OpenMedia Urges SECU to Close Loopholes That Weaken Cybersecurity in Bill C-8

Canada’s new cybersecurity bill, Bill C-8, gives ministers unchecked powers to secretly disconnect Canadians, issue sweeping telecom orders, and operate with minimal oversight, threatening accountability, privacy, and security online.

On December 4, 2025, OpenMedia’s Executive Director, Matt Hatfield, testified at the House of Commons Standing Committee on Public Safety and National Security (SECU) on Bill C-8, the government’s latest proposal on cybersecurity for the protection of Canada’s critical infrastructure.

Introduced in June 2025, Bill C-8 amends the Telecommunications Act, and creates new framework called the Critical Cyber Systems Protection Act (CCSPA). Bill C-8 closely mirrors Bill C-26 from the Trudeau era––a half-baked cybersecurity law that had passed through Parliament but died in the Senate when Parliament was dissolved earlier this year (2025), and inherited serious loopholes that could put Canadians’ privacy and security at risk from its predecessor.

The bill gives government ministers broad powers to issue secret orders, compelling telecom companies, banks, and other federally regulated organizations to act in ways that could weaken encryption. These orders can last indefinitely, with no independent review and minimal oversight, leaving both the public and Parliament in the dark. While the bill’s intention—strengthening cybersecurity—is valid, the way it is currently written risks undermining the very protections it claims to offer.

Strong cybersecurity is essential, but undermining encryption or issuing secret orders without checks does not make Canadians safer. It leaves us vulnerable to hackers, cybercriminals, and unjust surveillance. Other democracies, such as the UK and Australia, approach cybersecurity differently, requiring independent technical and judicial review before orders can be implemented.

These concerns are shared by thousands of Canadians. Over 5,000 members of the OpenMedia community have written to their MPs, demanding that Bill C-8 be amended to include robust privacy and accountability safeguards.

During his testimony, Matt laid out concrete recommendations to fix these flaws. Orders under Bill C-8 should be subject to review by an independent judge and technical expert, either before or shortly after being issued, with the authority to overturn overreaching actions. The bill must explicitly protect encryption and prevent the creation of backdoors. Any personal information incidentally collected must be clearly defined, protected, and destroyed promptly, and cannot be shared with foreign intelligence agencies.

For anyone who wants to learn more, the recording and full text of our testimony are available here.

OpenMedia will continue advocating for strong, rights-respecting cybersecurity legislation, and your support makes a difference. Support our work and help protect privacy, security, and democracy in Canada!