Meta Just Said the Quiet Part Out Loud on Bill C-22

Rachel Curran’s warning to Parliament is blunt: Part 2 of Bill C-22 could turn private companies into an arm of Ottawa’s surveillance machine.

The viral image is not fake. Meta’s own posted remarks confirm the core quote: Rachel Curran, Meta’s Director of Public Policy for Canada, told the House of Commons public safety committee that Part 2 of Bill C-22 could “conscript private companies” into the government’s surveillance apparatus.

That is not a Conservative slogan. That is not a meme account exaggerating. That is one of the largest communications companies in the world warning Parliament that the Carney government’s lawful-access bill could make Canadians less safe by weakening the technical systems they rely on every day.

What Meta actually said

Meta’s remarks are careful. The company says Part 1 of Bill C-22 could, with targeted amendments, give law enforcement an effective framework for obtaining necessary data in a timely way.

But then Curran draws a hard line around Part 2.

Meta says Part 2 has sweeping powers, minimal oversight and unclear safeguards. The company warns that, as drafted, the bill could require providers to build or maintain capabilities that break, weaken or circumvent encryption and other zero-knowledge security systems. It also says the bill could force providers to install government or third-party surveillance software directly on their systems.

Read that again: not just hand over information under a warrant. Not just cooperate with lawful requests. The warning is about forced technical architecture — the kind of system design that can create permanent vulnerabilities for criminals, hostile states and insider abuse.

The government says this is about safety

Public Safety Canada’s case is that Bill C-22 is about keeping Canadians safe and giving law enforcement tools to investigate serious threats in a digital world. Parliament’s LEGISinfo page lists the bill as the Lawful Access Act, 2026, currently at committee after second reading.

Fine. Public safety is a real job of government. Police and CSIS do need lawful ways to investigate child exploitation, organized crime, terrorism, foreign interference and serious online threats.

But the accountability question is not whether the objective sounds serious. It is whether the power is narrow, reviewable, technically safe and protected from mission creep.

Part 2 is the problem

Meta says Part 2 goes in the wrong direction. It points to three core risks:

• Encryption risk: companies could be pressured to weaken, break or circumvent secure communications systems.
• Government spyware risk: companies could be forced to add government or third-party surveillance tools to private systems.
• Bulk metadata risk: companies could be required to retain metadata for up to one year, including information about ordinary Canadians with no connection to any crime.

Metadata is not harmless. It can reveal who you talk to, when you talk, where you go, what services you use and what patterns define your private life. A government that can mandate retention at scale is not just asking for case-by-case evidence. It is building a standing pool of surveillance-ready data.

Canadians need amendments, not reassurance

Meta is not asking Parliament to abandon law enforcement. It is asking Parliament to separate Part 2 from the bill and fix the dangerous parts properly.

At minimum, Parliament should require explicit protections that forbid any demand weakening encryption, mandate public transparency reporting, create a clear challenge process for companies, protect providers from liability while a challenge is pending, limit non-disclosure orders, and prohibit bulk metadata retention on Canadians suspected of nothing.

If those guardrails cannot be written plainly, Canadians should assume the power is broader than ministers are admitting.

Bottom line: Bill C-22 is no longer just a privacy-activist concern. Meta, Signal, Windscribe, civil-liberties groups and legal experts are all pointing at the same danger: Ottawa is trying to make the private digital world surveillance-ready. Canadians deserve security from criminals and security from state overreach. Bill C-22, as written, does not prove it can deliver both.