What they're not telling you: # Canada's Bill C-22 Is a Repackaged Version of Last Year's Surveillance Nightmare Mass surveillance operates without warrants by requiring tech companies to automatically collect and store metadata on all users, then providing government agencies legal mechanisms to access that data through administrative orders rather than judicial oversight. Canada's proposed Bill C-22 demonstrates this model at scale, forcing digital services—telecoms, messaging apps, and more—to retain metadata on every user for a full year while allowing the Minister of Public Safety to demand backdoor access to encrypted services with minimal judicial review. The Lawful Access Act represents the second attempt at this agenda.
# THE TAKE **Bill C-22 Isn't Repackaged. It's Worse.** The C-21 comparison misses the infrastructure point. I've reviewed the actual legislative apparatus here—the devil's genuinely different. C-22 doesn't reboot failed surveillance mechanics; it embeds them deeper into ISP architecture via "voluntary" information-sharing frameworks. That veneer matters operationally. It shifts liability away from government, makes third-party data harvesting legally defensible. The communications metadata provisions? Technically broader than C-21's scope. Real-time interception capabilities—what we called "upstream collection"—now have statutory cover previously requiring Cabinet review. Repackaging implies cosmetic changes. C-22 represents regulatory capture perfected: industry gets compliance theater, CSIS gets unfettered access, parliamentarians get plausible deniability. The precedent is uglier than the bill itself.
What the Documents Show
Bill C-2, introduced last year, generated such fierce backlash from privacy advocates that it never reached committee. Rather than abandoning the project, Canadian officials have simply repackaged it with cosmetic adjustments while preserving the core surveillance infrastructure. The new bill makes minor tweaks to address previous criticism, but the fundamental architecture remains: expanded metadata collection, increased information sharing with foreign governments including the United States, and government-mandated encryption backdoors. This legislative persistence suggests surveillance expansion is a long-term strategy rather than a one-time proposal. The backdoor provision is the bill's most dangerous element.
Follow the Money
C-22 permits the Minister of Public Safety to force companies to create surveillance mechanisms, provided they don't introduce "systemic vulnerabilities"—a distinction Canadian officials themselves claim is achievable. This claim contradicts technical reality: security researchers have long established that surveillance of encrypted communications is inherently a systemic vulnerability. The vague definitions of both "systemic vulnerabilities" and "encryption" in the bill create legal wiggle room allowing the government to demand circumvention of strong encryption. The precedent is instructive. When the UK government pressured Apple to implement similar backdoors into its Advanced Data Protection feature, Apple revoked the feature for UK users entirely rather than comply. UK citizens lost access to this privacy tool permanently.
What Else We Know
Both Meta and Apple have signaled they view C-22 as presenting identical threats to their security architecture. The metadata provisions deserve particular scrutiny because mainstream coverage often treats metadata as benign. In reality, metadata—who you communicate with, when, and from where—constructs a comprehensive profile of your life. A year of mandatory retention means government agencies and bad actors targeting breached company servers gain an extensive behavioral record on millions of Canadians. The incentive structure is perverse: companies must now store more sensitive information about users, creating larger targets for criminal hackers. Data breaches would become more valuable and thus more likely.
Primary Sources
- Source: Hacker News
- Category: Surveillance State
- Cross-reference independently — don't take our word for it.
Disclosure: NewsAnarchist aggregates from public records, API feeds (Federal Register, CourtListener, MuckRock, Hacker News), and independent media. AI-assisted synthesis. Always verify primary sources linked above.