Apple and Meta Warn Canadian Law Could Weaken Encryption

Apple and Meta have voiced strong opposition to a proposed Canadian law, warning it could compel them to break or weaken encryption systems in their devices and services. The legislation, known as Bill C-22, was introduced by Canada’s ruling Liberal government, which secured a parliamentary majority last month, and is currently under debate in the House of Commons.

Canadian law enforcement agencies argue the bill would enable faster and more effective investigations into security threats. However, tech companies view it as part of a broader global push by governments to expand “lawful access” to encrypted data—a move they say directly threatens user security.

Bill’s Provisions and Precedents

Experts say the Canadian bill contains provisions that may mirror a previous British order, in which UK authorities demanded Apple grant access to encrypted cloud data. That demand led Apple to later withdraw its fully end-to-end encrypted cloud storage feature. Reports also indicated that the United States subsequently intervened with Britain, citing concerns over a treaty governing cloud computing data.

End-to-end encryption ensures data is accessible only to the user, with neither the company nor law enforcement able to read it without the encryption key. This technology is widely used in services like Meta’s WhatsApp and Apple’s iMessage, and is considered a critical defense against espionage and cyberattacks.

Company Responses

In an official statement, Apple said the bill in its current form “threatens its ability to deliver the privacy and security features users expect.” The company warned the legislation could allow the Canadian government to force companies to introduce “backdoors” into their systems—a step Apple said it “will never take.”

Meta, in a written submission, cautioned that the bill’s broad powers, lack of oversight, and absence of clear safeguards could make Canadian citizens less safe rather than protecting them. The company noted the current text could require firms to create or maintain technical capabilities to break or weaken encryption, bypass security architectures based on data non-knowledge, or even install government spyware on systems.

A spokesperson for Canada’s Public Safety Ministry countered that the law would not force companies to introduce systematic security vulnerabilities into protective systems like encryption. The spokesperson added that the companies themselves have precise knowledge of their systems and a direct interest in maintaining their security.