By Stephen Nellis
SAN FRANCISCO, – Apple and Meta have publicly opposed a Canadian bill that the companies say could require them to break the encryption of their devices and services if passed.
Bill C-22 was proposed by Canada’s ruling Liberal Party, which gained a parliamentary majority last month and is currently being debated in the House of Commons. Canadian law enforcement officials say the bill would help them investigate security threats earlier and act more quickly.
It is part of a broader push by governments to expand lawful access to encrypted data, a move tech companies say risks weakening user security.
The Canadian bill contains provisions that, depending on how they are implemented, could be similar to a UK data access provision order sent to Apple last year. That order prompted Apple to withdraw a feature allowing users to store data in its cloud with end-to-end encryption.
U.S. officials later said Britain had dropped the request after the U.S. director of national intelligence, Tulsi Gabbard, raised concerns it could violate a cloud data treaty.
End-to-end encryption means that only the user – not even Apple, Meta or law enforcement – can access the data without a key. The technology is widely used in services such as Meta Platforms’ WhatsApp and Apple’s iMessage, and security experts say it provides powerful protections against spying and cybercrime.
“At a time of rising and pervasive threats from malicious actors seeking access to user information, Bill C-22, as drafted, would undermine our ability to offer the powerful privacy and security features users expect from Apple,” Apple said in a statement. “This legislation could allow the Canadian government to force companies to break encryption by inserting backdoors into their products – something Apple will never do.”
In prepared testimony, Meta’s head of public policy for Canada, Rachel Curran, and Privacy and Public Policy Director Robyn Greene said the bill’s “sweeping powers, minimal oversight, and lack of clear safeguards” could make Canadians less safe, rather than more.
“As drafted, the bill could require companies like Meta to build or maintain capabilities that break, weaken, or circumvent encryption or other zero-knowledge security architectures, and force providers to install government spyware directly on their systems,” the two wrote.
In an email, Tim Warmington, a spokesperson for Public Safety Canada, said the law would not require technology firms to make changes that introduce a “systemic vulnerability” into electronic protections such as encryption.
“They know their systems and have a vested interest in keeping them secure,” Warmington said.
The U.S. Office of the Director of National Intelligence did not immediately respond to a request for comment on the bill.
(Reporting by Stephen Nellis in San Francisco; Ismail Shakil, AJ Vicens and Raphael Satter contributed reporting; Editing by Sanjeev Miglani and Christian Schmollinger)
