Canada vows to amend Bill C-22's encryption and metadata rules amid massive tech backlash

• Canada vows to amend Bill C-22 to better define encryption, metadata rules
• The move follows massive backlash from Big Tech and privacy tech firms
• Public Safety Minister remains firm that the legislation "needs to happen"

Following intense blowback from tech giants, privacy advocates, and some of the best VPN providers, the Canadian government has announced it will amend the contentious lawful access legislation known as Bill C-22.

The proposed law is designed to help law enforcement and intelligence services access digital information during high-stakes investigations. However, critics argued its sweeping technological demands would effectively force companies to build backdoors into encrypted platforms, putting global cybersecurity at risk.

On Wednesday, Public Safety Minister Gary Anandasangaree confirmed that the government is drafting amendments "to ensure there's clarity on what encryption is," while also promising to better define metadata in the legislation.

Despite the planned revisions, Anandasangaree emphasized that the broader push for the bill to give authorities lawful access to citizens' data will continue.

"This is something that needs to happen," he told reporters, noting that police and intelligence agencies require updated tools to combat evolving tech threats.

Tech giants and VPNs threaten to exit

The government’s decision to revise the bill comes after weeks of searing criticism from the tech sector. Under the original wording, Bill C-22 would force undefined electronic service providers to retain metadata for up to a year, and adapt their systems to hand over intercepted data to investigators holding a warrant.

Furthermore, the legislation allows the public safety minister to issue secret orders forcing providers to retrieve data or trace devices, orders that the companies would be legally prohibited from disclosing to their users.

This triggered a unified defense of privacy from major industry players. Meta and Apple raised alarms, while Google joined the privacy backlash, warning a parliamentary committee that the legislation "could facilitate foreign interference and weaken global user privacy."

Apple’s senior director of user privacy and child safety, Erik Neuenchwander, testified on Tuesday about the dangers of weakening security.

"When you build a backdoor into an encrypted device, anyone can walk through, and because so much depends on encryption, we can't take that risk," Neuenchwander told lawmakers.

The privacy community has been equally vocal.

Proton VPN stated that compromising its no-logs policy is out of the question, while ExpressVPN also argued that its no-logs architecture and encryption are "non-negotiable."

Secure messaging app Signal, alongside NordVPN and Windscribe, threatened to pull their services from Canada entirely if forced to comply with the surveillance demands.

Political opposition and next steps

The Canadian security community has long argued that modern encryption leaves them outpaced by criminals. Talking to CBC, the National Security and Intelligence Committee of Parliamentarians (NSICOP) said that encryption, along with the sheer volume of digital data, makes it "difficult and sometimes impossible to gather the information needed to carry out effective investigations."

While Anandasangaree stated the new amendments will aim to align the bill's encryption provisions with US counterparts, the move hasn’t entirely quelled political opposition.

As reported by CBC, Conservative Leader Pierre Poilievre said his party will "have to see" the amendments first, but added, "So far we're extremely suspicious," accusing the government of attempting to build "a surveillance state."

The Public Safety Minister pushed back against the Big Tech industry's outcry, questioning their commitment to user safety. "We're living in a world where big techs, whether it is Apple, Google, or the range of other big tech companies, are operating without any type of accountability," Anandasangaree argued.

With the Liberal government holding a majority, they can pass the revised Bill C-22 without the support of the Conservatives, NDP, or Green Party, all of whom have expressed opposition. How far the new amendments will go to actually protect user privacy remains to be seen.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!