Outrage: Canada’s Government Pushes for Mass Surveillance

Canada’s Liberal government has tabled legislation that privacy experts warn could enable unprecedented government surveillance of Canadians’ digital communications through mandatory metadata retention and potential encryption backdoors.

Story Snapshot

Bill C-22 mandates service providers retain transmission metadata for up to one year, expanding government access to Canadians’ digital footprints
Privacy advocates warn the legislation revives failed “lawful access” schemes with dangerous backdoor surveillance capabilities that could undermine encryption
New ministerial order powers allow government to compel tech companies to build surveillance capabilities with minimal oversight
Law enforcement gains streamlined access to subscriber information and service confirmation data, some without traditional warrant requirements

Lawful Access Returns With Expanded Metadata Collection

The Canadian government introduced Bill C-22 in March 2026, reviving controversial “lawful access” proposals that privacy advocates thought were dead. The legislation requires electronic service providers to retain transmission metadata for up to one year, representing a significant expansion of government surveillance capabilities. Legal expert Michael Geist notes this metadata retention mandate goes beyond previous proposals, creating a systematic collection of Canadians’ digital activities. The bill follows failed attempts dating back to the 2010s, when similar legislation faced public backlash over warrantless access provisions and privacy violations.

Public Safety Minister Gary Anandasangaree claims the bill balances security needs with privacy protections, pointing to consultations with law enforcement and privacy groups. The government argues Bill C-22 provides necessary tools for police investigating digital crimes like sextortion and fraud, which have outpaced existing legal frameworks. Ottawa Police Chief Eric Stubbs cited cases where investigators struggle to trace perpetrators using platforms like Instagram without subscriber information access. The legislation aligns Canada with Five Eyes intelligence-sharing standards, requiring core telecommunications providers to build capabilities for lawful interception and data access.

Backdoor Risks and Ministerial Order Concerns

Critics warn Bill C-22 contains dangerous provisions allowing government to compel service providers to build surveillance backdoors into their systems. Ministerial orders can require companies to develop capabilities for intercepting communications, potentially weakening encryption protections that safeguard Canadians’ privacy from criminals and foreign adversaries. While the government added Intelligence Commissioner approval requirements, upgrading from previous Bill C-2, privacy advocates argue this oversight remains insufficient. The Progress Chamber identified government surveillance expansion as a fundamental threat to digital privacy rights, noting the legislation enables systematic monitoring of metadata that reveals detailed patterns of Canadians’ lives.

Service providers face just ten business days to challenge ministerial orders in court, creating time pressures that favor government demands over privacy considerations. The legislation applies to both domestic telecommunications companies and foreign providers like Google and Meta, accessible through judicial processes. This approach forces companies into compliance with surveillance requirements or costly legal battles. The bill explicitly excludes content, browsing history, and social media data from retention mandates, limiting scope compared to mass surveillance programs. However, transmission metadata alone reveals who communicates with whom, when, and from where, providing government agencies detailed intelligence on Canadians’ associations and activities.

Constitutional Concerns and Limited Oversight

Bill C-22 operates against the backdrop of the 2014 Supreme Court R. v. Spencer decision, which required judicial oversight for subscriber information access after finding privacy rights extend to digital identities. The new legislation appears designed to circumvent these protections through “confirmation of service” demands that require no warrant, allowing police to verify whether a phone number or identifier receives service from a provider. This represents a form of warrantless access that contradicts Spencer’s privacy principles, despite government claims of enhanced safeguards. The bill’s annual reporting requirements and three-year parliamentary review scheduled for approximately 2029 provide minimal accountability for surveillance expansion happening now.

The legislation demonstrates how Liberal policies chip away at privacy rights under the guise of public safety, following familiar patterns of government overreach. Canadians face mandatory data collection programs without meaningful consent or ability to opt out, as service providers must comply or face penalties. The Intelligence Commissioner approval process adds a thin veneer of oversight, but ultimately grants ministerial orders significant power to compel surveillance capabilities. Privacy advocates correctly identify this as a slippery slope where today’s metadata retention becomes tomorrow’s content monitoring, particularly given government track records on respecting constitutional limitations once surveillance infrastructure exists.