Google tells MPs police search powers bill could 'facilitate foreign interference'

OTTAWA — Google and Apple, whose software runs in nearly every phone and tablet in Canada, warned that the Liberals’ lawful access bill poses a “threat” to encryption and their users’ data and could facilitate crimes such as foreign interference.

Speaking to the House public safety committee Tuesday, representatives from both tech giants said they respect the government’s desire to adopt lawful access reform. They argued that their goal is to balance users’ privacy with the need for law enforcement to have the tools they need.

But they warned that the Liberals’ controversial Bill C-22 goes too far and needs to be reworked significantly, lest it force them to create a “backdoor” into their encrypted services to users.

Google and Apple’s software powers over 99 per cent of all cellphones and tablets sold in Canada, as well as a significant portion of portable computers. They also operate a significant portion of the cloud storage business.

“Our users trust Apple with their most sensitive information. They expect and deserve the strongest protections, that’s why we’re so concerned about the threat to encryption posed by C-22,” said Apple senior director Erik Neuenchwander.

Google’s Jeanette Patell went a step further, telling MPs that the bill as it stands could force the company to undo many of its security features and open the door to criminals.

“Without stronger definitions, the law could be used to force the dismantling of critical privacy and architecture, such as breaking encryption, overriding users’ data deletion controls, or building remote access capability, all of which could facilitate foreign interference and weaken global user privacy,” Patell argued.

The federal Privacy Commissioner Philippe Dufresne also told the committee the Liberals’ lawful access bill is overly broad and should be narrowed to protect Canadians’ rights.

The government has repeatedly sworn that the new obligations to telecommunications and electronic services providers would not compel them to decrypt encrypted information. They argue the bill would allow them to ask companies to decrypt information if that is already possible, but would not force them to develop ways to unlock encrypted information.

But, many of the bills’ clauses “don’t compromise encryption directly but try to get at it indirectly by circumventing it or bypassing it. It still have the same impact in terms of the vulnerabilities that they ultimately create,” the Canadian Civil Liberties Association’s Tamir Israel to MPs Tuesday.

Lawful access, or the ability to obtain Canadians’ private information and intercept communications, is one of the most intrusive powers afforded to police and intelligence agencies. Creating such a regime for the digital age in Canada has been the subject of fierce debate for decades.

Law enforcement agencies have long argued that Canada needs to modernize its laws for the digital age, saying they are struggling more and more to get critical information in urgent situations during emergencies.

In Bill C-22, the government is proposing that police and the Canadian Security Intelligence Service (CSIS) be able to approach telecommunications companies and ask them if, yes or no, an individual is a client before having to get a warrant for more information. It can then apply to get a judicial warrant to obtain more “subscriber information” from the company.

The bill also proposes new obligations to electronic service providers to organize and retain various types of client data for up to one year in a way that makes it obtainable by law enforcement or CSIS with a warrant.

That means that if passed, the bill would compel electronic service providers to store and make information like device locations or cameras available to police or CSIS with the requisite warrant. That could be used to track a person’s live location in case they pose a threat to national security or are considered to be in danger, the government cited as examples.

It also proposes to give the minister of public safety the ability to issue secret “ministerial orders” to compel companies not captured by the bill to create intercept or data retention abilities, as long as it does not create a “systemic vulnerability” in the system.

Those orders would need to be approved by the Intelligence Commissioner and could challenged in Federal Court by the company.

Apple, Google, the CCLA and many other business groups and privacy advocates have argued that the secret orders put too much power into the minister’s hands and need to be narrowed or eliminated.

“I would say that the bill does not put a hole in the wall, it merely allows for secret orders to force putting a hole in the wall. And so our concern is motivated because, at the end of the day, there would still be a hole in the wall,” Apple’s Neuenchwander said.

During the hearing, many Liberal MPs pushed back on the concerns from Apple and Google, namely arguing that the bill would not force the companies to create holes in their encrypted systems.

But Montreal MP Anthony Housefather also conceded that he shared some of the companies’ concerns, suggesting that the Liberals are considering amendments to their controversial bill.

National Post

cnardi@postmedia.com

Our website is the place for the latest breaking news, exclusive scoops, longreads and provocative commentary. Please bookmark nationalpost.com and sign up for our politics newsletter, First Reading, here.