Google has told Canadian lawmakers that Bill C-22 would build a “surveillance infrastructure” that weakens cybersecurity for everyone.
The company’s submission to the House of Commons public safety committee landed alongside a blunt refusal from Swiss-based Proton VPN and a trade warning from the Information Technology Industry Council, a US lobby group representing Amazon, Google, and Nvidia.
Bill C-22 would force telecoms, messaging apps, and potentially any digital service in Canada to rebuild their systems for police and CSIS surveillance, while storing user metadata for up to a year.
That metadata covers who contacted whom, when, and from where, for millions of people not suspected of anything.
Even Google, which is ironically no stranger to surveillance accusations, warned that the bill gives the Public Safety Minister “sweeping powers to issue secret orders” to intercept data, and that its definition of “electronic service provider” could catch nearly any company operating in Canada.
The company called the bill’s safeguard against systemic vulnerabilities dangerously narrow. “Without a stronger definition of ‘systemic vulnerability,’ the law could be used to decrease overall user security, by creating backdoors that would break end-to-end encryption and create significant cybersecurity risks, facilitating foreign interference and weakening global user privacy,” Google wrote