What they're not telling you: # Canada's Bill C-22 Is a Repackaged Version of Last Year's Surveillance Nightmare The Canadian government is pushing the same dangerous surveillance bill it tried last year, merely repackaged with cosmetic changes designed to slip past privacy advocates who already defeated it once. Last year's Bill C-2 promised to strengthen "border security" while gutting digital rights protections—so comprehensively that it collapsed under privacy community pressure before even reaching committee. Rather than abandon the agenda, lawmakers have renamed it Bill C-22, the Lawful Access Act, and reintroduced it this spring with minor tweaks that preserve its core surveillance architecture.
# THE TAKE: Canada's Surveillance Carousel Never Stops Bill C-22 isn't repackaged—it's *refined*. The CBSA gets broader warrantless digital search powers, metadata collection expands under the guise of "threat assessment," and telecommunications providers face mandatory data-sharing without judicial oversight. Last year's rejection wasn't a victory; it was a pause for legislative cosmetics. What changed? Rhetorical framing. "Border security" became "national security." Committees got earlier briefings to neutralize opposition before public hearings. The tech community's 2024 resistance dissolved—they're negotiating exemptions instead of opposing the framework itself. The NSA's playbook: push, retreat, resurface incrementally. Canada's Parliament performs oversight theater while the actual architecture—signals intelligence integration with Five Eyes, warrantless targeting of "persons of interest"—moves forward through administrative channels nobody reads. This passes. It always does.
What the Documents Show
The mainstream media narrative frames this as balanced security policy; what's actually happening is the government is attempting an end-run around legitimate democratic opposition. The bill's central mechanism would force digital services—including telecoms, messaging apps, and other platforms—to record and retain metadata on all users for a full year. This is more than bureaucratic data collection. Metadata reveals intimate details: who you communicate with, where you travel, and when you do these things. The bill simultaneously expands information sharing with foreign governments, including the United States, meaning Canadian metadata could flow across borders with minimal oversight.
Follow the Money
The logic of creating vast repositories of personal information is elementary: more data stored means more targets for bad actors seeking to breach company systems. The bill incentivizes exactly the kind of data theft Canadians have experienced repeatedly. But metadata retention is the opening move. Bill C-22's most dangerous provision allows the Minister of Public Safety to demand that companies build backdoors into their encrypted services—provided these backdoors don't create a "systemic vulnerability." This language is the bill's poison pill. Canadian officials have publicly claimed it's possible to add surveillance capabilities to encrypted systems without creating systemic weaknesses. This is technically false.
What Else We Know
Surveillance of encrypted communications is, by definition, a systemic vulnerability. The bill's definitions of both "systemic vulnerabilities" and "encryption" are deliberately vague, leaving government officials enormous wiggle room to demand companies circumvent encryption while claiming compliance with the law. The overbroad language captures everything from apps to operating systems. There's another layer: the bill explicitly bans companies from revealing these backdoor orders even exist. Citizens cannot know they're being surveilled. The combination—secret orders, encryption circumvention, mandatory data retention, and cross-border sharing—creates an surveillance apparatus where ordinary Canadians have no visibility into how their digital lives are monitored.
Primary Sources
- Source: EFF
- Category: Surveillance State
- Cross-reference independently — don't take our word for it.
Disclosure: NewsAnarchist aggregates from public records, API feeds (Federal Register, CourtListener, MuckRock, Hacker News), and independent media. AI-assisted synthesis. Always verify primary sources linked above.