The Liberal government passed its lawful access bill through the House of Commons on June 18, using a procedural motion to jointly move several pieces of legislation before Parliament adjourns for the summer.

The motion bundled together several pieces of legislation, including Bill C-22 on lawful access, a financial crimes agency bill, an indigenous self-government agreement act, a National Defence Act amendment bill, and legislation recognizing Arab Heritage Month.

Government House Leader Steven MacKinnon sought unanimous consent June 18 to deem the bills passed at various stages without taking separate votes, stating that Bill C-22 be “deemed concurred in at report stage on division, and be deemed read a third time and passed on division.”

The motion passed on division, with Green Party Leader Elizabeth May and NDP MP Jennie Kwan rising in the House to record their opposition to Bill C-22, as no formal vote took place.

Lawful Access Act

Bill C-22 was tabled March 12 of this year and requires telecommunications providers to provide subscriber information to law enforcement in situations where authorities have “reasonable grounds” to suspect a crime will be committed or has been committed.

It also sets out requirements for electronic service providers to keep certain metadata and create capacity for investigators to access their systems.

Amendments to the bill were adopted in the committee stage on June 17 following weeks of testimony from privacy advocates, government officials, legal scholars and technology companies, including Google and Apple, who warned the bill could create increased risk of foreign interference and espionage.

Several witnesses warned that aspects of the bill could reduce privacy protections, lead to cybersecurity risks, and impose costly and challenging compliance requirements on technology companies.

In amending the bill, the government shortened the maximum metadata retention period from one year to six months, limited the scope of user metadata that can be required for retention, and strengthened safeguards restricting access to or decryption of user-encrypted data.

The encryption amendment specifies that decryption may only be required where the encryption is provided by the electronic service provider and the provider has the technical means or necessary information to decrypt the data.

The amendment appears to state that one provider cannot be told to decrypt another provider’s encryption, but leaves open the ability of authorities to ask a platform to decrypt user data.

The government says the legislation brings Canada’s laws up to date in the digital age and gives law enforcement the tools they need to effectively investigate and fight crime, while critics such as University of Ottawa law professor Michael Geist have raised concerns that parts of the bill could lead to infringement of privacy rights.

Procedural Disputes

The accelerated passage of Bill C-22 comes after a week of procedural disputes in Parliament which occurred after the Liberal government passed a motion forcing the committee to conclude its clause-by-clause review of the bill.

Public Safety Minister Gary Anandasangaree said the motion was necessary as there was a “time for debate, and a time for choosing” and argued the bill had already been studied and reviewed sufficiently. He accused Conservatives of trying to delay passage of the bill and said there was a “clear filibuster taking place” leading to the need for an expedited process.

Conservatives rejected Anandasangaree’s accusation of filibustering and opposed the expedited passage of the bill.

“What [Anandasangaree] calls a filibuster, I call scrutiny. What he calls taking time, we call democracy,” Conservative MP Frank Caputo, his party’s public safety critic, told reporters on June 16.

Caputo, a vice-chair of the committee, had also suggested the bill’s more contentious section get split off and left for further reworking and debate, but the proposal was not accepted by the government.

Tory MP Andrew Lawton accused the government of trying to “silence debate and shut down this committee’s work,” later saying the motion “rushes Bill C-22 through Parliament on the government’s timetable rather than allowing full parliamentary review.”

In addition to Google and Apple, the bill has also drawn opposition from a number of other technology companies including Proton VPN, Windscribe, NordVPN and Signal. The companies say that parts of the legislation could infringe on their privacy commitments to users or undermine their secure encryption systems.

The government has pushed back on these claims, with Anandasangaree saying that Bill C-22 does not create any backdoors to bypass encryption, doesn’t permit direct government access to platform systems, and still requires legal authority before any protected information can be accessed.

With Bill C-22 having now passed the House of Commons, it next moves to the Senate for consideration. The Senate currently has three more sittings before it adjourns for the summer on June 23.

Matthew Horwood contributed to this report.