Bill C-22’s Encryption Gap: The RCMP Just Made Ottawa’s Reassurance Harder to Believe

Ottawa says Bill C-22 is not an encryption backdoor. The RCMP’s committee evidence makes that reassurance harder — not easier — to accept without a full rewrite.

Bill C-22 was already a privacy fight. Now it is a credibility fight.

Parliament lists Bill C-22, the Lawful Access Act, 2026, as a government bill sponsored by the Minister of Public Safety and now under House committee consideration after second reading referral on April 20. That is the stage where MPs should be tightening definitions, testing claims and refusing to pass vague technical power on trust.

The government’s public line is clear. Its lawful-access page says the bill would modernize electronic service-provider obligations, standardize capability requirements and help police and CSIS obtain information when legally authorized. It also says Bill C-22 would not create backdoors, would not weaken encryption and would let providers refuse obligations that create a systemic vulnerability.

But the political problem is that Ottawa is now promising amendments on the very points critics warned about. Canadian Press reported on May 27 that Public Safety Minister Gary Anandasangaree said the government would clarify encryption language and define metadata. He said the bill was “never meant to breach encryption,” while also saying law enforcement needs the bill “as a baseline” and that the government wants it passed quickly.

Then came the sharper accountability question. Michael Geist reported on May 29 that RCMP testimony at the public safety committee confirmed law enforcement wants Bill C-22 because it would provide an opportunity to access encrypted communications. That does not prove every worst-case claim about the bill. It does prove Canadians were right to distrust soothing language that treats encryption concerns as misinformation.

There is a legitimate public-safety argument for timely lawful access in serious investigations. Conservatives should not pretend police never need modern tools. But the standard for digital power is not “trust us.” It is precision: what data, from whom, under what authorization, with what audit trail, and with what hard limit against forcing providers to weaken secure systems used by millions of innocent Canadians.

The stakes are not abstract. CP reported that Apple and Meta warned the bill threatens encryption, while Signal and NordVPN warned they could leave Canada if forced to compromise privacy. It also reported the bill could require providers to retain metadata for up to one year. Metadata is not “nothing.” Patterns of who contacted whom, when, where and how often can reveal political, medical, religious and personal relationships.

If the Liberals now admit the bill needs amendment, committee should not rubber-stamp a patch job. Publish the encryption language. Define metadata in the statute, not later by regulation. Ban any order that weakens encryption or authentication. Require public aggregate reporting, independent audits and notice to Parliament when secret ministerial orders are used.

Public safety and privacy are not enemies. A government that cannot write clear limits into Bill C-22 has not earned the power it is asking Canadians to surrender.