Canada's Bill C-22 (Lawful Access Act) has been introduced, replacing the controversial lawful access provisions from Bill C-2. The new bill improves on warrantless access rules by limiting information demands to telecom providers confirming service to specific individuals, with broader subscriber data now requiring a judge-approved production order. However, the Supporting Authorized Access to Information Act (SAAIA) portion remains largely unchanged and introduces new concerns, including mandatory metadata retention requirements for 'core providers' not present in the earlier bill. The SAAIA requires communications providers to assist law enforcement in testing surveillance and interception capabilities, keep such arrangements secret, and potentially opens the door to backdoor network access. Critics warn these provisions could introduce systemic security vulnerabilities and facilitate cross-border data sharing under frameworks like the CLOUD Act and Budapest Convention's Second Additional Protocol.
Sort: