Bill to help authorities probe online activities raises widespread privacy fears

• Share on Facebook
• Share on Bluesky
• Share on X
• Copy Link

Threshold for obtaining subscriber information

Police

Manslaughter charge laid after young woman's death at Turnor Lake

9h ago

World

Person dies after being hit by plane that was taking off at Denver airport

13h ago

Carney's remarks

Prime Minister Mark Carney touts Canadian values in speech at global progress summit

14h ago

Under the bill, authorities could demand that a telecommunications provider like Bell or Rogers reveal whether it provides service to an individual or a number of interest — a measure intended to speed up investigations.

Police would need reasonable suspicion that a crime has been or will be committed and be able to demonstrate that the information would be helpful in investigating that offence.

Currently, police can obtain a general production order from a court to go further and obtain subscriber information, such as the name, address and email linked to an account. The government says this can take time.

The new legislation would create a narrower court order that would allow police to seek subscriber information from a service provider.

Police would need to apply to a judge and establish that they have reasonable grounds to suspect criminal activity. They would also need to satisfy the court that subscriber information would assist their investigation.

The government says the measure is not particularly sensitive, since it is limited to information that identifies clients and services and does not include the contents of communications such as emails.

Legal experts expressed concerns about the provision to the MPs studying the bill.

University of Ottawa law professor Michael Geist took issue with the fact that the bill sets the standard for seeking subscriber information at “reasonable grounds to suspect” criminal activity, rather than the higher threshold of “reasonable grounds to believe.”

Supreme Court of Canada decisions have pointed to a high privacy interest in subscriber data, he said. “Setting the bar lower invites further Charter litigation, placing the provision on shaky legal ground,” he added.

Thompson Rivers University law professor Robert Diab said the subscriber information provision would allow police to know the types of television services to which an individual subscribes and the identifiers of every device associated with their account.

Backdoors?

The bill would require electronic service providers to develop and maintain the technical capabilities necessary to enable police and the Canadian Security Intelligence Service to effectively obtain communications and information for investigations.

The government says this measure is needed because a provider might lack the secure infrastructure to transfer information to these agencies in a useable format, or they might not be able to pull up the information quickly or ensure its accuracy.

There would be mandatory requirements for certain core providers — likely large telecommunications companies and satellite providers — to have specific capabilities. In addition, the public safety minister could issue a ministerial order to require a provider to develop a particular capability, even if they are not a core provider. The bill would prohibit a provider from disclosing the existence or content of a ministerial order.

Meta, the company behind Facebook, says the provision could have a “significant negative impact on Canadians’ privacy and cybersecurity.” Meta says this could require companies to build or maintain capabilities that break or weaken encryption, and force providers to install government spyware directly on their systems.

Meta says that while the bill purports to protect against risks to encryption by allowing providers to challenge demands that would introduce a “systemic vulnerability,” the definition of such a vulnerability is unclear. “Essential terms like ‘encryption’ are left to be defined in regulation, while ministerial orders can override those same regulations,” the company says.

Apple, maker of the iPhone, says the legislation could allow the government to force companies to break encryption by inserting backdoors into their products — “something Apple will never do.”

Lawyer David Fraser told the committee the bill needs guardrails to protect privacy.

“As written, the minister of public safety could issue a secret order to turn your Amazon Alexa into a listening device,” he said.

Fraser also suggested telecommunications firms might have to ensure every cell phone in Canada is trackable. “That is disproportionate and, in my view, actually absurd.”

In a recent letter to Public Safety Minister Gary Anandasangaree and Justice Minister Sean Fraser, the Canadian Chamber of Commerce said the provisions concerning technical capabilities present “considerable risks” to Canadian businesses, investment and the integrity of data systems. “To our knowledge, no comparable jurisdiction in the western world has adopted lawful access provisions of this breadth.”

The Ottawa-based International Civil Liberties Monitoring Group says the provisions would create “a mass surveillance capability regime.”

Simon Lafortune, a spokesperson for Anandasangaree, said the government categorically rejects claims the bill would enable the surveillance of Canadians through everyday devices such as cars, home cameras or smart TVs, or that it would require companies to introduce backdoors into their products so authorities could gain access to data.

“It does not grant the government new powers to indiscriminately access private devices or communications,” he said in a statement. “Any lawful access to information would continue to require appropriate legal authorization, such as a warrant issued by an independent court.”

Data retention

The bill would allow for regulations requiring service providers to retain metadata — digital traces of a communication, but not the email or text itself — for up to one year.

Lafortune stressed that the provision covers only metadata and does not permit the retention of content, web browsing history or social media activity.

Critics of the provision say the measure would allow for the capture of private information about ordinary Canadians who have no connection to any crime.

Geist told the committee the stored metadata, including location information, would amount to “a comprehensive surveillance map of virtually every Canadian — where and when they go, and who they interact with.”

He suggested scrapping the provision, or at least limiting the metadata retention period to a maximum of 30 days to meet the investigative needs of authorities.

This report by The Canadian Press was first published May 10, 2026.

Jim Bronskill, The Canadian Press