Skip to Content Subscribe Our Offers My Account Manage My Subscriptions FAQ Newsletters Canada Canadian True Crime Canadian Politics Health World Israel & Middle East Financial Post NP Comment Longreads Puzzmo Diversions Comics NP News Quiz New York Times Crossword Horoscopes Life Eating & Drinking Style Sponsored Play for Ontario Travel Travel Canada Travel USA Travel International Cruises Travel Essentials Culture Books Celebrity Movies Music Theatre Television Business Essentials Advice Lives Told Tails Told Shopping Buy Canadian Home Living Outdoor Living Tech Style & Beauty Kitchen & Dining Personal Care Entertainment & Hobbies Gift Guide Travel Guide Deals Savings National Post Store More Sports Hockey Baseball Basketball Football Soccer Golf Tennis Driving Vehicle Research Reviews News Gear Guide Obituaries Place an Obituary Place an In Memoriam Classifieds Place an Ad Celebrations Working Business Ads Archives Healthing Epaper Manage Print Subscription Profile Settings My Subscriptions Saved Articles My Offers Newsletters Customer Service FAQ Newsletters Canada World Financial Post NP Comment Longreads Puzzmo Diversions Life Shopping Epaper Manage Print Subscription HomeNP CommentOpinion: Parliament must not allow Bill C-22 to break encryptionThe legislation is sorely needed, but it must not be allowed to weaken privacy protections and cybersecurityLast updated 27 minutes ago You can save this article by registering for free here. Or sign-in if you have an account.Photo by Gabby Jones/BloombergThe Canadian government is right to pursue lawful access reform under Bill C-22. But a key mistake remains in the proposed legislation: it leaves open a backdoor for government to access encrypted data. That door must be closed in order to protect Canadians’ privacy, as well as our relationship with our largest trading partner.Enjoy the latest local, national and international news.Exclusive articles by Conrad Black, Barbara Kay and others. Plus, special edition NP Platformed and First Reading newsletters and virtual events.Unlimited online access to National Post.National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.Daily puzzles including the New York Times Crossword.Support local journalism.Enjoy the latest local, national and international news.Exclusive articles by Conrad Black, Barbara Kay and others. Plus, special edition NP Platformed and First Reading newsletters and virtual events.Unlimited online access to National Post.National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.Daily puzzles including the New York Times Crossword.Support local journalism.Create an account or sign in to continue with your reading experience.Access articles from across Canada with one account.Share your thoughts and join the conversation in the comments.Enjoy additional articles per month.Get email updates from your favourite authors.Create an account or sign in to continue with your reading experience.Access articles from across Canada with one accountShare your thoughts and join the conversation in the commentsEnjoy additional articles per monthGet email updates from your favourite authorsSign In or Create an AccountorLawful access allows police and intelligence agencies to use clear, reviewable mechanisms to obtain information that they are already legally entitled to seek, but to do so in a more timely manner. It means being able to confirm whether a digital service exists, identify the customer and provider, obtain limited subscriber information and ensure companies can efficiently comply with valid warrants.It’s essential for Canada’s security agencies to have these powers. We cannot credibly ask to be treated as a trusted ally while lagging behind our G7 and Five Eyes partners. Nor will violent crime be blunted solely through bail reform and mandatory minimums — measures that target the foot soldiers of increasingly state-influenced transnational organized crime, not those who are actually in charge.This newsletter from NP Comment tackles the topics you care about. (Subscriber-exclusive edition on Fridays)By signing up you consent to receive the above newsletter from Postmedia Network Inc.We encountered an issue signing you up. Please try againBut Canada’s allies — particularly the United States — also expect us to have the necessary safeguards in place to protect commercial interests. That’s why Ottawa must take industry concerns seriously about C-22 providing backdoors to encrypted devices and information. In doing so, we’ll be protecting our national security, while strengthening our economic position by gaining leverage in upcoming trade negotiations.Apple, Meta,NordVPN and Signal have all raised concerns about what the legislation means for their clients’ data privacy and security.At present, the text of the bill does not live up to some of the more alarmist concerns that its opponents have raised, such as warrantless access to digital platforms. However, the bill’s key terms are broadly worded, leaving them vulnerable to regulatory amendments that could create such problems. C-22’s broad definitions, coupled with its special ministerial powers, validate these concerns.As does recent experience. The Salt Typhoon breach, which compromised U.S. telecom networks, shows how surveillance infrastructure can become a target for hostile states. And in the United Kingdom, a ministerial demand for access to encrypted iCloud data prompted Apple to remove its advanced data protection for British users.Canadian lawmakers must understand that any measures that pose a security risk or threaten the competitive advantage of digital giants will land on the White House’s radar, and draw attention from legislators on both sides of the congressional aisle. Indeed, last month the U.S. House committees on the judiciary and foreign affairs sent a stern warning to Public Safety Minister Gary Anandasangare about the threat posed by Bill C-22.To address these concerns, Parliament must build safeguards directly into the legislation, not leave them to regulation or ministerial discretion. The law should clearly state that no regulation, compliance order or penalty may require a provider to weaken, or prevent, the use of end-to-end encryption — a term that should be defined as exhaustively as necessary to eliminate any loopholes. It should also declare that ministerial orders cannot override these statutory protections.The same precision is needed on metadata retention — the legal requirement for digital service providers to store data related to a user’s communications and provide it to security agencies in some instances. Law enforcement is interested in seeking location and transmission — not content — based metadata to help identify persons of interest. This practice does not necessarily break encryption or require the retention of communications content but, if drafted broadly, could force firms to create state-accessible data linkages that their systems were designed to avoid for privacy and commercial purposes.Some industry and privacy concerns have been overstated. For example, police can already seek judicial authorization for on-device investigative tools that can access encrypted data from a user’s device, rather than forcing providers to break encryption or build a separate backdoor.What’s more, many technology firms already collect substantial metadata about users for purposes like billing, fraud prevention and advertising. The commercialization of user data is central to the business models of many large platforms, all of which require user agreements in line with privacy laws.Parliament may conclude — as other countries with lawful access regimes, like Australia, have — that industry must retain and facilitate access to some metadata for public safety and national security purposes. But at present, the bill is overly broad, requiring the retention of transmission data and subscriber information without sufficient precision. The government should minimize and specify those requirements.Canada has significant gaps in its public safety and national security architecture. Lawful access is a major piece of that puzzle, but greater precision in the legislation is needed to ensure we don’t create a bigger vulnerability in the process.National PostPeter Copeland is deputy director of domestic policy at the Macdonald-Laurier Institute. Jamie Tronnes is executive director of the Center for North American Prosperity and Security. Join the Conversation This website uses cookies to personalize your content (including ads), and allows us to analyze our traffic. Read more about cookies here. By continuing to use our site, you agree to our Terms of Use and Privacy Policy.