Image for OpenMedia to SECU: Withdraw Bill C-22 or gut its surveillance provisions
Avatar image of Jenna Fung
By Jenna Fung
May 21st, 2026

OpenMedia to SECU: Withdraw Bill C-22 or gut its surveillance provisions

OpenMedia submits a brief to SECU, demanding withdrawal of Bill C-22 or major overhaul of its surveillance powers, before the committee concludes hearing witnesses on May 26.

On May 15, 2026, OpenMedia submitted a brief to the Standing Committee on Public Safety and National Security (SECU) on Bill C-22, the so-called ‘Lawful Access Bill.’ In our 10-page brief, we put our core position front and centre: demanding full withdrawal of this dangerous, privacy-breaking bill.

We called out the government’s Charter Statement's silence on the bill’s most constitutionally vulnerable provisions, including forced encryption backdoors and the new metadata retention regime; and laid bare the fundamental flaws in the government’s ‘Lawful access’ framework, including the fundamentally broken structure of Part 2, and lingering concerns over Part 1’s confirmation-of-service demand to telecommunications service providers, diminished standard for warranted data demands, and cross-border data sharing. We made it clear that without major structural changes to the bill’s surveillance architecture, or full removal of the problematic Part 2, Bill C-22 has no place in a democracy like Canada and must not pass.

Read the full technical brief to learn more about our detailed policy recommendations.

More about Bill C-22

Bill C-22 is the current liberal government’s second attempt at getting lawful access passed, following on 2025’s failed Bill C-2. The bill includes overreaching measures that would give police, CSIS, and security agencies the power to install privacy-breaking backdoors at every layer of Canada’s technology stack, from telecom providers, to cloud storage, and social media platforms. Even hardware manufacturers like producers of new smart TVs and cars could be scoped into the bill. It could force tech companies to build tools to allow police to eavesdrop through your cell phone, laptop or smart speaker. And the threat isn't just government overreach. White hat hackers are warning that lawful access provisions like these will make it easier for criminals to penetrate Canadian systems, opening those doors to criminals and hostile foreign states too. 

Bill C-22’s sweeping new metadata retention requirement would also force providers to store up to one year of every single Canadians’ everyday online activity. That means your browsing history, GPS coordinates, and the time and targets of communications throughout your digital life logged, stored, and accessible. At the Bill C-22 committee hearing, a policy chief pushed for the metadata retention requirement to extend beyond 12 months, arguing that three years would be “ideal.”

Surveillance on this scale has no place in a democratic Canada. Even Canada's Chamber of Commerce — hardly a group of privacy activists — has warned that "no comparable jurisdiction in the Western world has adopted lawful access provisions of this breadth."

Who’s opposing this?

Since the liberal government introduced lawful access provisions in Bill C-2 in 2025 and now Bill C-22, our OpenMedia community has sent over 20,000 messages to Parliament opposing Canada to move forward with such sweeping surveillance powers. Our coalition work also helped mobilize over 300 organizations to voice their opposition to Bill C-2.

We joined over 25 leading rights and privacy organizations and experts to demand Parliament to kill Bill C-22,’ and raised alarm bells over Bill C-22’s backdoor request on virtually all electronic service providers (not just ISPs, but cloud storage, social media platforms, and potentially hardware manufacturers) with Internet Society and over 60 organizations and experts.

Signal, the world's most secure messaging app, have announced they will pull out of Canada entirely if they're forced into this so-called "lawful access" regime without major changes. Similar warnings are being raised by Apple, Meta, popular VPN companies Proton, Windscribe, and NordVPN, the Cybersecurity Advisors Network, legal and security experts, and the chairs of the U.S. House Judiciary and Foreign Affairs Committees.

AI is making it worse

While cybersecurity professionals are working to close vulnerabilities, new AI tools are being built to find and exploit them. In April 2026, Anthropic released "Claude Mythos," an AI model specifically designed to identify and exploit zero-day vulnerabilities across major operating systems. The days of professional hackers taking weeks to find an entry point are over — these tools now do it in hours. Canada adding mandatory backdoors and data retention requirements at the exact moment AI-powered exploitation is accelerating is not just bad policy, it's reckless.

How is it going to impact you?

Forced backdoors, turning our digital devices into listening devices, and universal metadata retention are all proposed in Bill C-22; the kind of expansive  surveillance architecture that resembles authoritarian regimes constantly spying on everyone more than a democracy’s careful constitutional protections. If passed, C-22 will affect what you do every day

  • The privacy of your texts through Signal, iMessage, or WhatsApp becomes optional – and some of these services leave Canada entirely.
  • A complete record of where you’ve been and who you’ve talked with will be legally required to be tracked on every designated electronic service Bill C-22 touches – available to police with a warrant, or to any hacker who breaks C-22’s backdoors. 
  • Communications that must remain confidential, like those with doctors, banks, or solicitor-client communications will be at risk of breaking due to C-22’s mandated backdoor capabilities.
  • Already-policed communities like journalists, protesters, and anyone organizing advocacy work in Canada loses the ability to privately communicate without fear.

The window to stop mass surveillance is closing fast

The House of Commons’ SECU committee is already nearly done reviewing the bill. Shockingly, the government has promised only three witness meetings to hear about necessary fixes before voting it through. To date, not a single rights defending organization has been called to testify — but we're working around the clock to change that!

Over 12,000 emails have been sent to MPs. If you help tell your MP to stop Ottawa’s attack on your privacy and democracy now, we can halt Bill C-22 before mandated systemic vulnerabilities become law for every service we depend on.

Add your voice now!

This is a defining moment for your privacy rights. We’re pushing to get 15,000 Canadians to speak up by the last scheduled committee hearing, on May 26. This will be possible if each of us invites just one more friend or family member. Help spread the words today to make sure MPs know Canadians want full withdrawal of Bill C-22 NOW!

Share on Facebook | Share on Bluesky | Share on Mastodon | Share via Whatsapp | Share via email

Bill C-22 is the most dangerous, privacy-breaking policy the Carney government has ever introduced. They're ignoring experts and civil society groups, rushing a policy that will make every Canadian less secure. Bill C-22 MUST be stopped.

Support our fight and help stop C-22 before it’s too late!

Related Posts

Take action now! Sign up to be in the loop Donate to support our work