Canada’s Bill C-22 would require all messaging apps to build government-accessible backdoors, ending true end-to-end encryption for Signal, iMessage, WhatsApp, and others.
Key Takeaways
Every designated “core provider” must build capability for state access to E2E-encrypted messages under Ministerial order (SAAIA ss. 5-14).
Bulk metadata retention for up to one year on all users, regardless of suspicion, was added in C-22 and was not in predecessor Bill C-2.
The Salt Typhoon attack (2024) compromised U.S. CALEA lawful-access infrastructure built in 1994 – Canada’s own cyber agency then recommended more encryption, not less.
Gag orders can forbid providers from disclosing order existence for up to a year; a voluntary-disclosure safe harbour incentivizes providers to hand over data without a court order.
Signal, Apple, Meta, and Canada’s own oversight body NSIRA have all publicly opposed Part 2; no institutional public brief defends it outside the government.
Hacker News Comment Review
Commenters flagged that the site’s framing – “only you and the recipient hold the key” – may already be inaccurate: lawful intercept apparently helped U.S. and Canadian authorities trace Sikh assassination networks through “secure” messaging, suggesting existing legal mechanisms already reach encrypted traffic.
One commenter attributed the site’s rhetorical style to AI generation, pointing to the multi-vector, movie-trailer prose structure as a tell.
Notable Comments
@bigyabai: Cites U.S./Canada use of lawful intercept in the India-linked Sikh assassination cases as evidence E2E messaging is already reachable under existing frameworks.
