Public Safety Minister Gary Anandasangaree in Toronto last month.Arlyn McAdorey/The Canadian Press
Two American congressional committees are warning Canada’s Public Safety Minister that his department’s lawful-access bill could weaken both countries’ collective defences against hackers, harm U.S. national security and “fracture cybersecurity norms.”
In a letter to Gary Anandasangaree sent Thursday, the chairmen of the judiciary and foreign affairs committees also expressed concern that Bill C-22 would “drastically expand Canada’s surveillance and data-access powers in ways that create significant cross-border risks to the security and data privacy of Americans.”
Republicans Jim Jordan and Brian Mast, respectively, chair the judiciary and foreign affairs committees that oversee actions by foreign governments that threaten to weaken the security and privacy of Americans.
Meta warns lawful access bill would make tech companies a surveillance arm of government
Their letter warns that Bill C-22 sets a dangerous precedent that could “erode the mutual benefits of strong encryption standards.”
Bill C-22 would require telecoms, internet companies and other digital service providers operating in Canada to adjust their systems to allow surveillance and monitoring capabilities to police services and the Canadian Security Intelligence Service.
Apple and Meta earlier this week voiced deep concerns about the bill, including that it could compromise cybersecurity.
The congressional letter to Mr. Anandasangaree said American companies would face a difficult choice: “compromising the security of their entire user base – including U.S. citizens – or risking exclusion from the Canadian market.”
“Either outcome harms U.S. national security and economic interests by undermining trust in American technology and inviting reciprocal demands from other nations,” the letter said.
“Over time, these pressures will fracture global cybersecurity norms and weaken our collective defenses against malicious actors who exploit inconsistent standards.”
Bill C-22, now being considered by a Commons committee, is supported by police chiefs and CSIS.
The congressmen noted that powers in the bill grant Mr. Anandasangaree and future ministers the right to issue secret orders issuing demands to companies operating in this country. Canada’s intelligence commissioner would have to approve such orders.
“In practice, providers offering end-to-end encryption services will inevitably face directives to create backdoors and architectural changes that bypass or weaken encryption to enable ‘lawful’ interception or data extraction,” the letter says.
It warned that the bill could affect the privacy of people in the U.S. who expect robust encryption to protect sensitive communications, health data, financial records and personal correspondence from unwarranted intrusion.
The letter also warned that it could weaken defences against hackers, saying “a backdoor built to satisfy one government’s demands inevitably becomes a target for adversaries.”
It said that “once access points exist, they do not remain exclusive to lawful authorities – they become persistent, high value targets for our foreign adversaries.”
The letter referenced a widespread cyberattack in the U.S. in 2024, that lasted for months and exploited changes made earlier under its lawful-access regime.
The Salt Typhoon hackers, alleged to have been working on behalf of the Chinese state, exploited a lawful intercept infrastructure that U.S. telecoms were required by law to build. They were able to intercept phone calls and text messages, reported to include a number involving top U.S. political figures such as Donald Trump and his then-running mate JD Vance.
Mr. Anandasangaree has argued that the bill is urgently needed to help the police and CSIS combat threats and crime, saying Canada lags behind its Five Eyes intelligence partners, who include the U.S., in not having a lawful-access regime.
Simon Lafortune, the minister’s spokesperson, said the “concerns raised in this letter reflect a misunderstanding of how Bill C-22 would function in practice.”
He said it does not provide “indiscriminate access to devices or communications and does not require companies to weaken encryption and introduce so-called ‘backdoors’ into their products so that law enforcement can gain access to customer data.”
“The bill is focused on updating existing tools to address modern threats while maintaining clear safeguards for privacy and civil liberties.”
He said large corporations “already comply with lawful-access frameworks in multiple other jurisdictions, including in the United States."
Michael Geist, the University of Ottawa’s Canada Research Chair in internet and e-commerce law, said for months that Canadian privacy and security experts have been warning about the risks of Bill C-22.
“The government has tried to dismiss those warnings, arguing that we need to catch up with our Five Eyes partners,” he said. “But if the U.S. is now concerned the bill could harm its national security, the government’s claims ring hollow.”
Minister faces calls from MPs to amend lawful access bill to prevent compromising encryption
The issue is escalating in the midst of trade tensions with the United States. The U.S. has already raised concerns that Ottawa’s Online Streaming Act – which forces American streaming platforms including Netflix to promote Canadian content and finance Canada’s cultural industries and local news – is a trade irritant.
The U.S. has a lawful-access law that is not as broad as the powers proposed in Canada’s bill. The 1994 Communications Assistance for Law Enforcement Act requires telecom companies and internet service providers to design their networks to facilitate government wiretapping.
The U.S. law does not apply to “electronic service providers” – which could include social-media services and other businesses – as proposed in Canada. It does not, unlike Bill C-22, allow metadata from devices such as phones, which could allow locations to be tracked, to be retained for up to a year.
Tamir Israel, director of privacy, surveillance and technology at the Canadian Civil Liberties Association, said: “This letter from Congress should be a wakeup call to the government, which is currently rushing Bill C-22 through the legislative process at breakneck speed.”