Minister of Public Safety Gary Anandasangaree rises during Question Period in the House of Commons.Spencer Colby/The Canadian Press
Public Safety Minister Gary Anandasangaree faced calls from opposition MPs Tuesday to amend the federal government’s lawful access bill to ensure that it would not break or weaken digital encryption.
At a meeting of the Commons public safety committee, which is considering the bill, the minister was asked whether he would accept amendments to prevent it from introducing security vulnerabilities into digital systems.
The MPs’ calls to tighten up the wording of the bill coincided with tech giant Apple voicing concerns publicly about its implications for encryption and users’ privacy.
Lawful-access bill could threaten encryption, deter investment, Chamber of Commerce warns
Apple, whose products include iPhones, iPads and smart watches, the App Store, and music and TV streaming services, uses encryption to protect customers’ personal data.
In a statement, the company warned that “at a time of rising and pervasive threats from malicious actors seeking access to user information, Bill C-22, as drafted, would undermine our ability to offer the powerful privacy and security features users expect from Apple.“
“This legislation could allow the Canadian government to force companies to break encryption by inserting backdoors into their products – something Apple will never do.”
“We will continue our longstanding cooperation with governments to help protect public safety while also advocating tirelessly against any measures that would put users’ personal data at risk,” it added.
It warned that weakening encryption puts its users at greater risk of being preyed upon by criminals looking to exploit their data. That could include health and financial information, messages, photos and family members’ locations.
Tech companies such as Apple use encryption to protect customers’ personal data and to shield people from unlawful surveillance, identity theft and fraud. Human-rights activists, journalists and diplomats also use it to protect communications.
Apple warned that Bill C-22 would allow the government to issue secret orders weakening encryption. If a vulnerability exists, hackers and hostile nation-states will inevitably find and exploit it, it said.
The tech giant said it is talking to the federal government in an attempt to improve the bill.
Last year, Apple mounted a legal challenge to a demand from the British government to access encrypted customer data. Britain had targeted Apple’s Advanced Data Protection service, which encrypts personal data uploaded and stored remotely on the company’s cloud servers.
The British government asked Apple to create the ability to access the content via a backdoor. In response, Apple removed the ADP tool, its strongest data protection product, from Britain, saying that it had never built a backdoor or master key to any of its products or services and never will.
Opinion: Canada’s playing catch-up on digital lawful access
Bill C-22 would require telecoms, internet companies and other digital service providers in Canada to revamp their systems to give surveillance and monitoring capabilities to police services and the Canadian Security Intelligence Service.
Tech experts have warned that the changes proposed in Bill C-22 could allow hackers to exploit architecture incorporated into electronic systems, including those belonging to internet and telecom companies.
They have warned that the requirement for “core providers” – to be later defined through regulations – to retain metadata for up to a year could prove a new and valuable target for hackers.
The metadata would not include e-mails, web browsing history, social-media activity or text messages, but it could include information about which telephone numbers have been in touch with each other, and data allowing someone’s location to be pinpointed.
MPs raised concerns with ministers and senior federal officials in the committee hearing about the requirement on companies to retain metadata.
Conservative public safety critic Frank Caputo said he was concerned the bill could compromise encrypted communications. He asked whether Mr. Anandasangaree would support amendments that would define encrypted data, and the kind of metadata that would need to be retained.
Mr. Anandasangaree said the government would work in collaboration with the opposition parties to advance and strengthen the bill, which he said is a priority for law enforcement.
He described the bill as “encryption-neutral,” saying it would give law-enforcement officers tools needed to keep Canadians safe, while upholding their Charter and privacy rights.
Justice Minister Sean Fraser said the bill will enable law enforcement to get evidence they need to combat crime, including human trafficking and child exploitation, in a digital age.
RCMP Chief Superintendent Richard Burchill, director-general of technical investigation services, told the committee that metadata retention can help police investigate crimes such as kidnapping. It could include internet transmission data, such as timestamps, IP addresses and device identifiers. He said metadata, obtained with judicial authorization, could help link people to places – for example, whether someone had a vehicle or a phone at a certain time. Tower signalling data, he said, are helpful to locate people.
Conservative MP Rhonda Kirkland recommended that the government not “race to royal assent” and instead work to get the bill right.
She said past Liberal MPs had warned against previous attempts to bring in a lawful access bill, including the current Speaker of the House of Commons, Francis Scarpaleggia. In 2012, when he was Liberal public safety critic, he cautioned that a Conservative lawful access bill risked “creating an Orwellian service state.”
Then-public safety minister Vic Toews infamously said to Mr. Scarpaleggia that he could “stand with us or with the child pornographers.” The Conservative bill, facing criticism for overreach, was put on hold and then abandoned.