Key Points:
- Apple and Google urged Canadian lawmakers to amend Bill C-22 to add strict judicial oversight to the government’s proposed surveillance powers.
- Tech executives warned that the bill’s current language could secretly force companies to build “backdoors” and break encryption.
- Bill C-22, the Lawful Access Act, requires core providers to retain user metadata, such as location and call logs, for up to one year.
- The Canadian Chamber of Commerce, representing 200,000 businesses, warned that the broad law could deter over $1 billion in tech investment.
Technology giants Apple and Google have united to warn Canadian lawmakers that a proposed digital surveillance bill threatens to severely compromise user privacy and cybersecurity. Testifying before the House of Commons Public Safety and National Security Committee, executives from both companies urged the federal government to amend Bill C-22, also known as the Lawful Access Act, 2026. The companies are pushing to add mandatory judicial oversight to the legislation to prevent the government from issuing secret ministerial orders to break encryption and modify consumer software.
The contentious legislation, which has already passed two of its three readings in the House of Commons, seeks to modernize Canada’s lawful access regime to help police track digital evidence during investigations. Under the current draft, Bill C-22 requires “core” telecommunications and electronic service providers to build technical capabilities that allow law enforcement and Canada’s spy agency, CSIS, to access user data quickly and consistently. Furthermore, the bill mandates that these providers store user metadata—including private call logs and real-time device location data—for up to one year.
While both tech companies stated that they respect the government’s desire to support law enforcement, they warned that the bill’s broad language creates an unacceptable risk to digital safety. Erik Neuenschwander, Apple’s senior director of user privacy and child safety, testified that encryption protects citizens from identity theft, financial fraud, and unlawful surveillance. He warned that Bill C-22, as drafted, would force companies to break encryption by inserting backdoors into their consumer products. He declared flatly that building a backdoor is “something Apple will never do.”
To illustrate the danger of built-in backdoors, Neuenschwander pointed to the devastating 2024 Salt Typhoon cyberattack, in which Chinese state-sponsored hackers exploited wiretap access points embedded in U.S. telecommunications systems. He explained that engineers cannot deploy encryption technology that provides access only to the “good guys” without simultaneously creating new entry points for malicious cybercriminals. He warned that because the U.S. wiretap law exploited by Salt Typhoon was narrower than Bill C-22, the cybersecurity consequences of Canada’s proposed law could be significantly worse.
Google’s senior director for security policy, Kate Charlet, and Director of Government Affairs in Canada, Jeanette Patell, echoed these warnings. Patell told members of parliament that the bill could force Google to dismantle its own security features, ultimately facilitating foreign interference and opening the door to cybercriminals. Charlet added that the bill gives the Minister of Public Safety broad authority to compel product redesigns without public notice or judicial oversight. She warned that no comparable jurisdiction in the democratic world operates a surveillance regime of this breadth.
The corporate opposition is part of a growing, nationwide backlash against the Liberal government’s security bill. The Canadian Chamber of Commerce, which represents approximately 200,000 businesses across the country, has heavily criticized the legislation. Business advocates warn that signaling to global markets that Canadian-held data is uniquely exposed will severely deter foreign capital. They project that the passage of the bill in its current form could cost the country’s technology sector over $1 billion in deterred venture capital and corporate investments.
Furthermore, privacy-focused software providers are threatening to exit the Canadian market entirely if the government passes the bill. Udbhav Tiwari, the global vice-president of encrypted messaging app Signal, announced that the company would rather withdraw its services from Canada than compromise its end-to-end encryption promises. The threat mirrors a similar standoff in the United Kingdom last year, in which Apple and other tech firms threatened to withdraw certain cloud-based services after the British Home Office issued a draft backdoor order under its updated Investigatory Powers Act.
In contrast, Canadian law enforcement agencies are actively defending the proposed legislation, arguing that the system must keep pace with increasingly sophisticated criminal networks. Toronto Police Chief Myron Demkiw, speaking on behalf of the Canadian Association of Chiefs of Police, testified that the current inability to access key digital evidence hampers investigators’ capacity to gather timely evidence and prevent the escalation of offenses. Police officials argue that the bill’s safeguards are sufficient and accuse the tech giants of misinterpreting the law’s scope.
As the parliamentary committee enters the final stages of its study, the debate over Bill C-22 highlights the delicate balance between national security and digital rights. Because Apple and Google’s software powers over 99 percent of all cellphones and tablets in Canada, any legislated security vulnerability would immediately impact the daily lives of millions of citizens. Forcing technology firms to deploy insecure software or exit the country will ultimately make Canadians less safe, proving that true cybersecurity requires protecting, rather than breaking, the encryption that secures modern life.
