 2 from the broader bill and amend provisions involving surveillance tooling, encryption protections, and company appeal rights. Apple has likewise indicated it is pushing for changes behind the scenes while maintaining that it will not build backdoors into its products.
Leave a Reply