Meta urged Canada to amend Bill C-22 after warning that part of the lawful access proposal could weaken privacy and cybersecurity protections.
Company executives told lawmakers on May 7 that the bill contains useful law enforcement measures, but its surveillance provisions need major changes.
The testimony came one day after Apple publicly opposed the same provisions and warned against encryption backdoors.
Meta Warns Against Surveillance Powers
Meta told a parliamentary hearing that Part 1 of Bill C-22 gives law enforcement a legal path to collect critical evidence and support public safety.
However, the company said Part 2 raises deeper risks because it could allow the Public Safety Minister to issue secret orders to technology firms and telecom providers.
Those orders could require companies to build systems that support third-party surveillance. Meta said such powers could harm Canadians by creating security weaknesses inside digital platforms.
The company urged lawmakers to remove or revise measures that may force providers to change secure systems for government access.
Bill C-22 Raises Metadata Concerns
Part 2 of Bill C-22, also called the Supporting Authorized Access to Information Act, would let the Public Safety Minister require core providers to retain metadata for up to one year. The retained records may include transmission data, device identifiers, routing details, and location information.
The bill does not cover message content, browsing history, or social media activity. Still, privacy experts argue that metadata can reveal sensitive patterns about a person’s movements, contacts, and communications over time.
The bill also allows retention duties to expand beyond telecom firms through ministerial orders. That wording could bring cloud services, encrypted messaging platforms, and crypto infrastructure providers under future rules, depending on how regulators define electronic service providers.
Apple Opposition Adds Industry Pressure
Apple opposed the bill on May 6 and said it would not build backdoors into its products. The company also suggested it could withdraw certain services from Canada instead of complying with rules that weaken encryption.
The warning echoes Apple’s earlier move in the United Kingdom, where it withdrew Advanced Data Protection after pressure over encrypted iCloud access. Industry critics say Canada could face a similar dispute if Bill C-22 advances without clear encryption safeguards.
The Canadian government rejects claims that the bill would force companies to weaken encryption. Public Safety Minister Gary Anandasangaree’s office said the proposal does not require systemic vulnerabilities and remains consistent with the Charter of Rights and Freedoms.
Critics point to the Salt Typhoon cyberattack in the United States as a warning. Hackers exploited lawful intercept systems used by telecom carriers, exposing metadata and surveillance targets. Canada’s Parliament will now decide whether Bill C-22 can support investigations without creating wider security risks.
