Canada’s “Lawful Access” Bill Raises Alarm in Congress Over Encryption and Americans’ Privacy5/18/2026
 Two powerful House committee chairmen are warning that a sweeping Canadian surveillance proposal could undermine the privacy and cybersecurity of Americans by pressuring U.S. technology companies to weaken encrypted services. At stake is the privacy of Americans who depend on robust encryption to protect sensitive communications, health data, financial records, and personal communications from unwarranted intrusion. In a May 7 letter to the Canadian Minister of Public Safety, House Judiciary Committee Chairman Jim Jordan and House Foreign Affairs Committee Chairman Brian Mast expressed concern that Canada’s proposed “Lawful Access Act of 2026,” known as Bill C-22, would dramatically expand the Canadian government’s ability to compel access to encrypted data. The lawmakers wrote: “Canada’s Bill C-22, currently under consideration in Parliament, would drastically expand Canada’s surveillance and data access powers in ways that create significant cross-border risks to the security and data privacy of Americans … “Bill C-22 would allow Canadian government officials to compel American companies to build backdoors into their encrypted systems, thereby introducing systemic vulnerabilities that could be exploited by hackers, foreign adversaries, and cybercriminals.” At the center of their concern is the requirement for “electronic service providers” to enable government access to data. The bill also authorizes confidential “ministerial orders” compelling providers to comply with demands, while prohibiting disclosure of those orders. “Dangerously Vague” Jordan and Mast argued that these powers are dangerously vague and compel weakening of encryption technologies. They wrote: “If a U.S.-based provider is forced to redesign its system to facilitate Canadian authorized access to content that is currently inaccessible even to the provider itself, the resulting capability cannot be geographically limited.” This could open the way for hostile actors and states to steal Americans’ data at a massive scale. The chairmen referenced the 2024 “Salt Typhoon” intrusion as evidence that government-mandated access points inevitably become attractive targets for hostile actors. Privacy and civil liberties advocates are voicing similar concerns. The Electronic Frontier Foundation warned that Bill C-22 would provide “a mechanism for the Minister of Public Safety to demand companies create a backdoor to their services,” while Meta stated publicly that the bill could “break, weaken, or circumvent encryption.” Endangers the Vulnerable PPSA has long warned that mandates weakening encryption in one democratic nation inevitably create ripple effects far beyond national borders. Breaking secure encryption could endanger journalists, dissidents, religious minorities, businesses, attorneys, and ordinary citizens from criminals and hostile foreign actors alike. Jordan and Mast urged Canada to pursue formal cooperation mechanisms under the CLOUD (Clarifying Lawful Overseas Use of Data) Act framework, which allows cross-border access to digital evidence while preserving legal safeguards and judicial oversight. As Congress debates surveillance reform at home, the dispute over Canada’s Bill C-22 underscores a growing international reality – efforts by governments to weaken encryption abroad can directly threaten the privacy and cybersecurity of Americans at home. Comments are closed.
|
Categories
All
|
RSS Feed