Carney’s Liberals Push Controversial Surveillance Bill Through as Parliament Shuts Down for Summer

35,000+ smart investors are already getting financial news, market signals, and macro shifts in the economy that could impact their money next with our FREE weekly newsletter. Get ahead of what the crowd finds out too late. Click Here to Subscribe for FREE.

With Parliament preparing to leave Ottawa for its summer recess, Prime Minister Mark Carney’s Liberal government is accelerating one of its most contentious pieces of legislation. Bill C-22, formally called the Lawful Access Act, cleared the House of Commons public safety committee during an extraordinary late-night meeting that stretched into the early hours of June 18.

The government argues that the measure is needed to help police and intelligence agencies investigate crimes committed through modern digital platforms. Privacy advocates, technology companies and opposition MPs counter that its broad powers could reshape online privacy, encryption and government surveillance for years. Although the bill had not yet become law as of June 18, the compressed parliamentary timetable placed it within reach of a final Commons vote just as MPs prepared to leave for the summer.

A Late-Night Push to Finish Committee Review

Bill C-22’s committee examination ended under an unusually restrictive House of Commons order. Government Business No. 13 required the public safety committee to meet within one hour of the order’s adoption and complete its clause-by-clause review. If the committee had not finished within 30 minutes, every remaining amendment submitted before the deadline would be treated as formally moved and put to a vote without additional debate. The House approved that timetable by 166 votes to 150 on June 17.

The committee convened at 10:43 p.m. and remained in session until 12:59 a.m. By later that morning, it had adopted and presented its report to the House. The speed of the final review became almost as controversial as the legislation itself. The committee had previously heard from 61 witnesses and received 55 written briefs, but critics argued that MPs were denied the opportunity to fully debate the final wording of a bill exceeding 100 pages. Supporters responded that Bill C-22 had already received weeks of public testimony and substantial scrutiny.

What Bill C-22 Would Give Investigators

The legislation is divided into distinct but connected parts. The first would amend the Criminal Code, the Canadian Security Intelligence Service Act and several related laws. It would create a “confirmation of service” demand allowing authorized investigators to ask a telecommunications provider whether it provides, or previously provided, service connected to a particular subscriber, account or identifier. More detailed subscriber information would generally require a judicial production order.

Bill C-22 would also update rules covering emergency access, tracking data, transmission data, computer searches and requests sent to foreign service providers. The government says these changes address investigations in which data may be scattered among several companies or stored outside Canada. For example, a fraud investigation could involve an email provider in one country, a social-media platform in another and an internet service provider in Canada. Critics are less convinced that every new power has been narrowly drafted, particularly where the bill addresses voluntarily supplied information, publicly available material and situations described as urgent or exceptional.

New Obligations for Technology Companies

The second part would create the Supporting Authorized Access to Information Act. Rather than granting police a free-standing right to read private communications, this framework would allow the government to require certain electronic service providers to maintain the technical ability to comply with lawful warrants, orders and other existing authorities. The term “electronic service provider” is broadly defined and can include companies that enable communications, provide services to people in Canada or carry on part of their business in the country.

Cabinet could designate classes of companies as “core providers” and establish obligations involving technical capabilities, data extraction, information organization, equipment and metadata retention. The public safety minister could also issue an order to an individual provider, even when it was not part of a designated core class. Such orders would require approval from the Intelligence Commissioner before becoming valid. The minister would have to consider feasibility, costs, effects on customers, privacy and cybersecurity. Nevertheless, businesses have warned that much of the system’s practical reach would depend on regulations written after Parliament passes the legislation.

Encryption Became the Central Battleground

The possibility that Bill C-22 could weaken encryption produced some of the strongest opposition. Apple, Google and Meta warned parliamentary committees that broadly worded technical-capability orders could be used to pressure providers into weakening secure products. Encryption protects far more than private conversations. It also helps secure banking, medical information, business records, passwords and cloud storage from criminals, foreign governments and other unauthorized users.

The committee adopted amendments intended to address some of those concerns. The revised bill says providers cannot be compelled to decrypt information encrypted by a customer unless the provider supplied the encryption and possesses the information needed to decrypt it. It also states that providers cannot be required to introduce a “systemic vulnerability” or prevented from repairing one. The definition was strengthened to refer to credible risks based on recognized international technical standards. Those changes are significant, but they may not end the dispute. Technology companies and privacy specialists have argued that a weakness aimed at one target can sometimes affect an entire system, making the distinction between targeted access and a systemic vulnerability difficult to maintain in practice.

