Spy Agency Pushes For Bill C-22
Canada’s spy agency is warning that the country risks falling behind its intelligence allies if the federal government fails to pass Bill C-22, the Liberals’ latest attempt to create a lawful access regime.
Nicole Giles, deputy director of policy and strategic partnerships at the Canadian Security Intelligence Service, said Canada is the only Five Eyes country without such a framework. She argued that this gap limits the country’s ability to respond to fast-moving threats in an era of rapid technological change.
A Bill Facing Growing Opposition
Bill C-22 would give police and intelligence agencies faster access to certain information during investigations, provided they meet legal requirements such as obtaining warrants. It is the government’s second attempt at passing lawful access legislation since the federal election last spring.
The proposal has drawn criticism from privacy advocates, civil liberties groups, businesses, technology companies and senior U.S. lawmakers. Much of the concern is focused on Part 2 of the bill, which would require electronic service providers to adapt their systems to make requested information easier to provide to authorities.
Encryption Becomes The Central Concern
Technology companies including Meta and Apple, along with messaging services such as Signal, have warned that the bill could weaken privacy protections, especially encryption. Critics argue that building access mechanisms for law enforcement can also create openings for hackers and foreign adversaries.
Michael Geist, a University of Ottawa law professor, said weakening cybersecurity systems for lawful access risks making those systems vulnerable to bad actors as well. His warning reflects a central challenge in the debate: how to give authorities targeted access without creating broader systemic weaknesses.
CSIS Rejects Backdoor Claims
Giles said critics misunderstand the bill. She argued that Bill C-22 does not seek to mandate back doors or universal decryption capabilities, but instead aims to enable targeted and exceptional access under strict legal controls.
She also pointed to a provision in the bill that is intended to prevent providers from creating systemic vulnerabilities. According to CSIS, the legislation would bring Canada closer to the baseline capabilities already available to its Five Eyes partners.
Cases Highlight Operational Gaps
In a rare move, Giles described two operations that CSIS says were hindered by the lack of a lawful access framework. In one case, the agency had a warrant and wanted to track the cellphone of a person of interest linked to a terrorist group, but the provider lacked the capability because it was not legally required to maintain it.
As a result, CSIS had to rely on costly and risky in-person surveillance, which left significant gaps. In another case, a foreign partner asked Canada for help after identifying Canadian phone numbers linked to possible threat activity. CSIS traced the numbers to a reseller, but could not provide further information because the reseller did not keep relevant records.
Metadata Retention Sparks Debate
Bill C-22 would also require core providers to retain metadata for up to one year. Officials say this would not include browsing history or message contents, but could include logs showing which phone numbers contacted each other or where a device travelled.
Critics describe that requirement as a surveillance map, while the RCMP argues that certain investigative data disappears too quickly under current rules. Public Safety officials say they are listening to concerns, particularly around end-to-end encryption, and Minister Gary Anandasangaree has suggested the government is open to amendments. For Canada, the debate now centers on whether national security can be strengthened without weakening privacy and cybersecurity protections.
