Apple, Meta oppose Canadian bill over encryption and privacy risks

Apple and Meta lined up against a Canadian surveillance bill that could push the debate far beyond Ottawa, arguing that Bill C-22 may force companies to weaken encryption and open the door to systemic vulnerabilities in products used around the world.

The legislation, introduced by Canada’s ruling Liberal Party after it won a parliamentary majority last month, was under debate in the House of Commons as law-enforcement officials pressed the case for faster access to evidence in national-security and criminal investigations. Their argument is straightforward: give investigators earlier access, speed up warrants, and make it easier to pursue threats before evidence disappears.

Apple said the draft went too far. The company warned that the bill could be used to force firms to break encryption or insert backdoors, a move it said would undermine the privacy and security features that users expect from services such as iMessage and encrypted cloud storage. The issue is not simply whether police can seek lawful access in specific cases. It is whether Parliament would empower the state to require technology companies to build persistent access mechanisms into systems designed to keep data hidden from everyone except the sender and receiver.

Meta drew a narrower line between the bill’s two parts. The company said Part 1 could help police obtain critical evidence, but Part 2 could severely damage privacy and cybersecurity by compelling firms to build or maintain capabilities that weaken encryption or even install government spyware. That distinction matters because it separates targeted access requests from a legal requirement to alter product design at the infrastructure level.

The stakes extend well beyond Canada’s borders. Apple and Meta operate services with global users, and any mandate imposed in Canada could shape how the same platforms protect people in other countries. A domestic law in one G7 country could therefore set a precedent for broader demands on encrypted messaging, cloud storage, and device security across markets.

The dispute also echoed Britain’s recent clash over access to encrypted data, where an order prompted Apple to remove a feature that let users store certain information in iCloud with end-to-end encryption. For privacy advocates, that episode showed how government access demands can reshape products even when the initial pressure comes from a single jurisdiction.

Canada’s bill now sits at the center of a familiar but escalating test: whether governments can demand lawful access without creating a model for weaker encryption everywhere. If Bill C-22 advances without major changes, the consequences would reach well beyond one country’s criminal courts and into the security expectations of users worldwide.