Signal, US lawmakers threaten action against Canada over Bill C-22 surveillance powers

US tech giants, lawmakers, and encrypted messaging services are opposing Canada’s proposed Lawful Access Act, with messaging platform Signal warning that it would rather withdraw from the country instead of complying should the bill be passed, given its current provisions.

Critics say the proposed bill, known as Bill C-22, if passed, would break encryption and mandate mass metadata collection.

Public Safety Minister Gary Anandasangaree introduced the bill, and it would require telecoms, internet companies, and messaging platforms to build surveillance capabilities for police and the Canadian Security Intelligence Service (CSIS). It would also compel core providers to retain user metadata for up to a year.

Signal draws a line on encryption

Udbhav Tiwari, Signal’s vice-president of strategy and global affairs, told reporters at The Globe and Mail that the company “would rather pull out of the country than be compelled to compromise on the privacy promises we have made to our users.”

Signal is known for its privacy features and stores almost no user data on its servers, keeping just phone numbers, last login timestamps, and account creation dates. Users’ messages, contacts, and other information stay on their own devices.

Apple has also signaled it might pull privacy features from Canada if the bill passes unchanged. This is not the first time it has made such a move, as it took a similar step in the United Kingdom last year, removing its Advanced Data Protection tool after the British government demanded access to encrypted user data.

US Congress raises cross-border alarm

Two American congressional committees escalated the pressure on the bill last week. Republicans Jim Jordan, chair of the House Judiciary Committee, and Brian Mast, who leads the Foreign Affairs Committee, sent a letter to Anandasangaree stating that the bill would “drastically expand Canada’s surveillance and data-access powers in ways that create significant cross-border risks to the security and data privacy of Americans.”

The letter highlighted that the bill could force US-based companies to weaken security for all users, including Americans, or exit the Canadian market entirely.

For both chairs, the two outcomes harm the “U.S national security and economic interests by undermining trust in American technology and inviting reciprocal demands from other nations.”

Backdoors don’t stay locked

The government’s claim that only law enforcement and CSIS would use the surveillance capabilities has been called out by critics who say that it ignores how backdoors work in practice.

There have been instances of breaches that hit telecommunications companies. Look at the 2024 breach of major US telecom companies by Chinese state hackers, who exploited access points created under America’s Communications Assistance for Law Enforcement Act (CALEA).

That US law is not as expansive as the C-22 because it does not cover messaging apps or cloud services, and it does not require preemptive metadata storage.

Meta’s Canadian public policy director, Rachel Curran, stated that the bill “could conscript private companies into service as an arm of the government’s surveillance apparatus.” She testified to the Commons committee examining C-22 that it could force companies to “build or maintain capabilities that break, weaken, or circumvent encryption.”

Anandasangaree says the bill is “encryption-neutral,” adding that tech companies are misinterpreting its safeguards.

However, Kate Robertson, a senior research associate at the University of Toronto’s Citizen Lab, told the Globe and Mail that when government officials were recently pressed to commit to protecting encryption, they were “reticent.”

The bill is currently before a Commons committee, and legal experts expect the metadata provisions to face judicial challenges based on the Supreme Court of Canada precedent establishing that metadata linking online activity to identity is private information.

Surveillance by various countries is currently on the rise. Telegram founder Pavel Durov has called out countries like France and Russia over censorship, stating that the former is not a free country, while also calling on Russians to form a digital resistance against the government’s attempts to block Telegram. 

Cryptopolitan also reported that smartphone makers like Apple, Google, and Samsung rejected moves by telecommunication providers in India to enable satellite location tracking that cannot be turned off by users.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.