appleinsider.com via Reddit

Apple, Google fight Canada encryption backdoor law

apple google regulation privacy encryption legislation

Key insights

  • Apple's Erik Neuenschwander warned C-22's vague language could force backdoor insertion into encrypted products sold in Canada.
  • Apple previously withdrew Advanced Data Protection from the UK under similar legislative pressure, establishing a likely template for Canada.
  • Google warned that secret data-access orders would restrict companies' ability to disclose how user data is actually protected.

Why this matters

The legislative ambiguity Apple flagged in C-22 mirrors the mechanism used in the UK's Investigatory Powers Act demands, confirming that governments are increasingly using vague statutory language rather than explicit mandates to achieve encryption access. If Canada passes C-22 without encryption carve-outs, it establishes a Five Eyes precedent where opaque compliance requirements effectively force backdoors without ever using that word. For AI practitioners building products with end-to-end encryption or on-device processing for Canadian users, this creates regulatory uncertainty that could require architectural changes to data access, storage, and transparency infrastructure.

Summary

Apple and Google testified before Canada's House of Commons committee May 26, pushing for explicit encryption protections in Bill C-22. The bill requires companies to hand over encrypted data without specifying how. Apple's Erik Neuenschwander cited the UK precedent, where Apple withdrew Advanced Data Protection rather than comply, warning that vague language forces backdoors. Google said secret data-access orders restrict companies' ability to be transparent with users about how their data is protected. Essentially: (Apple, Google) are warning Ottawa that ambiguous compliance language produces backdoors by default. - Apple declined to confirm whether it would exit Canada if the bill passes unchanged. - Google framed secret access orders as a user-transparency threat, not only a privacy issue. If C-22 passes without explicit encryption protections, Canada sets a Western precedent for mandating backdoors through statutory ambiguity.

Potential risks and opportunities

Risks

  • Apple may withdraw Advanced Data Protection or iCloud end-to-end encryption in Canada within 12-18 months if C-22 passes unchanged, removing key privacy features for Canadian users
  • Canadian startups and enterprises relying on Apple or Google encryption guarantees face product-liability uncertainty if secret access orders override published security commitments
  • Australia, New Zealand, or other Five Eyes members could cite a passed C-22 as precedent to advance similar ambiguous encryption-access legislation in 2026-2027

Opportunities

  • Privacy-focused vendors (Proton, Tresorit, Tutanota) gain competitive positioning in Canada if Apple and Google pull end-to-end encryption features under C-22 pressure
  • Canadian digital-rights law firms and compliance consultancies will see demand spike from enterprise clients assessing C-22 exposure before final passage
  • Privacy advocacy organizations (OpenMedia, EFF) can leverage high-profile corporate testimony to build broader user coalitions that accelerate explicit amendment adoption before the bill clears committee

What we don't know yet

  • Whether Apple has proposed specific amendment language to the C-22 committee, or is relying on testimony alone to prompt government-drafted protections
  • Whether C-22's secret data-access orders would apply to AI inference data and model outputs, or only to traditional stored communications
  • Timeline for committee amendments before C-22 reaches a final vote, and whether the UK ADP withdrawal has been cited in Canada's formal legislative drafting record

Originally reported by appleinsider.com

Read the original article →

Original headline: Apple and Google Testify Against Canada's Bill C-22 Encryption Backdoor Provisions Before House of Commons Committee