Apple and Meta are pushing back hard against a Canadian bill they say could give the government the power to force tech companies to break encryption—the very technology that keeps messages, bank logins, and health data private. The bill, known as Bill C-22 or the Lawful Access Act, 2026, is currently moving through Canada's House of Commons, and the tech industry is not staying quiet about it.
Both companies went public with their opposition earlier this month. Apple told Reuters flatly that it would never build a backdoor into its products—'something Apple will never do.' Meta's executives echoed that in testimony before the Standing Committee on Public Safety, warning that the bill's 'sweeping powers, minimal oversight, and lack of clear safeguards' could ultimately make Canadians less safe.
What Bill C-22 Actually Does—and Why It's Causing Alarm
The bill has two distinct parts. Part 1 deals with modernizing how police can access subscriber information—basically, whether a telecom like Bell or Rogers provides service to a specific person. That part has drawn relatively little criticism. It is Part 2 where things get complicated.
Part 2 creates a new law called the Supporting Authorized Access to Information Act. Under this framework, electronic service providers—a term so broad it could apply to almost any internet-based business operating in Canada—can be ordered to build technical capabilities that let law enforcement and Canada's spy agency, CSIS, access data quickly and consistently.
The orders can be issued secretly by the Minister of Public Safety, with approval from the Intelligence Commissioner. There is also a provision allowing the government to require companies to retain certain metadata—including device location data—for up to one year. That means a phone could effectively become a government-accessible tracking device, even if the user has done nothing wrong.
The Encryption Question: Backdoors by Another Name?
Here is the crux of the controversy. Bill C-22 includes language saying companies cannot be forced to introduce a 'systemic vulnerability'—a security flaw that could expose users to hackers or bad actors. That sounds like a protection. But critics argue the definition is dangerously vague, and crucially, the government can redefine it through regulation later.
Meta's public policy team pointed out in their testimony that essential terms like 'encryption' are not even defined in the bill itself—they are left to regulation. Meanwhile, ministerial orders can override those same regulations. That is a lot of wiggle room.
Will Cathcart, Head of WhatsApp at Meta, put it bluntly on social media: 'Canada's proposed bill would turn private companies into permanent government surveillance tools. Scanning everyone's messages weakens security for everyone. Governments should be arguing for more security, not less.'
The technical consensus in the cybersecurity community is equally clear: one cannot build a backdoor for law enforcement without creating a vulnerability that others will eventually find and exploit.
Canada Isn't the First Country to Try This—and Others Have Backed Down
This debate has played out before. In early 2025, the UK government secretly ordered Apple to hand over global access to encrypted iCloud data. Apple refused, pulled its Advanced Data Protection feature from the UK market entirely, and the British government eventually dropped the demand after the US raised concerns it could violate a cloud data treaty, Reuters reported.
Meta also noted in its testimony that France and Sweden abandoned similar proposals, and the EU has since guaranteed robust encryption protections in its online safety legislation.
Public Safety Canada maintains the law will not require companies to create systemic vulnerabilities and that tech firms have a 'vested interest in keeping their systems secure.' But for Apple, Meta, and privacy advocates like the Canadian Constitution Foundation, the concern is not what the bill says today—it is what its broad, loosely defined powers could be used to demand tomorrow.
The bill is still being debated. Its final shape is far from settled.
