Mr. Speaker, I rise today to speak to Bill C-22, the lawful access act. Let me be clear from the start. Canada needs lawful access, but Canada must get it right.
Conservatives believe in law and order. We believe that police must be given the tools to stop criminals, dismantle organized crime and protect the most vulnerable, especially in a digital world. Today, this is a real problem. Our laws have not kept up with technology. The investigations are stalling. Evidence exists but cannot be accessed in time, and criminals take advantage of the gap. Bill C-22 is trying to fix this and that goal is necessary, but we must be prudent and use good judgment. In fixing one problem, we must not create another. We must not weaken the rights that we have and that we are trying to protect.
My office has heard from many people in my riding of Richmond Centre—Marpole. They understand the need for safety. They understand the threat of organized crime. They are asking for something simple: balance, accountability and restraint.
One concern raised by my community is the requirement for companies to build surveillance capabilities into their systems. That concern is straightforward. If we create access points into secure systems, we must be absolutely sure they cannot be abused. If they are, we do not just create tools for law enforcement; we create targets for bad actors.
We have already seen what can happen. In 2024, a major cyber-attack known as Salt Typhoon targeted telecommunications infrastructure and compromised sensitive communications systems. That operation has been widely reported as having involved highly sophisticated state-backed actors. This is the environment we are operating in today.
The question is not whether we need lawful access; the question is how we implement it safely and without introducing new risks.
Another concern raised by people in my riding is data retention. Bill C-22 would require certain providers to keep metadata for up to one year. The intent is clear. When police have legal authority, the data is there to help investigations. That makes sense.
People in my community are asking what the limits are. What are the safeguards? Even metadata can reveal a good deal about a person's life, where they go, who they contact and when those interactions happen. To be fair, this data is not freely available to the government. Law enforcement still requires proper authorization, including warrants in most cases. The bill does not allow the collection of content such as messages, browsing history or social media activity under these provisions. That distinction matters, but concerns remain. How do we ensure this stays targeted? How do we prevent this from expanding beyond its original intent?
Conservatives will be ready to hold the government accountable for any overreach. There are also serious questions about oversight. The bill allows for ministerial orders that can require companies to develop specific technical capabilities. These orders require approval from the intelligence commissioner but there is a clear gap. The Privacy Commissioner of Canada has no formal role in this oversight process. That raises a fundamental concern. If these powers affect the data and the digital lives of Canadians, why is privacy not formally embedded in the oversight structure?
Oversight must be balanced. Security considerations cannot come at the expense of privacy protections. Both must be present, and both must be strong.
Another concern is the scope of the bill. Part 2 would apply broadly to electronic service providers. This does not just mean large telecommunications companies. It could include messaging platforms, cloud service providers and email services. In other words, it could apply across the entire digital ecosystem that Canadians rely on every day. This is a very wide scope, and with a wide scope, the safeguards must be stronger. People I represent are asking for clarity. Who is covered? What exactly is required of them? Where are the limits? Without that clarity, there is a real risk of overreach, intended or otherwise.
A third concern is transparency. Under this bill, ministerial orders could be issued confidentially. There would be no public registry, no direct parliamentary approval and no guarantee that Canadians would ever know when those powers were used. That is a serious issue because lawful access in a democracy must not only be lawful but also be transparent and accountable. When significant powers operate behind closed doors, public trust begins to erode, and once that trust is lost, it is very difficult to rebuild. We should be careful not to move from a system grounded in reasonable grounds and judicial oversight to one where information is collected first and justified later. This would not be a small shift. There would be a fundamental change in the relationship between citizens and the state. Many Canadians are concerned that this bill could enable further surveillance architecture if not properly constrained.
We must also consider the burden placed on companies. They would be required to build and maintain systems, comply with strict technical requirements and face penalties for non-compliance. This would affect not only large telecommunications providers but also smaller and emerging companies. We must ensure that this would not discourage innovation or create barriers to entry in Canada's digital economy.
Now, there are strong parts in the bill. It would give law enforcement agencies faster access to basic information, clearer legal tools for digital evidence, emergency powers when time is critical and improved co-operation with international partners. These are tools that police have been asking for, for many years, and we recognize that. However, supporting these objectives does not mean we ignore legitimate concerns. It does not mean we stop asking questions. One resident wrote to me about Bill C-22, saying, “Privacy is the shield of free people.” Another resident wrote, “A free society should not treat everyone like a suspect.” These are not extreme views. They are common sense.
Our approach is clear. Conservatives will focus on ensuring that data retention is limited, justified and proportionate; strengthening safeguards around technical requirements; clarifying the scope and application of the bill; and ensuring strong, transparent and balanced oversight, including the role of privacy protection. If this bill is to move forward, it must earn the trust of Canadians. Canadians want safety. They want police to succeed. They want criminals held accountable. However, they also want their rights respected, their data protected and their government to act with restraint.
This bill would include a review after three years. That is a step in the right direction, but we should not wait three years to fix what we can improve today. The choice is not—