Bill C-22 Turns the Encryption Fight Into a Foreign-Access Test

Before Parliament advances lawful-access powers, Canadians deserve explicit protections against encryption backdoors, secret technical orders and foreign surveillance spillover.

Bill C-22 is no longer just another Ottawa public-safety bill. It is now a direct test of whether Mark Carney’s Liberals believe Canadians’ private communications belong behind strong locks — or behind doors government can quietly order companies to redesign.

The government introduced Bill C-22 on March 12, 2026, presenting it as a package to help police and CSIS investigate serious crime, terrorism, violent extremism, transnational threats and foreign interference. Public Safety Canada says the bill would improve early investigative access to basic information and cooperation with international partners. That is the government’s best case, and public safety is real.

But power given to the state must be written narrowly, reviewed independently and limited in public law. That is where Bill C-22 now faces a major credibility problem.

The House public safety committee scheduled a televised May 26 meeting on “Bill C-22, An Act respecting lawful access,” with the Privacy Commissioner, Apple, Google, the Canadian Civil Liberties Association, police voices and others on the witness list. That lineup matters. When the privacy commissioner, civil-liberties advocates and the companies that secure millions of Canadians’ devices are all at the same table, the issue is not partisan theatre. It is the architecture of digital freedom.

Google’s committee submission, reported by iPhone in Canada, warns that the bill could allow sweeping technical directives or secret ministerial orders and could create pressure toward surveillance capabilities or backdoors. Google’s reported ask is straightforward: remove secret ministerial orders, drop broad metadata logging demands and make clear that government cannot force companies to undermine encryption or alter secure products.

Citizen Lab added the foreign-access warning light. Its May 25 summary says Bill C-22 could move Canada toward a U.S.-Canada CLOUD Act agreement and potentially open the door to foreign law-enforcement requests for real-time surveillance, including wiretaps and phone hacking in Canada. Ottawa has no right to treat that as a footnote. If a Canadian law helps foreign agencies reach deeper into Canadian networks, Parliament should debate that openly before the machinery is built.

The conservative accountability position is simple: police should get lawful tools targeted at criminals, with warrants and due process. They should not get a blank cheque to weaken everyone’s security. A backdoor for Ottawa is still a backdoor for hackers, hostile states and foreign agencies that later demand equivalent access.

Before Bill C-22 moves another inch, Parliament should require three receipts. First, an explicit statutory ban on orders that weaken end-to-end encryption or create systemic vulnerabilities. Second, no secret technical directives without meaningful independent review, public reporting and a narrow necessity test. Third, a full public explanation of how Bill C-22 interacts with any CLOUD Act negotiation or foreign-access framework.

If the Liberals say this bill is about safety, they can prove it by protecting Canadians from criminals and from overbroad government power at the same time. Anything less is not modernization. It is a surveillance architecture waiting for abuse.