{"id":219443,"date":"2026-05-24T20:21:00","date_gmt":"2026-05-25T00:21:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/24\/google-warns-lawful-access-bill-could-create-major-cybersecurity-risks\/"},"modified":"2026-05-25T00:10:22","modified_gmt":"2026-05-25T04:10:22","slug":"google-warns-lawful-access-bill-could-create-major-cybersecurity-risks","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/24\/google-warns-lawful-access-bill-could-create-major-cybersecurity-risks\/","title":{"rendered":"Google warns lawful-access bill could create major cybersecurity risks"},"content":{"rendered":"<p><a href=\"https:\/\/www.theglobeandmail.com\/politics\/article-google-lawful-access-bill-c-22-cybersecurity-risks\/\">Google warns lawful-access bill could create major cybersecurity risks<\/a><\/p>\n<p><a href=\"https:\/\/www.theglobeandmail.com\/politics\/article-google-lawful-access-bill-c-22-cybersecurity-risks\/\">https:\/\/www.theglobeandmail.com\/politics\/article-google-lawful-access-bill-c-22-cybersecurity-risks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-24 20:21:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theglobeandmail.com\">www.theglobeandmail.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. Open this photo in gallery:A Google logo at the Vivatech fair in Paris in June, 2023. Google have joined Meta and Apple in urging the government to make changes to Bill C-22.ALAIN JOCARD\/AFP\/Getty ImagesGoogle is warning that the government\u2019s lawful-access bill would establish a \u201csurveillance infrastructure\u201d that risks compromising cybersecurity in ways that could facilitate foreign interference, while weakening its users\u2019 privacy. In a submission to the House of Commons committee scrutinizing the bill, Google said it is committed to supporting efforts by law enforcement and Canada\u2019s intelligence agencies to protect the public against crime and terrorism.But it said that should be done \u201cwithout engineering vulnerabilities into products and services that weaken security for all users.\u201d Meta and Apple have already urged the government to make changes to Bill C-22, which would require \u201celectronic service providers\u201d in Canada to adjust their systems to give surveillance and monitoring capabilities to police services and the Canadian Security Intelligence Service.Google disrupts effort by criminal hackers to exploit vulnerability using AICSIS and law enforcement have long argued that Canada is lagging behind its Five Eyes intelligence partners in not having such a lawful-access regime to aid investigations.But the latest attempt to pass a bill in Canada has faced steep opposition, including from secure-messaging app Signal, Canadian tech companies, privacy advocates and civil liberties groups.Google, in a brief submitted to the Commons public safety committee, said it has \u201csignificant concerns\u201d about parts of the bill, including wording that \u201cgives the Minister of Public Safety sweeping powers to issue secret orders\u201d to facilitate the interception or retrieval of data. \u201cSecret Ministerial Orders would severely restrict companies\u2019 ability to engage transparently with users, undermining the users\u2019 trust and ability to hold companies accountable,\u201d Google said in its submission. It added that the definition of an electronic service provider is so broad in the bill that secret ministerial orders could be directed at \u201calmost any entity operating in Canada.\u201d The Canadian Chamber of Commerce is among those to have warned that the bill has potential to weaken companies\u2019 defences against cyber attacks. Microsoft, Google and xAI to allow U.S. government to vet new AI models for security risksGoogle said it has concerns the bill could compromise security, arguing for an amendment to explicitly safeguard encryption, part of suite of security mechanisms it uses to protect data. \u201cThe lack of explicit protection for end-to-end encryption may also undermine the ability of companies to deliver best-in-practice security controls and technologies to enterprises, including governments, small businesses, and critical infrastructure,\u201d it added. The bill says that an electronic service provider would not be obliged to comply with ministerial orders or regulations if doing so would require the company to introduce a \u201csystemic vulnerability.\u201dBut Google said the bill\u2019s definition of a systemic vulnerability is \u201cunduly narrow, creating significant security risks.