Google warns Canada’s lawful access bill risks creating ‘surveillance infrastructure’

Apple, Google and Meta Push Back Against Canada’s Sweeping Lawful Access Bill

Major U.S. tech companies are lining up against Canada’s Bill C-22, a proposed law that would require electronic service providers to build surveillance capabilities into their systems and retain user metadata for up to a year. Apple, Google, and Meta have each submitted formal objections to Canada’s parliamentary committee on public safety, warning that the legislation could force companies to weaken encryption and create backdoors that compromise the security of millions of users.

Tech Giants Sound the Alarm

Apple was among the first to publicly oppose the bill, telling the committee in early May that the legislation “would undermine our ability to offer the powerful privacy and security features users expect from Apple,” adding that it “could allow the Canadian government to force companies to break encryption by inserting backdoors into their products — something Apple will never do.” Meta echoed those concerns, stating that the bill “could require companies like Meta to build or maintain capabilities that break, weaken, or circumvent encryption or other zero-knowledge security architectures, and force providers to install government spyware directly on their systems.”reuters

Google, in a submission to the Standing Committee on Public Safety and National Security published last week, warned that Bill C-22 would establish a “surveillance infrastructure” that risks enabling foreign interference while diminishing user privacy. The company raised concerns that secret ministerial orders would limit transparency and erode user trust, and that mandatory metadata retention could broaden the attack surface for cyberattacks.theglobeandmail

What the Bill Would Do

Introduced on March 12, 2026, by Public Safety Minister Gary Anandasangaree, Bill C-22 — formally called the Lawful Access Act, 2026 — would require electronic service providers, including telecom firms, messaging apps, and social media platforms, to develop and maintain systems capable of facilitating law enforcement access to communications data. Core providers would be compelled to retain metadata, including location data and device identifiers, for up to one year — a requirement that applies to all users regardless of suspected wrongdoing. The bill would also lower the threshold for certain data production orders to “reasonable grounds to suspect,” a departure from the longstanding “reasonable grounds to believe” standard.bc

The Canadian government has defended the bill as “encryption neutral,” with officials insisting it does not compel companies to weaken encryption or create systemic vulnerabilities. The backlash has extended beyond Silicon Valley: two U.S. congressional committees sent a letter to Canada’s public safety minister warning that the bill “would drastically expand Canada’s surveillance and data access powers in ways that create significant cross-border risks to the security and data privacy of Americans.”house

A Growing Coalition of Opposition

Privacy advocates and VPN providers have also joined the resistance. The Electronic Frontier Foundation called the bill “a repackaged version” of earlier surveillance legislation, warning that its vague definitions of encryption and “systemic vulnerability” leave room for the government to demand companies circumvent encryption. Toronto-based VPN provider Windscribe has said it would relocate its headquarters out of Canada if the bill passes, and NordVPN has warned it would pull services from the country.eff

The debate now centers on whether the parliamentary committee will recommend amendments before the bill advances further — and whether Canada’s tech sector can sustain both the surveillance infrastructure the government envisions and the trust of its users.