Today, Meta participated in a session with the Standing Committee on Public Safety and National Security, presenting a version of their statement as speaking remarks. The company expressed gratitude for the opportunity to share their views with the committee and the Canadian public.
The remarks were delivered by Rachel Curran, Meta’s Director of Public Policy for Canada. She was accompanied by Robyn Greene, a subject matter expert. Curran emphasized Meta’s commitment to ensuring the safety of its Canadian users both online and offline, and expressed support for providing law enforcement with the necessary authority to gather crucial evidence and maintain public safety. Meta actively collaborates with Canadian law enforcement at various governmental levels, including proactive threat reporting and responding to legitimate legal requests.
Meta acknowledged the government’s efforts to address concerns related to Part 14 of the previous Bill C-2. With specific amendments, Part 1 of Bill C-22 could offer law enforcement a legal framework to access necessary data promptly. However, Part 2 of the bill raises significant concerns. Its broad powers, limited oversight, and lack of clear safeguards could adversely affect Canadians’ privacy and cybersecurity, potentially making them less safe.
Curran highlighted that the technical assistance obligations in Part 2 could compel private companies to act as extensions of government surveillance, with insufficient safeguards. The bill might require companies like Meta to compromise encryption or other security measures and install government spyware. Although the bill allows for challenges against demands that introduce a “systemic vulnerability,” the term is not clearly defined. Essential terms like “encryption” await regulatory definition, and ministerial orders could override these regulations. Moreover, the bill lacks a process for challenging problematic orders or liability protections during disputes, leaving companies in legal uncertainty.
The technical community agrees that creating backdoors in encrypted systems for law enforcement introduces vulnerabilities exploitable by malicious actors. Weakening encryption affects all Canadians who rely on secure communications for banking, healthcare, business, or personal communication. This risk is not hypothetical. The global impact of China’s Salt Typhoon cyberattacks, resulting from technical assistance mechanisms under a narrower U.S. law, underscores the dangers. Canadian security agencies, including CSIS and the Canadian Centre for Cyber Security, have advised adopting encryption as a defense against such threats.
Part 2 of Bill C-22 could lead Canada in the opposite direction, diverging from allies. France and Sweden have abandoned similar proposals, and the EU has ensured robust encryption protections. The UK’s similar authority, which led to Apple’s withdrawal of its Advanced Data Protection service, faced condemnation from the U.S. government and global organizations.
Curran warned that obligations rejected by Canada’s trading partners could expose Canadian businesses to cybersecurity risks, stifle innovation, and harm competitiveness. Part 2’s broad non-disclosure orders could undermine public trust and transparency. The bill also allows for mandatory metadata retention and warrantless searches, capturing private information without crime connections.
Meta urged policymakers to separate Part 2 from Bill C-22 to allow thorough examination of these critical issues. They recommended removing obligations for surveillance tools, strengthening the definition of “systemic vulnerability,” and establishing a process for challenging requests with liability protections.
Meta remains committed to collaborating with the government to balance effective law enforcement tools with privacy and security safeguards for Canadians.
