"The bill forces digital services, which could include telecoms, messaging apps, and more, to record and retain for a full year, and expands information sharing with foreign governments, including the United States. Metadata can reveal a lot about who you communicate with, where you go, and when you do so. Expanding the collection of metadata would require companies to store even more information about their users than they already do, providing an incentive for bad actors to access that information."
"Worst of all, Bill C-22 erodes the privacy of millions by providing a mechanism for the Minister of Public Safety to demand companies create a backdoor to their services to provide law enforcement access to data, as long as these mandates don't introduce a "systemic vulnerability." These widespread surveillance backdoors would likely facilitate even more data breaches than we see already. The bill also bans companies from even revealing the existence of these orders publicly."
"The definitions of both "systemic vulnerabilities" and "encryption" are not clear enough in C-22, leaving wiggle room for the government to demand that companies circumvent encryption. And the overbroad definitions in the bill can include apps as well as operating systems. Canadian officials have made it clear they believe it's possible to add surveillance without introducing systemic vulnerabilities, which is just not true. Surveillance of encrypted communications is fundamentally a systemic vulnerability."
Bill C-22 would require digital services, including telecoms and messaging apps, to record and retain information for a full year. The bill would also expand information sharing with foreign governments, including the United States. Metadata collection could reveal who people communicate with, where they go, and when they do so. The bill would increase the amount of user information companies must store, creating incentives for misuse and unauthorized access. It would allow the Minister of Public Safety to demand that companies create backdoors to provide law enforcement access, as long as mandates do not introduce a “systemic vulnerability.” The bill would also prevent companies from disclosing the existence of these orders. Unclear definitions of “systemic vulnerabilities” and “encryption” could enable demands to circumvent encryption, including for apps and operating systems.
#digital-privacy #metadata-retention #government-surveillance #encryption-backdoors #cross-border-data-sharing
Read at Electronic Frontier Foundation
Unable to calculate read time
Collection
[
|
...
]