Open this photo in gallery:
Public Safety Minister Gary Anandasangaree rises during Question Period in the House of Commons on Wednesday.Spencer Colby/The Canadian Press
Public Safety Minister Gary Anandasangaree is preparing to make several changes to the federal government’s controversial lawful-access bill, including ensuring the addition of protections for end-to-end encryption, after weeks of criticism from tech companies and civil-liberties groups.
Mr. Anandasangaree told reporters Wednesday that he wants to make sure the legislation, known as Bill C-22, “is in line with Canadian values.” He said the government would amend the bill to make it clear that encryption would not be compromised by the new law.
The Canadian Chamber of Commerce, privacy and civil-liberties advocates and tech companies including Apple, Google and Meta have warned that the bill, designed to help law enforcement investigations, could compromise cybersecurity and users’ privacy.
Speaking to reporters Wednesday, Mr. Anandasangaree said the proposed legislation is about ensuring that law enforcement has the right tools to carry out investigations. But he said he would work “in a collaborative manner to ensure that we listen and respond to some of the concerns that have been expressed.”
“So whether it’s on encryption, whether it’s on ensuring that our laws are in line with Five Eyes partners, including the U.S., we will respond in time and ensure that the bill is strengthened, and it will go forward in a manner that … protects, has charter protection, as well as is in line with Canadian values,” he said.
MPs considering the bill in a Commons committee had until Wednesday afternoon to submit amendments.
Mr. Anandasangaree said law-enforcement agencies are “really struggling” with crimes, including extortion, sextortion and childhood sexual exploitation, because technology is outpacing the capabilities of police.
Federal watchdog says lawful-access bill poses privacy risks
The current version of Bill C-22 would require telecoms, internet companies and other digital service providers to make changes to their systems to give surveillance and monitoring capabilities to police services and the Canadian Security Intelligence Service.
Tech companies have warned that a requirement in the bill for them to retain metadata for up to a year could prove a new and valuable target for hackers.
The metadata would not include e-mails, web-browsing history, social-media activity or text messages, but it could include information about which telephone numbers have been in touch with each other, and data allowing someone’s location to be pinpointed.
The Public Safety Minister told reporters that the government is “working on a number of amendments.” But he suggested that he will not budge on requiring electronic service providers to retain up to a year’s worth of metadata to help law enforcement with their investigations.
He told The Globe and Mail in an interview that “one year seemed to be like the consensus from law enforcement as a reasonable time frame for the investigation to commence, to develop.”
“By the time they realize that this data may be required, it may be seven, eight, nine months. So that’s how they’ve come up with the one year,” he said.
He added that the government is working on changes to the bill to make clear “on encryption that it will not, it cannot be compromised.” He said the new wording would be very similar to language in the U.S. lawful-access law, which is narrower in scope than Canada’s proposed regime.
U.S. Congress warns Ottawa’s lawful-access bill could weaken defences against hackers
Earlier this month, two U.S. congressional committees wrote to Mr. Anandasangaree warning that Canada’s proposed lawful-access law could weaken both countries’ collective defences against hackers, harm U.S. national security and “fracture cybersecurity norms.”
Bill C-22 says that an electronic service provider would not be obliged to comply with ministerial orders or regulations if doing so would require the company to introduce a “systemic vulnerability.”
But tech companies, the Canadian Civil Liberties Association, the federal Privacy Commissioner and others have warned that the definition may currently be too imprecise to minimize privacy and cybersecurity risks.
Mr. Anandasangaree said the government is “looking at” tightening up the definition of a systemic vulnerability, in response to concerns raised.
He also indicated that he would be prepared to clarify wording on providing compensation for companies asked to make changes to their systems to aid law enforcement and CSIS.
He told The Globe, “There’s nothing preventing us from compensating, but I think what we need to figure out is what those circumstances are.”
He said there is “no indemnification provision” in the bill that would mean the government would cover costs incurred by companies if they were the target of a cyberattack resulting from adjustments to their system under the lawful-access regime.
A widespread cyberattack in the U.S. in 2024 resulted from changes made under its lawful-access regime. The Salt Typhoon hackers, alleged to have been working on behalf of the Chinese state, exploited a lawful-intercept infrastructure that U.S. telecoms were required by law to build.
The hackers were able to intercept phone calls and text messages, reported to include a number of top U.S. officials, as well as Donald Trump and JD Vance.
Signal warns it would pull out of Canada if made to comply with lawful access bill
Referring to tech giants that have raised privacy concerns about Bill C-22, Mr. Anandasangaree suggested they themselves should do more to protect Canadians’ privacy.
“We’re living in a world where big tech, whether it is Apple, Google or the range of other big tech companies, are operating without any type of accountability, without any type of protection of privacy,” he told reporters.
“The companies that are coming forth and saying, talking about privacy, talking about privacy protection, talking about vulnerabilities, better step up and provide their path to how they’re protecting the privacy rights of Canadians.”
Speaking to reporters, Conservative Leader Pierre Poilievre said the bill would “try to turn the entire tech sector into a gigantic surveillance arm of the state, which will kill many jobs and drive many of the best businesses out of our country.”
NDP Leader Avi Lewis told reporters that he had “massive concerns” about the bill, and its potential impact on the privacy of Canadians.
The Conservatives and Bloc Québécois have asked for more time to consider the complex bill at committee, blaming the government for rushing it through with only three meetings to question experts.
Conservative public safety critic Frank Caputo told The Globe that he was disappointed that the government “has chosen to give such an important bill inadequate scrutiny.”
Conservative Rhonda Kirkland, who also sits on the public safety committee, said, “Getting this right matters more than moving fast.”
