Canada’s Parliament is debating Bill C‑22, a law that would force every messaging provider to create a second encryption key. The government would hold a copy, allowing courts to compel disclosure. Today, apps like Signal, iMessage, WhatsApp and Messenger keep keys only for users, protecting private chats from corporate or state reading.

If passed, service operators must build backdoors even when they resist. A court order would trigger a mandatory copy‑in, and failure could trigger fines. Hackers who discover the backdoor can walk through it with ease, as seen in the 1994 U.S. Salt Typhoon attack that exposed phone carriers for years to targeted communications today wide.

The bill also expands metadata retention to one year for all users, regardless of suspicion, and grants Canadian courts power to compel foreign providers to hand over Canadian data. Lawyers, doctors, journalists and activists rely on end‑to‑end encryption; a single government‑controlled key would strip that trust and expose sensitive conversations for individuals in various fields.

Signal’s foundation has already threatened to leave Canada if forced to comply, and civil‑society groups such as OpenMedia and CCLA are urging MPs to insert explicit no‑backdoor language. Without such safeguards, Canada risks repeating the U.S. experience where a lawful‑access framework became a conduit for espionage and mass surveillance of state crimes that target citizens.