\u201d\u201cWithout a stronger definition of \u201csystemic vulnerability,\u201d the law could be used to decrease overall user security, by creating backdoors that would break end-to-end encryption and create significant cybersecurity risks, facilitating foreign interference and weakening global user privacy,\u201d it warned. \u201cGoogle has never built a backdoor or other mechanism to circumvent end-to-end encryption in our products. If we say a product is end-to-end encrypted, it is end-to-end encrypted,\u201d it said.Meta warns lawful access bill would make tech companies a surveillance arm of governmentThe tech giant also warned the bill could undermine efforts by companies \u201cto adopt privacy-enhancing technologies,\u201d and could even force companies to deliver products found to have security or privacy flaws, or bugs.\u201cCreating new surveillance infrastructure would give rise to additional security vulnerabilities for users, would undermine user trust, and would pose potential conflict of laws issues,\u201d Google added.Bill C-22 could force electronic service providers \u2013 such as phone companies, messaging apps and tech companies \u2013 to retain metadata relating to its customers\u2019 activities for up to a year.The metadata would not include e-mails, web-browsing history, social-media activity or text messages, but it could include information about which telephone numbers have been in touch with each other, and data allowing someone\u2019s location to be pinpointed.Cybersecurity and tech experts have warned that storing so much metadata could create an enticing target for hackers, including those acting on behalf of malevolent foreign regimes. In its submission, Google says the requirement \u201cmay result in the extensive retention of metadata about users who are not reasonably believed to be associated with criminal activity.\u201dSignal warns it would pull out of Canada if made to comply with lawful access billGoogle proposed that the government strike out the obligation to retain metadata for up to a year. In its submission to the Commons committee, the Canadian Telecommunications Association, whose members include Bell, Rogers, SaskTel and Nokia Canada, called for a number of \u201cimprovements\u201d to the bill. The association expressed particular concern about the requirement to significantly expand the \u201cvolume and sensitivity of data held by private sector entities about individuals who are not suspected of any wrongdoing.\u201dIt said the approach \u201craises important security and privacy considerations.\u201d The requirement to store so much data, it warned, would expand \u201cthe potential attack surface for cyber threats and increases the consequences of any breach.\u201d\u201cAs recent incidents across both the public and private sectors have demonstrated, no system is immune from compromise,\u201d the association added. \u201cThe most effective way to reduce risk is therefore to limit the amount of sensitive data that is collected and retained, and to ensure that retention periods are no longer than necessary.\u201dThe federal government has said the bill will not affect Canadians\u2019 Charter rights, compromise privacy or lead to mass surveillance, but Google\u2019s is the latest call to narrow its scope. The U.S. has a lawful-access law that is not as broad as the powers proposed in Canada\u2019s bill. It requires telecom companies and internet service providers to design their networks to facilitate government wiretapping, but it does not apply to \u201celectronic service providers\u201d or require metadata to be stored for up to a year.Earlier this month, senior government officials indicated that Public Safety Minister Gary Anandasangaree is preparing to accept amendments to the bill to address concerns that have been expressed. In an on-the-record briefing with The Globe and Mail, Shannon Hiegel, director-general of national security policy at Public Safety Canada, said: \u201cThe minister\u2019s open for new ideas.\u201d<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google warns lawful-access bill could create major cybersecurity risks https:\/\/www.theglobeandmail.com\/politics\/article-google-lawful-access-bill-c-22-cybersecurity-risks\/ Publish Date: 2026-05-24 20:21:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":219444,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.theglobeandmail.com\/resizer\/v2\/VOJHA2LAOBMRPDTKIPVKTLSOCY.jpg?auth=58ce86cfb52651fe97969129ec0310cb4eb0fdcde5a1cd962743de9c3f28cf10&width=1200&height=800&quality=80&smart=true","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,31,27],"class_list":["post-219443","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219443"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=219443"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219443\/revisions"}],"predecessor-version":[{"id":219445,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219443\/revisions\/219445"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/219444"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=219443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=219443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=219443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}