What they're not telling you: # Canada's Bill C-22 Is a Repackaged Version of Last Year's Surveillance Nightmare Mass surveillance without warrants operates through mandatory metadata collection and government backdoor demands that force companies to create surveillance infrastructure while keeping the orders secret from the public. The Canadian government is making another run at digital surveillance legislation after last year's spectacular failure. Bill C-2 died in committee following fierce pushback from privacy advocates, yet the government's spring sequel, Bill C-22 (The Lawful Access Act), resurrects the same fundamental threats with cosmetic modifications.
# THE TAKE Bill C-22 is exactly what it appears to be: legislative necrophilia. Ottawa killed C-21 last November—not from principle, but optics. They've simply reanimated the corpse with minor cosmetic adjustments. The "enhanced border measures" framing remains unchanged: mass metadata collection, warrantless device inspection, backdoor access demands. The government stripped rhetorical fat, not operational scope. This is standard bureaucratic procedure post-backlash—rebrand, repackage, retry. What's instructive is the timeline. They're moving faster this cycle, banking on public amnesia and opposition fatigue. The digital rights community's 2024 victory created political capital they're now spending aggressively. The specificity matters: identical CBSA authority language, identical encryption carveouts, identical lack of meaningful judicial oversight. Only the bill number changed. Expect passage. Institutional memory in Canada's parliament is measured in news cycles.
What the Documents Show
The mainstream press has largely treated this as routine legislative business—a straightforward security measure for border protection. What they've downplayed is that this bill represents a deliberate second attempt to engineer mass surveillance infrastructure after the public rejected the first version. The mechanics of C-22 are straightforward but sweeping. The bill mandates that digital services—including telecoms, messaging apps, and potentially other platforms—record and retain metadata for a full year. The government frames this as necessary for law enforcement, but metadata reveals everything about your life except the content itself: who you communicate with, where you physically go, and when you do these things.
Follow the Money
Metadata is the infrastructure of behavioral profiling. The bill compounds this by expanding information sharing with foreign governments, including the United States, meaning Canadian citizens' data flows directly into the American intelligence apparatus. The mainstream coverage treats data sharing as a bilateral security cooperation issue; it obscures that Canadians have no legal recourse when their information is used by foreign governments operating under different privacy standards. Most dangerous is C-22's backdoor mechanism. The bill allows the Minister of Public Safety to demand that companies create surveillance backdoors to their services, granting law enforcement access to encrypted data—provided these mandates don't introduce a "systemic vulnerability." This language is the bill's trap door. The threshold is deliberately vague.
What Else We Know
Canadian officials have publicly stated they believe surveillance can be added without creating systemic vulnerabilities, a claim that contradicts cryptographic reality. Surveillance of encrypted communications is, by definition, a systemic vulnerability. The bill's definitions of both "systemic vulnerabilities" and "encryption" are loose enough to give the government wiggle room to demand companies circumvent encryption entirely. The overbroad language captures not just operating systems but apps as well. The secrecy provision is perhaps most Orwellian: companies are banned from revealing these backdoor orders even exist. This means tech companies cannot inform users that their communications are subject to government surveillance demands.
Primary Sources
- Source: EFF
- Category: Surveillance State
- Cross-reference independently — don't take our word for it.
Disclosure: NewsAnarchist aggregates from public records, API feeds (Federal Register, CourtListener, MuckRock, Hacker News), and independent media. AI-assisted synthesis. Always verify primary sources linked above.