Apple, Meta oppose Canada’s Bill C‑22

Canada’s Bill C‑22 is a lawful-access bill. That sounds narrow. It isn’t. The fight is really about whether the government can require tech companies to make their systems easier to reach once a judge has authorized access — and whether that slides into weaker encryption for everyone. This week, Meta said the bill goes too far, and Apple separately warned that Canada is heading toward the same collision other governments have had with end-to-end security. ### What is Bill C‑22, exactly? It’s a two-part federal bill introduced on March 12, 2026. Part 1 updates Criminal Code tools for getting subscriber, transmission, and related data during investigations. Part 2 is the more explosive piece. Ottawa says it does not create new powers to intercept communications. Instead, it would require certain electronic service providers to build and maintain the technical ability to comply with existing lawful orders. (about.fb.com) ### Why are Apple and Meta mad about Part 2? Because “maintain the capability” is where the argument lives. In the government’s framing, that means police and CSIS should not hit a dead end after getting legal authorization. In Meta’s framing, the same language could pressure companies to build or preserve ways around encryption, zero-knowledge systems, or other security designs that intentionally prevent provider access in the first place. Meta also said the bill could force providers to install third-party surveillance tools on their own systems. (parl.ca) ### What did Meta actually do this week? Meta didn’t just post a blog. It appeared before the House of Commons Standing Committee on Public Safety and National Security on May 7. Rachel Curran, Meta’s director of public policy for Canada, told lawmakers that Part 1 could work with narrower amendments, but Part 2 has sweeping powers, weak safeguards, and too little oversight. Meta asked for amendments that would explicitly bar requirements that weaken encryption and would give companies a clearer way to challenge bad orders. (canada.ca) ### Where does Apple fit in? Apple’s public line is the familiar one — privacy is a fundamental right, and backdoors do not stay limited to “good guys.” Apple has not posted a big standalone policy page here, but its statement to Canadian outlets was blunt: it will never build a backdoor into its products. That matters because Apple’s security model increasingly depends on designs where even Apple cannot read certain user data. A law that says providers must stay technically capable of helping can clash directly with that design choice. (about.fb.com) ### Why does the government think this is necessary? Ottawa’s pitch is straightforward. Criminals use modern networks, messaging apps, and connected devices. Investigators can already get warrants and production orders, but outside older telecom rules, provider assistance is often voluntary or technically unavailable. The government says that gap can stall or kill investigations into child exploitation, extortion, organized crime, terrorism, and foreign interference. (mobilesyrup.com) So Bill C‑22 tries to make lawful orders actually executable. ### Why do critics say that logic still breaks encryption? Because encryption is not a door you can open only for one side. If a service is truly end-to-end encrypted or zero-knowledge, the provider often cannot access the content by design. Requiring “exceptional access” is basically requiring a weakness, an alternate route, or a privileged implant. Call it a backdoor, a compliance interface, or technical assistance — the security tradeoff is the same. (canada.ca) Once that route exists, other governments will want it too, and attackers will try to find it. That’s the core objection. ### Where is the bill now? Bill C‑22 passed second reading on April 20 and is now at committee in the House of Commons. That means the important phase is not over — it’s starting. Committee amendments could narrow Part 2, add stronger challenge rights, or spell out that encryption weakening is off-limits. Or lawmakers could leave the language broad and force the real fight into courts and corporate product decisions later. (about.fb.com) ### Bottom line This is not just a Canada story. It’s the recurring global fight between lawful access and systems designed so nobody — including the provider — can get in. If Canada keeps Part 2 broad, companies will have to choose between redesigning security, carving out local exceptions, or pulling features from the market. That’s why Apple and Meta are making noise now, before the bill hardens into law. (about.fb.com) (parl.ca)