After 'misunderstanding,' federal officials are open to changes on police search powers bill

OTTAWA — The federal government says the debate over its controversial lawful access Bill C-22 is marred by “misunderstanding” but says it is open to amending it to address concerns over encryption and fears of mass surveillance.

“We’ve obviously been paying close attention to comments about lack of clarity about encryption, for example, and questions about whether or not there’s direct access by law enforcement, and comments about mass surveillance,” Richard Bilodeau, the Public Safety Canada’s acting assistant deputy minister for the cybersecurity branch, told National Post Tuesday.

“And so, anything that can make the legislation clearer and provide as much understanding to stakeholders, those are the kind of things that we’ll always consider,” he added, noting that government amendments to the bill are ultimately up to the minister of public safety and MPs.

Government officials from Public Safety, the RCMP, CSIS and Justice Canada organized the briefing in response to growing concerns from civil liberty advocates, business groups, technology companies and senior U.S. Republican politicians about the powers Bill C-22 proposes for police and Canada’s spy agency.

The bill is currently being studied at the Commons Public Safety committee, where a wide range of witnesses have pressed the government to either narrow the legislation or add more judicial or watchdog oversight.

The ability to obtain Canadians’ private information and intercept communications, known as “lawful access,” is one of the most intrusive powers afforded to police and intelligence agencies. Creating such a regime for the digital age in Canada has been the subject of fierce debate for decades.

In Bill C-22, the government is proposing that police and the Canadian Security Intelligence Service (CSIS) only be able to approach telecommunications companies and ask them if, yes or no, an individual is a client before having to get a warrant for more information.

The bill also proposes new obligations to electronic service providers to organize and retain various types of client data for up to one year in a way that makes it obtainable by law enforcement or CSIS with a warrant.

That means that if passed, the bill would compel electronic service providers to store and make information like device locations or cameras available to police or CSIS with the requisite warrant. That could be used to track a person’s live location in case they pose a threat to national security or are considered to be in danger, the government cited as examples.

Canadian police and intelligence agencies have long complained that the country lags significantly behind its G7 counterparts because it does not have a lawful access regime adapted to the digital age.

They argue that investigations that increasingly rely on obtaining digital or telecommunications evidence, such as the crimes of child sex abuse material or extortion, are increasingly hampered or simply foiled because police can’t access the proof they need fast enough.

But privacy and some national security specialists counter that police already have many of the powers they need and that Bill C-22 offers overly-broad and invasive access to law enforcement of Canadians’ most private data.

In recent weeks, major tech companies such as Apple and Meta (which owns Facebook, WhatsApp and Instagram), Signal (a leading encrypted messaging platform) and NordVPN (the biggest private VPN provider in the world) have warned that the bill, as drafted, might force them to drop key safety features or simply exit the Canadian market.

Meta’s director of public policy for Canada, Rachel Curran, went so far as to tell the committee that the second part of the bill would allow the government to “conscript private companies into service as an arm of the government’s surveillance apparatus.”

During the briefing, the officials stressed that many of the concerns from the companies are overblown.

“I think there may have been some misunderstanding of the intent of the legislation,” Bilodeau said.

“One of the things that is quite clear is that this is not about mass surveillance… This is about giving law enforcement and CSIS the ability, under court-authorized judicial warrants, to access very specific data that are being held by certain electronic service providers.”

Both Prime Minister Mark Carney and Public Safety Minister Gary Anandasangaree have insisted that they are resolute about passing lawful access reform.

“Clearly, there is a need for better understanding of this bill,” Anandasangaree said at a press conference last week. “Tech giants are misinterpreting some of the safeguards that are already built in, including on ensuring that encryption is not in any way interrupted as part of Bill C-22.”

The bill will also not force companies to create methods to decrypt information if they don’t already have such tools, the officials insisted. One of the key concerns from companies such as Signal, NordVPN or Apple is that Bill C-22 would compel them to create decryption keys to make information readable to law enforcement if required.

That’s not the case, Bilodeau and CSIS assistant deputy minister Nicole Giles argued Tuesday. If a company can already decrypt information, then it can provide decrypted information to law enforcement with the requisite judicial warrant.

But because the bill does not allow for the government to create a “systemic vulnerability” in a company’s systems, law enforcement could thus not compel a company like Signal to make its end-to-end encrypted messaging app decryptable.

Instead, the company could fork over the encrypted data to police, who will either have to figure out how to crack it or try to exploit related information such as metadata.

“We would not see the content. He would not get the content. It would not be decrypted,” said Public Safety’s director general of national security policy, Shannon Hiegel.

National Post

cnardi@postmedia.com

Our website is the place for the latest breaking news, exclusive scoops, longreads and provocative commentary. Please bookmark nationalpost.com and sign up for our politics newsletter, First Reading, here.