The Canadian government, which is fast transforming the Great Gray North into a kind of adjunct to Beijing, wants to make things as easy as possible for hackers launching cyberattacks on behalf of the Chinese Communist Party. The medium of this enablement is a Bill C-22, introduced as “An Act respecting lawful access” or the “Lawful Access Act” on March 12, 2026.
I mention CCP hackers. But once the back doors are installed, bad guys of every description with modest skill and with or without state backing could more easily invade the apps of hapless Canadians. (And would compliant tech firms be able to cordon off their compromised tech in such a way that only Canadians are rendered more vulnerable?)
Once the weaknesses are built into the systems, what gets grabbed legally or illegally from innocent software users would probably not stay limited to meta data, which is the named target.
Google, Apple, Meta, Signal, Proton
Various tech companies protest the legislation, which has not yet been enacted (Reclaim the Net, May 26, 2026).
Google has told Canadian lawmakers that Bill C-22 would build a “surveillance infrastructure” that weakens cybersecurity for everyone….
Bill C-22 would force telecoms, messaging apps, and potentially any digital service in Canada to rebuild their systems for police and CSIS surveillance, while storing user metadata for up to a year.
That metadata covers who contacted whom, when, and from where, for millions of people not suspected of anything.
Even Google, which is ironically no stranger to surveillance accusations, warned that the bill gives the Public Safety Minister “sweeping powers to issue secret orders” to intercept data, and that its definition of “electronic service provider” could catch nearly any company operating in Canada.
The company called the bill’s safeguard against systemic vulnerabilities dangerously narrow. “Without a stronger definition of ‘systemic vulnerability,’ the law could be used to decrease overall user security, by creating backdoors that would break end-to-end encryption and create significant cybersecurity risks, facilitating foreign interference and weakening global user privacy,” Google wrote.
Google says that it has never built a back door “or other mechanism to circumvent end-to-end encryption in our products. If we say a product is end-to-end encrypted, it is end-to-end encrypted.”
Apple, Meta, and Signal are among the other companies that have objected to the bill; and Signal, Reclaim the Net reports, “has threatened to leave Canada entirely rather than comply.” The others should make the same commitment to leave rather than comply. Even if the bill were enacted, it might be rapidly rescinded once all the tech firms started shutting down services and millions more Canadians became aware of what is going on.
Never
On X, the general manager of Switzerland-based Proton VPN, David Peterson, says: “Complying with foreign surveillance orders without Swiss legal process is a criminal offence. Not happening. We’ll defend our Canadian users and never compromise them. We will fight C-22’s application by every means available.”
Also see:
Common Sense with Paul Jacob: “Driving VPNs South”
