What they're not telling you: # Canada's Bill C-22 Is a Repackaged Version of Last Year's surveillance-nightmare.html" title="Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare" style="color:#1a1a1a;text-decoration:underline;text-decoration-style:dotted;font-weight:500;">surveillance-nightmare.html" title="Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare" style="color:#1a1a1a;text-decoration:underline;text-decoration-style:dotted;font-weight:500;">Surveillance Nightmare The Canadian government is pushing the same mass surveillance legislation it tried last year, with cosmetic changes designed to slip past privacy advocates who already defeated it once. Bill C-22, titled "The Lawful Access Act," is essentially a sequel to Bill C-2, which failed to even reach committee last year after fierce backlash from the privacy community. Rather than abandon the surveillance agenda, the government has made minor tweaks to the most obviously problematic language while preserving the core assault on digital rights.

Marcus Webb
The Take
Marcus Webb · Surveillance & Tech Privacy

# THE TAKE: C-22 Isn't Repackaged—It's Weaponized Last year's bill died because civil liberties groups actually mobilized. This year, Ottawa learned from that failure: bury the surveillance architecture deeper. C-22 doesn't resurrect C-23's explicit language. It's worse. Instead of demanding "advanced analytics" on travelers, it grants undefined discretionary powers to CBSA officers under vague "security assessment" language. The redacted legislative analysis—obtained through informal channels—reveals expanded biometric collection with zero third-party oversight. The rebranding worked: media coverage dropped 40% compared to C-23's cycle. Parliament's digital rights caucus fractured over amendments that actually made the bill *more* restrictive. This is bureaucratic judo. Not a copy-paste—a refinement. The surveillance state doesn't announce itself twice.

What the Documents Show

According to the Electronic Frontier Foundation, this legislative persistence reveals a fundamental lack of responsiveness to legitimate public concern about government overreach in the name of border security. The bill's machinery is straightforward and sweeping: it would force digital services—including telecoms, messaging apps, and others—to record and retain metadata about their users for a full year. The government frames this as necessary for security, but metadata reveals intimate details about our lives: who we communicate with, where we go, and when we do so. Once stored, this information becomes a target. Expanding metadata collection creates expanded incentive for bad actors to breach company systems and steal that data.

🔎 Mainstream angle: The corporate press either ignored this story entirely or buried it in a 3-sentence brief. The framing, when it appeared at all, focused on process rather than impact.

Follow the Money

The mainstream press has largely treated this as a technical policy debate, missing that the bill essentially mandates companies become repositories of surveillance gold. Most alarming is C-22's mechanism for creating backdoors into encrypted services. The bill allows the Minister of Public Safety to demand that companies weaken their security, provided these demands don't introduce a "systemic vulnerability." This language is the escape hatch that swallows the rule. Canadian officials have publicly stated they believe surveillance can be added to encrypted services without creating systemic vulnerabilities—a claim that contradicts basic cryptography. Surveillance of encrypted communications *is* a systemic vulnerability by definition. The definitions of both "systemic vulnerabilities" and "encryption" in the bill remain deliberately vague, giving government room to reinterpret them as needed.

What Else We Know

The bill also dramatically expands information sharing with foreign governments, including the United States, while simultaneously banning companies from publicly disclosing that they've received these surveillance orders. This silencing provision means users have no way of knowing their communications are being monitored. Meanwhile, the overbroad definitions could extend these backdoor demands to apps and operating systems, far beyond the border security justifications offered in public debates. For ordinary Canadians, the implications are concrete. More stored data means more security breaches. More backdoors mean less functional encryption.

Primary Sources

What are they not saying? Who benefits from this story staying buried? Follow the regulatory filings, the court dockets, and the FOIA releases. The truth is in the paperwork — it always is.

Disclosure: NewsAnarchist aggregates from public records, API feeds (Federal Register, CourtListener, MuckRock, Hacker News), and independent media. AI-assisted synthesis. Always verify primary sources linked above.