The backlash against Bill C-22 continues to expand after Google’s submission was posted. They join Apple and Meta in their pushback.
The backlash against Canada’s Bill C-22 continues to grow even more intense. This time around, we are seeing shades of the anti-encryption debate being thrown into the mix.
All of this was predictable. Experts and scholars had already warned about the dangers of the bill. Unfortunately, the Canadian government is following an identical playbook to the disastrous Online News Act that saw mass layoffs, bankruptcies, and surviving members of the media becoming wholly dependent on massive regular bailouts from the federal government. That playbook being to ignore all the warnings, dismiss the experts, and treat people who point out the flaws as little more that stupid idiots who don’t understand the governments grand plan. This before proceeding with the laws passage anyway and trying hard to ignore all the consequences that were, well, warned about in the first place.
So far, that is exactly where things are going. After all, one government official released a propaganda video arguing that the governments massive invasion of privacy and doing away with judicial oversight somehow “strikes the right balance” because, uh, reasons and like such as.
Well, trying to ignore the warnings from all over isn’t working out so well for the government. I know, who could’ve seen that one coming? Already, NordVPN, Windscribe, and Signal have said that they are seriously considering leaving the country altogether should Bill C-22 pass. More recently, ExpressVPN said that logs and encryption backdoors are non-negotiable. They aren’t doing it.
Of course, the backlash isn’t tied exclusively to privacy centric services. Even some of the biggest names in surveillance capitalism are arguing that the surveillance measures go too far. As people have noted earlier this month, Apple and Meta have questioned the security demands this bill has in its text. From iPhone in Canada:
Apple and Meta are both pushing back hard against the federal government’s proposed Bill C-22, telling a parliamentary committee that the legislation could effectively turn smartphones and messaging apps into surveillance tools for the state.
Meta’s Director of Public Policy for Canada, Rachel Curran, appeared before the Standing Committee on Public Safety and National Security and took direct aim at Part 2 of the bill. Her argument was straightforward: the provisions as written could force companies to build backdoors into encrypted services like WhatsApp and Messenger, which she said would make Meta an extension of the government’s surveillance apparatus rather than a private communications platform.
“The technical community’s consensus on this is clear: it is not possible to build backdoors to encrypted systems for law enforcement without creating vulnerabilities that will be exploited by malicious actors,” Curran said, in a copy of her statement emailed to iPhone in Canada.
Apple also was critical of Bill C-22, as it said the bill would undermine its ability to offer the privacy and security features its users rely on. “This legislation could allow the Canadian government to force companies to break encryption by inserting backdoors into their products,” Apple said to Reuters, adding that it would never do so.
More recently, Google’s submission was also released regarding this bill. From iPhone in Canada:
Google’s official submission to the House of Commons Standing Committee on Public Safety and National Security just dropped, and the tech giant is not holding back on the federal government’s Bill C-22. We’ve already heard from Apple and Meta, and now Google’s full submission is available.
In short, Google thinks the bill is a privacy nightmare that could pressure companies into building backdoors into their own secure products.
Google says it’s all for letting law enforcement do their job, but argues the bill as written goes way too far. The company is particularly uneasy about rules that would let the federal government issue sweeping technical directives or secret “ministerial orders” to monitor data, with little apparent limit on their scope.
The big flashpoint is encryption. Google made clear it isn’t budging on this one: “Google has never built a backdoor or other mechanism to circumvent end-to-end encryption in our products. If we say a product is end-to-end encrypted, it is end-to-end encrypted.”
Google calls the current language “unduly narrow” and arguing it leaves dangerous gaps. Without proper protections, Google says the bill could be exploited to weaken privacy on a global scale and potentially even leave the door open to foreign interference.
“Without a stronger definition of ‘systemic vulnerability’, the law could be used to decrease overall user security, by creating backdoors that would break end-to-end encryption and create significant cybersecurity risks, facilitating foreign interference and weakening global user privacy,” it wrote in its submission.
If Apple, Meta, and Google say your surveillance bill is going way too far, maybe it’s time to rethink your surveillance legislation.
This all has shades of past encryption debates when governments tried to order the breaking of encryption. People, including experts, pointed out the fact that there is no such thing as “safely breaking encryption”. What you are doing is undermining your own encryption. This lesson was learned the hard way in 2024 when AT&T’s wiretap system, supposedly only meant for “the good guys”, was compromised by China in the infamous Salt Typhoon hack. People everywhere were warning that this was all a really bad idea. Those people were ignored completely and the companies were simply told to “nerd harder” to make it all work. That’s how we got the Salt Typhoon incident, proving that the experts were right all along to question the ideology of “safely breaking encryption”.
Indeed, the Canadian government seems to be moving forward with efforts to repeat these past mistakes by demanding that everything have a built in wiretap system. Not only that, but a wiretap system out of reach from judicial oversight on top of it all. The companies know full well that this law is setting them up for failure on the privacy front. It’s impossible to “safely break” encryption and all you are doing is inviting hackers to breach your systems. This with the obvious implications that people’s privacy are being compromised in all of this.
Now, the hope is that all of this pressure (and this is, in fact, a lot of pressure) would finally get the government to see the errors of their ways. The problem is that when it comes to technology related issues, the government’s track record is abysmal when it comes to understanding basic common sense and reason. Common sense didn’t sink in with the Online Streaming Act, the Online News Act, and the Digital Services Tax. As a result, the consequences of passing all three are currently ranging from “still forthcoming” to “reaching the finding out” phase and, in some cases, even reaching the “yeah, we have regrets we even did that” phase. So, despite everyone telling the government that what they are doing with Bill C-22 is a horrible mistake, it’s hard to tell if the government will actually, for once, listen to basic common sense and reason at this stage. Hopefully they do, but the government has a long history of needing to go full “touch the hand on the stove” before beginning to realize that they are screwing things up.
Drew Wilson on Mastodon, Bluesky and Facebook.
Discover more from Freezenet.ca
Subscribe to get the latest posts sent to your email.
