Meta, the owner of Facebook, Instagram and WhatsApp, has warned Canadian lawmakers that the country's proposed lawful access legislation could turn private technology companies into arms of the state surveillance apparatus.
Rachel Curran, Meta's head of public policy in Canada, told the House of Commons Standing Committee on Public Safety and National Security on Thursday that the bill's technical assistance obligations could conscript private companies into government surveillance operations.
In prepared testimony, Curran and Meta's privacy and public policy director Robyn Greene said Bill C-22's sweeping powers, minimal oversight and lack of clear safeguards could make Canadians less safe rather than more.
The pair argued that, as drafted, the legislation could require companies like Meta to build or maintain capabilities that break, weaken or circumvent encryption, and force providers to install government spyware directly on their systems.
Meta drew a distinction between the bill's two parts, endorsing Part 1 as a framework that would give law enforcement effective tools to obtain critical evidence, while warning that Part 2 could significantly damage Canadians' privacy and cybersecurity.
Curran recommended several amendments, including removing the obligation for companies to add government or third-party surveillance tools to their systems and strengthening the definition of "systemic vulnerability" to explicitly rule out any requirement that would weaken or break encryption.
Meta also echoed the Canadian Chamber of Commerce, which appeared before the same committee on Thursday, in calling for the bill to be split to allow deeper scrutiny of its most contentious provisions.
Apple had issued its own warning the previous day, saying the legislation could force companies to insert encryption backdoors into their products, something it declared it would never do.
Apple indicated it could withdraw products from Canada rather than comply, mirroring its February 2025 removal of its Advanced Data Protection feature from the United Kingdom after a similar government demand.
The Canadian government rejected the characterisation, with a spokesperson for Public Safety Minister Gary Anandasangaree saying the legislation does not compel companies to weaken encryption or create systemic vulnerabilities.
Bill C-22, the Lawful Access Act, was tabled on 12 March 2026 and is the Liberal government's third attempt at a lawful access regime in under a year.
Experts have raised concerns that the bill is being rushed through the Commons, with only three sessions and 10 hours of committee time allocated for witness testimony.
Related reading
- Apple risks $38bn Indian antitrust fine after refusing to hand over financial records
- Publishers accuse Zuckerberg of personally directing "massive" copyright theft to train Meta's AI
- Intel's SambaNova investment clears US antitrust review despite CEO's dual role as startup chairman
Professor Michael Geist, the University of Ottawa's Canada research chair in internet and ecommerce law, told the committee that requiring metadata retention on every subscriber regardless of suspicion for up to a year amounted to a comprehensive surveillance map of virtually every Canadian.
National security law professor Leah West of Carleton University said Canada needed a lawful access regime but acknowledged that Bill C-22 was not yet ready, proposing a series of targeted amendments.
The recap
- Meta appeared before the Standing Committee on Public Safety and National Security
- A version of the post was delivered as speaking remarks to the committee
- Meta said it was grateful for the invitation to share its perspective
