The fundamental right to online privacy is facing a critical challenge in Ottawa. On April 28, 2026, a broad coalition of civil society organizations, technology companies, and cybersecurity experts—coordinated by the Global Encryption Coalition (GEC)—published an open letter to Prime Minister Mark Carney, Public Safety Minister Gary Anandasangaree, and Justice Minister Sean Fraser. Their message was blunt: Withdraw Bill C-22 immediately.
While the federal government frames Bill C-22, An Act respecting lawful access, as a necessary tool to keep Canadians safe from crime, digital security experts warn it will achieve the exact opposite. At the center of the controversy is Part 2 of the bill, the Supporting Authorized Access to Information Act, which would mandate tech companies to build “technical capabilities” into their systems—a euphemism for encryption backdoors.
The Myth of the “Good Guys Only” Backdoor
The core argument against Bill C-22 rests on an unshakeable cryptographic truth: You cannot build a backdoor that only lets the good guys in. If a vulnerability is engineered into a secure system to allow government interception, that vulnerability exists for anyone clever enough to exploit it.
The threat is no longer theoretical; it is actively happening. In late 2024, a Chinese state-sponsored hacking collective known as Salt Typhoon breached the US telecommunications infrastructure. They did not have to break advanced encryption algorithms; instead, they simply targeted and commandeered the built-in, government-mandated interception capabilities required by US law. If the world’s most sophisticated intelligence apparatuses cannot protect their own backdoors from hostile adversaries, Canada cannot expect to fare any better.
Furthermore, the technological landscape has radically shifted with the rise of artificial intelligence. In 2026, AI tools have dramatically collapsed the timeline between discovering a security flaw and weaponizing it. AI can now autonomously comb through software, spot vulnerabilities created by mandated access mechanisms, and write exploit scripts in a matter of hours.
The Unintended Casualties of Weakened Security
Should Bill C-22 pass, the ripple effects would extend far beyond law enforcement investigations. The open letter outlines four critical areas where Canadians would bear the cost:
| Risk Area | Immediate Consequences under Bill C-22 |
| National Security | Exposes Canadian government, military, and critical infrastructure networks to state-sponsored actors from regions like Russia and China, both of whom have actively targeted Canadian systems recently. |
| Vulnerable Communities | Destroys the “lifeline” of end-to-end encryption used by domestic violence survivors planning escapes, strips child-safety protections from schools and health authorities, and exposes marginalized groups to corporate or state surveillance. |
| The Tech Economy | Drives innovation away. Tech giants and secure service providers face an impossible choice: weaken their security or pull out of Canada. A similar policy in Australia (the TOLA Act) caused immense distrust and an estimated $1 billion AUD in economic damage to their local tech sector. |
| Cost of Living | Escalates cybercrime and data breaches. Canadian businesses spent an estimated $1.2 billion on cyber incident recovery in 2023 alone. Weakening encryption will drive those recovery costs up, and those expenses will inevitably be passed down to Canadian consumers. |
Vagueness and Creeping Powers
The letter also sounds the alarm on the legislative ambiguity within Bill C-22. Terms like “systemic vulnerability” are loosely defined, while the word “encryption” isn’t legally defined at all within the text. Crucially, the legislation grants the Governor in Council a wide, unchecked remit to alter these definitions and processes behind closed doors. With Ottawa already signaling a willingness to expand law enforcement powers under the bill, critics fear that even the baseline safeguards currently in place will quickly erode.
The Path Forward
The coalition of signatories—including major digital rights advocates like Mozilla, Proton, Tuta, OpenMedia, and the Center for Democracy & Technology—is urging the federal government to hit the brakes. Rather than forcing a deeply flawed security compromise through Parliament, the letter demands a full withdrawal of Bill C-22, followed by comprehensive public consultation and a formal Internet Impact Assessment.
In a digital society where nearly every aspect of our personal, financial, and professional lives is conducted online, strong encryption isn’t an obstacle to public safety—it is the foundation of it.
About Author
More Stories
BUDGET REVOLUTION: Tanzania Pivots to Infrastructure and Digital Safety in Historic 2026/2027 Fiscal Plan.
The Human Face of Privacy: Why IVPN is Breaking the “Black Box” Tradition of the VPN Industry.
Guarding the Digital Gateway: African Coalition Launches ‘DNS Abuse Watch’ to Protect Payment Systems.