Signal and Windscribe Just Put Bill C-22 on Trial

When privacy companies say Ottawa’s lawful-access bill could drive them out of Canada, ministers should stop selling reassurance and publish the safeguards.

The Carney government’s Bill C-22 is no longer an abstract Ottawa privacy debate. It is now a competitiveness warning: if Canada writes a law that privacy-first companies cannot obey without weakening their users, those companies may simply leave.

TechRadar reported Friday that Canadian VPN provider Windscribe has joined Signal in warning it could exit Canada if the lawful-access bill passes in its current form. Parliament’s own LEGISinfo page identifies Bill C-22 as the Lawful Access Act, 2026, now at committee after second reading. Public Safety Canada says the bill would give police and CSIS modern tools to investigate serious threats and would create a framework for electronic service providers to maintain lawful-access capabilities.

That is the government’s case, and public safety is a real responsibility. Canadians want police to stop child exploitation, organized crime, foreign interference and terrorism. But the conservative accountability test is not whether the objective sounds serious. It is whether the power is narrow, reviewable, technically safe and protected from mission creep.

Bill C-22 fails that trust test unless ministers can answer the hard questions in public. Which providers can be designated? What technical capabilities can they be ordered to build? Can a company be forced to redesign secure systems in ways that create a permanent vulnerability? What metadata must be retained, for how long, and under what judicial threshold? How will Canadians know the powers are not being used as a shortcut around warrants?

OpenMedia and a coalition of civil-liberties, refugee-rights, academic and digital-rights organizations have called for Bill C-22 to be withdrawn, arguing it reintroduces surveillance powers first proposed in earlier border legislation. Even if one rejects the coalition’s strongest language, the underlying warning deserves respect: privacy infrastructure cannot be weakened only for “good guys.” A lawful-access capability created for Canadian authorities can also become a target for criminals, hostile states and insider abuse.

That is why Signal and Windscribe matter. These are not opposition MPs running a slogan. They are service providers whose business depends on user trust. If they conclude Canada is becoming a jurisdiction where secure communications cannot safely operate, the damage will not stop at one app or one VPN. It will tell investors, engineers and ordinary Canadians that Ottawa prefers access first and security second.

Parliament should not pass Bill C-22 on reassurance. It should demand written encryption protections, strict judicial authorization, public transparency reports, independent technical review, sunset clauses and clear limits on ministerial orders. If the Liberals cannot provide those safeguards, the bill should be rewritten before Canada drives privacy innovation — and Canadian privacy — out of the country.