Secure messaging service Signal yesterday became the latest company to warn that Bill C-22, the lawful access bill, could force it to leave the Canadian market rather than comply with provisions it says would compromise its end-to-end encryption and create new cybersecurity risks. Signal vice-president Udbhav Tiwari told the Globe and Mail that the company “would rather pull out of the country than be compelled to compromise on the privacy promises we have made to our users.” The comments are part of a steady stream of similar warnings from Apple, Meta, the Canadian Chamber of Commerce, the Cybersecurity Advisors Network, and the chairs of the U.S. House Judiciary and Foreign Affairs Committees. Despite growing concern, the government’s response has been to launch a misleading social media campaign and repeatedly insist that the experts and companies are mistaken.
Post Tagged with: "systemic vulnerabilities"
The Lawful Access Debate Begins: Canadians Should Pay Attention to What the Government Isn’t Saying
When the government introduced Bill C-2 last year, it buried the lawful access provisions at the end of an omnibus border security bill and said as little about it as possible. The strategy failed, the provisions were abandoned after widespread criticism, and the government spent months consulting stakeholders before trying again. Bill C-22, the Lawful Access Act, is the follow-up attempt. If the first day of House debate on the bill is any indication, the approach hasn’t changed, as the government is once again hoping no one notices what is actually in the bill.
Could Bill C-22 Make Canadians Less Safe? The Systemic Vulnerability Gap in Canada’s New Surveillance Law
The lawful access debate in Canada has to date focused on privacy concerns such as access to subscriber information, mandatory metadata retention, and international production orders. But there is another dimension to Bill C-22 that has received less attention and may matter even more to the daily security of Canadians: the risk that the bill’s surveillance-capability requirements and lack of clarity about systemic vulnerabilities will make Canadians less secure. The international experience with similar laws is not reassuring, as it points to risks of hacking, removal of security features that protect users, and reduced investment and innovation. Bill C-22 heads in much the same direction.
Recent Posts
The Online Streaming Act Bill Comes Due: Why the CRTC’s Latest Ruling Guarantees Years of Trade and Legal Battles 
The Government Tries to Make the Case for Bill C-22: Why Its Own Use Cases Reveal Disproportionate Overreach 
Tech Exodus: Why Bill C-22’s Privacy and Security Risks Will Drive Digital Services Out of the Country 
The Lawful Access Two-Headed Surveillance Monster: How Bill C-22 Went Off the Rails 
How Much Further Will Lawful Access Go?: Police Chief Tells Bill C-22 Hearing That Three Years of Metadata Retention Would Be “Ideal”
