Apple, Meta Say Canadian Bill May Undermine Encryption Protections

SanFrancisco: Apple and Meta have publicly opposed a Canadian bill they say could require the companies to break the encryption of their devices and services if approved.

Bill C-22 was proposed by Canada’s ruling Liberal Party, which won a majority in parliament last month and is currently being debated in the House of Commons. Canadian law enforcement officials say the bill will help them investigate security threats earlier and take action more quickly.

This is part of a broader effort by governments to expand legal access to encrypted data; tech companies say it risks undermining user security.

The Canadian bill includes provisions that, depending on how they are implemented, could be similar to the data access provision order the UK sent to Apple last year. This order caused Apple to withdraw a feature that allowed users to store data in its cloud with end-to-end encryption.

U.S. officials later said Britain withdrew the request after U.S. national intelligence director Tulsi Gabbard raised concerns it could violate the cloud data agreement.

End-to-end encryption means that data cannot be accessed by just the user (including Apple, Meta, or law enforcement) without the key. The technology is widely used in services such as Meta Platforms’ WhatsApp and Apple’s iMessage, and security experts say it provides strong protection against espionage and cybercrime.

“At a time when threats from malicious actors seeking access to user information are increasing and widespread, Bill C-22, as designed, would undermine our ability to deliver the strong privacy and security features that users have come to expect from Apple,” Apple said in a statement. he said. “This legislation could allow the Canadian government to force companies to break encryption by embedding backdoors in their products, something Apple would never do.”

In prepared testimony, Meta’s head of Canadian public policy, Rachel Curran, and Director of Privacy and Public Policy, Robyn Greene, said the bill’s “broad powers, minimal oversight and lack of clear safeguards” could make Canadians less safe, not more.

“As drafted, it would require companies like Meta to build or maintain capabilities that break, weaken, or bypass encryption or other zero-knowledge security architectures and force providers to install government spyware directly on their systems,” the duo wrote.

The law does not require technology firms to make changes that introduce a “systemic vulnerability” to electronic protections such as encryption, Public Safety Canada spokesman Tim Warmington said in an email.

“They know their systems and have a vested interest in keeping them safe,” Warmington said.

The U.S. Director of National Intelligence did not immediately respond to a request for comment on the bill.