Meta Warns Bill C-22 Could Turn Tech Giants Into Government Surveillance Tools

- Advertisement -
Two men in suits sit on stage panels; one speaks into a microphone while the other listens on a bright red backdrop.
Bill C 22 the so called Lawful Access Act introduced by Public Safety Minister Gary Anandasangaree in March is currently making its way through the House of Commons public safety committee

Canada’s proposed digital surveillance legislation is drawing sharp criticism from one of the world’s largest technology companies, with Meta telling federal lawmakers that the bill could fundamentally undermine the privacy and security of millions of Canadians and potentially do more harm than good.

Bill C-22, the so-called Lawful Access Act introduced by Public Safety Minister Gary Anandasangaree in March, is currently making its way through the House of Commons public safety committee. The legislation is designed to give security agencies stronger tools to investigate crime in an increasingly digital world. But not everyone is convinced it strikes the right balance.

- Advertisement -

At a May 8 committee hearing, Meta’s head of public policy, Rachel Curran, didn’t mince words. While she acknowledged the bill was an improvement over its predecessor, Bill C-2, she said several provisions remain deeply problematic particularly the second part of the legislation, which would compel electronic service providers to install systems granting government agencies access to their platforms.

“The technical assistance obligations in part 2 could conscript private companies into service as an arm of the government surveillance apparatus,” Curran told MPs. In plain terms, she argued the bill could force companies like Meta to weaken or break their own encryption, or worse, install what amounts to government spyware on their systems.

Anandasangaree has insisted the bill won’t create “back doors” into digital platforms and won’t require companies to decrypt end-to-end encrypted communications. Curran pushed back firmly on that framing. Any system purpose-built to give governments access, she argued, is a back door full stop. And once such a vulnerability exists, it isn’t a question of whether it gets exploited by bad actors, she said, but when.

Her warning carried real-world weight. Curran pointed to the ongoing fallout from a Chinese state-sponsored hack of major global telecommunications companies in 2025 a campaign attributed to a threat group known as “Salt Typhoon” as a cautionary tale about what happens when communications infrastructure is compromised. Canadian authorities had already flagged that domestically registered devices were among those affected.

The international context matters too. Curran noted that France and Sweden stepped back from implementing similar surveillance measures after weighing the risks. Britain pressed ahead and promptly faced backlash from both the U.S. government and civil liberties organizations. Apple, for its part, announced last September it would stop offering its Advanced Data Protection feature to new users in the UK entirely.

Beyond the encryption debate, legal experts raised serious constitutional red flags about another provision: a requirement that service providers retain user metadata for a full year.

Robert Diab, a law professor at Thompson Rivers University, argued this runs afoul of Section 8 of the Canadian Charter of Rights and Freedoms, which protects citizens against unreasonable search and seizure. The courts have been clear, he said metadata is private. When the government compels a telecom to hold onto it, that company is effectively acting as a state agent conducting a seizure.

Michael Geist, Canada research chair in internet and e-commerce law at the University of Ottawa, went further, calling the provision “disproportionate” and predicting it would be struck down by the Supreme Court if it ever got that far. The sheer scale of the data collection covering every subscriber regardless of any suspicion would amount to what he described as a comprehensive surveillance map of virtually every Canadian: where they go, when, and who they communicate with.

Metadata from telecom providers, Geist explained, includes records of which device connected to which cell tower and at what time. In aggregate, that’s detailed location tracking of an entire population.

One of the more unusual aspects of Bill C-22 is a blanket secrecy provision that would bar companies from disclosing if they’ve received a ministerial order to modify their systems or hand over data.

Meta’s director of privacy and public policy, Robyn Greene, told the committee this creates an impossible situation for companies like hers. If the government quietly mandates changes to a platform’s security architecture, Meta would be legally prohibited from telling its own users. “Our users would completely lose trust in the security and privacy protections of our products,” Greene said.

For a company whose entire value proposition to users rests on promises of secure communication, the implications are significant. Critics also noted the provision flies in the face of basic corporate transparency David Fraser, a lawyer and instructor at Dalhousie University, argued that under no circumstances should the government be permitted to issue secret orders forcing a business to alter the products and services it offers to the public.

The controversy has even spilled across the border. A group of U.S. lawmakers wrote directly to Anandasangaree this week, warning that the bill could compromise the security and privacy of American citizens. The minister’s office did not respond to requests for comment before publication.

Not everyone is opposed to the legislation. Law enforcement agencies have broadly welcomed it.

Toronto Police Chief Myron Demkiw called Bill C-22 “a step in the right direction,” arguing it would give officers faster tools to advance investigations, hold offenders accountable, and intervene earlier in cases involving violent extremism.

Children’s advocacy groups are also on board. Monique St-Germain, general counsel for the Canadian Centre for Child Protection, highlighted how quickly online offenders can shift their digital footprints cycling through fake accounts, multiple devices, and different platforms across jurisdictions. The additional powers to obtain subscriber information, she argued, are essential for investigators trying to unravel those networks and protect children from exploitation.

What’s clear from the committee hearings so far is that Bill C-22 is trying to solve a real problem crime does increasingly live in the digital world, and investigators do face genuine obstacles but the way it currently does so raises serious questions that lawmakers will need to grapple with before it advances further.

The tension between security and privacy is nothing new. But the specific technical demands this legislation would place on private companies, the constitutional questions around mass metadata retention, and the secrecy provisions that could cut users off from knowing how their data is handled all suggest the bill needs significant refinement before it’s ready to become law.

The committee hearings continue.

- Advertisement -

Stay in Touch

Subscribe to us if you would like to read weekly articles on the joys, sorrows, successes, thoughts, art and literature of the Ethnocultural and Indigenous community living in Canada.

Related Articles