Metadata Rules Were Narrowed but Not Removed

Metadata is information about digital activity rather than necessarily the content of a message. It can include the time of a communication, the services involved, device identifiers, routing details and other technical records. A single data point may reveal little, but a large collection can expose patterns of movement, association and behaviour. That is why proposed metadata-retention rules became another major source of concern.

The original version of Bill C-22 permitted regulations requiring core providers to retain prescribed categories of metadata for as long as one year. Committee amendments reduced the maximum period to six months. They also added a requirement that cabinet be satisfied that each retained category and all its elements are essential to effective and timely criminal or national-security investigations. The bill excludes message content, web-browsing history and social-media activity from the specific metadata-retention power. Even with those limitations, critics argue that requiring companies to create or preserve records they would not otherwise keep could generate attractive targets for hackers. The government maintains that retention categories would be defined through regulations and accompanied by privacy and cybersecurity considerations.

Ottawa Says Criminals Have Outpaced the Law

Public Safety Canada presents Bill C-22 as a response to a basic investigative problem: criminals use the same smartphones, encrypted applications, cloud platforms and international services that have become part of everyday life. Federal officials cite online fraud, organized crime, foreign interference, terrorism, child exploitation and violent extortion as examples of threats that may involve digital evidence. They argue that a warrant is of limited value when a provider has no practical mechanism for locating or producing the authorized information.

The government also says the legislation would move Canada closer to its Five Eyes intelligence partners, which have established their own lawful-access frameworks. Canadian authorities maintain that the technical-capability portion does not independently authorize surveillance. Police and CSIS would still need an applicable Criminal Code, CSIS Act or other legal authority before accessing protected information. The Canadian Bar Association, however, has described the Five Eyes comparison as only partly accurate. Canada already has interception, search and production powers; what it lacks is a comprehensive system requiring providers to remain technically “intercept ready.” That difference is at the centre of the political argument.

Critics Say Oversight Still Falls Short

Privacy Commissioner Philippe Dufresne acknowledged that Bill C-22 was an improvement over the lawful-access provisions previously included in the government’s Strong Borders Act. However, his office recommended further safeguards involving necessity, proportionality, transparency, systemic vulnerabilities and the reporting of privacy breaches. One concern was that confidentiality rules surrounding ministerial orders could prevent companies from giving regulators enough information to investigate a breach connected to a government-mandated capability.

Citizen Lab researchers at the University of Toronto and the Canadian Civil Liberties Association went further, describing portions of the proposal as constitutionally vulnerable and warning about broad surveillance obligations, insufficient transparency and cybersecurity risks. The Canadian Bar Association recommended separating the bill’s two major parts so that new investigative authorities and the provider-capability regime could receive distinct scrutiny. After the late-night committee process, 21 civil-liberties organizations, privacy groups and experts issued a joint statement condemning the cutoff of debate. Their concern was not simply that amendments might fail, but that legislators were voting on technically complex provisions without publicly discussing many of them.

The Bill Is Advancing, but It Is Not Yet Law

The committee’s June 18 report included several amendments. Along with the encryption and metadata changes, the revised text added further reporting to the National Security and Intelligence Review Agency, tightened conditions attached to ministerial orders and created a process through which providers could seek permission to disclose protected information to regulators. The committee also ordered a reprint of the amended bill for use during report-stage consideration in the House.

However, clearing committee does not mean Bill C-22 has completed Parliament. As of June 18, it still required report-stage and third-reading approval in the House of Commons, followed by consideration in the Senate and royal assent. The Commons calendar listed June 19 as the final regular sitting day before the summer recess, creating an exceptionally narrow window. The government’s procedural order was designed to make rapid passage through the Commons possible, including immediate votes and extended sitting hours if necessary. Whether the Senate completes its work immediately or returns to the legislation later will determine when, and in what final form, the new lawful-access system reaches Canadians.

This Options Discord Chat is The Real Deal

While the internet is scoured with trading chat rooms, many of which even charge upwards of thousands of dollars to join, this smaller options trading discord chatroom is the real deal and actually providing valuable trade setups, education, and community without the noise and spam of the larger more expensive rooms. With a incredibly low-cost monthly fee, Options Trading Club (click here to see their reviews) requires an application to join ensuring that every member is dedicated and serious about taking their trading to the next level. If you are looking for a change in your trading strategies, then click here to apply for a membership.