Full Comment - June 15, 2026


Ottawa’s building a backdoor to slide into our personal online data


Episode Stats


Length

52 minutes

Words per minute

150.87

Word count

7,886

Sentence count

306

Harmful content

Hate speech

4

sentences flagged


Summary

Summaries generated with gmurro/bart-large-finetuned-filtered-spotify-podcast-summ .

Bill C-22 has become a political hot potato in Canada. It would allow police and CSIS access to information from telecommunications companies and internet providers. Is this a good or bad thing? To find out, we speak to Richard Fadden, the former Director of CSIS and a former National Security Advisor to Prime Minister Stephen Harper, and a Deputy Minister at many departments over the years.

Transcript

Transcript generated with Whisper (turbo).
Hate speech classifications generated with facebook/roberta-hate-speech-dynabench-r4-target .
00:00:00.000 When you travel well, your KLM Royal Dutch Airlines ticket takes you to more than just your destination.
00:00:06.260 It takes you to winding streets, spontaneous detours,
00:00:10.360 and the realisation that neither of you is actually good with directions.
00:00:15.680 And when the final shortcut taken isn't exactly short,
00:00:20.400 our crew is here to give you a trip home that goes just as planned.
00:00:25.660 KLM Royal Dutch Airlines. When you travel, travel well.
00:00:30.000 A safer Ontario means more police and prosecutors making sure my car doesn't
00:00:34.800 get stolen. It means building new jails to keep criminals behind bars. And it
00:00:39.680 means there's no need to worry when I play at the park. We're making every
00:00:43.740 corner of Ontario safer to make all of Ontario safer. That's how we protect
00:00:48.640 Ontario. For all of us. Learn how at Ontario.ca slash safer Ontario paid for
00:00:54.900 by the government of Ontario.
00:01:00.000 bill c-22 it is the government's attempt to give canadian police law enforcement what they call
00:01:08.600 lawful access and it's become quite political hot potato hi i'm brian lilly welcome to the
00:01:14.940 full comment podcast i'm your host and today we're going to try and peel back a little bit
00:01:19.580 about what bill c-22 attempts to do and why some people are so opposed to it it's a complex bill
00:01:27.260 It's one that the government has tried more than once.
00:01:29.780 In fact, early in Mark Carney's mandate, they introduced Bill C-2.
00:01:34.740 That was a bill that many felt went too far.
00:01:37.960 The government took the summer last year and decided to try again.
00:01:42.500 That is what brought us to Bill C-22.
00:01:45.620 It's an attempt to say that police are able to access data, information about you that may come from an electronic service provider,
00:01:54.580 a telecom company, an internet provider, an app that you use online. Is this a violation of your
00:02:02.220 privacy? Quite possibly. Is it legitimate? Again, quite possibly. To get the pro side on why this
00:02:11.340 legislation is needed, we're going to speak to Richard Fadden. He is the former director of
00:02:16.280 CSIS, a former national security advisor to Prime Minister Stephen Harper and to Prime Minister
00:02:22.340 Justin Trudeau and a deputy minister at many departments over the years, and someone who
00:02:27.060 understands what the government is trying to accomplish and supports it. We reached him in
00:02:32.640 Ottawa. So let me start with asking you, what is the reason for Bill C-22? We started with Bill C-2.
00:02:43.280 That went away quickly. The government decided that they would put that on pause and they said,
00:02:49.100 okay, we got this wrong, let's redo it.
00:02:52.180 But what is the basis for why law enforcement and national security says we need Bill C-22?
00:03:00.760 I think at its very essence, it's based on the fact that both law enforcement and CSIS have to deal with increasingly sophisticated adversaries,
00:03:14.060 state, non-state, criminal groups. They are in many ways very difficult to find. They're very
00:03:21.480 difficult to get a latch on to. And with the increase in technology across the board, one of
00:03:29.160 the things that they need, I think, to help them identify and get a hand on people is if they have
00:03:36.440 reasonable grounds to suspect. And that's a very, very essential first part of all this.
00:03:41.460 You can't just get up in the morning, whether you're police or CSIS, and decide that Dick Fadden or Brian Lilly are going to be the object of an investigation.
00:03:50.140 You have to have reasonable grounds to suspect that a crime has been committed or that it falls within CSIS's mandate.
00:03:57.260 You want to figure out more information.
00:03:59.740 You want to find these people.
00:04:01.120 So basically, CSIS and the law enforcement crew want to be able to ask telecommunications and internet providers whether Andre Proulx, for example, who's reasonable grounds to suspect is a reprobate, uses that particular provider.
00:04:20.620 Once they know that provider has a client, they can then go to the courts and ask for a production order asking for all sorts of information.
00:04:29.940 It may seem simple, but if you think about the number of telecommunications and internet providers that are available to people, being able to narrow down as quickly as you can who is providing the service to enable a court order request is very, very helpful.
00:04:48.480 but does this go beyond what we currently have in terms of you know going before a judge asking
00:04:58.200 for a warrant um does it lessen the protections that are currently there um you know my understanding
00:05:07.280 is that uh um it drops it down to reasonable suspicion um it is that lessening the protections
00:05:16.860 that are there for individual citizens?
00:05:20.380 Well, I guess it does at one level
00:05:22.180 because you don't have to go in front of a judge,
00:05:24.340 you know, with the usual paperwork and whatnot,
00:05:26.540 the sworn deposition saying that you want access to Y.
00:05:30.440 I would argue that in this day and age,
00:05:33.520 the information that they're seeking,
00:05:35.800 whether or not a single individual
00:05:37.860 is accessing a telecommunications provider,
00:05:40.960 does not constitute a material violation
00:05:43.520 of an individual's privacy,
00:05:44.860 particularly when both law enforcement and CSIS have a whole range of protections built into their systems already.
00:05:52.980 So technically, yes, it means the judge doesn't have to bless this initially.
00:05:56.640 I personally don't believe that's a material assault on an individual's privacy.
00:06:02.260 So, finding out that I am, you know, having a conversation with you online via Signal or WhatsApp or, you know, whatever encrypted technology is there, you know, the police being able to access that, that's not a violation of my privacy?
00:06:26.440 yeah it is i agree it is we could do it before with a judge now the only difference is you don't
00:06:32.920 have to go to a judge you still have to have reasonable suspicions that a crime has been
00:06:37.480 committed or that you're falling within ceases ambit of investigation i don't think given the
00:06:43.020 environment and i think this you know a lot of people you know privacy organizations people
00:06:48.700 worry about the charter i think raise entirely legitimate issues but on the other hand you have
00:06:54.280 increasingly sophisticated adversaries who can hide very effectively from law enforcement and
00:06:59.600 CSIS, this is just one small way of giving them a bit of an advantage in dealing with all these
00:07:05.380 adversaries. If there is a reduction in privacy, and I think there is, I think it's microscopic,
00:07:11.520 I think on balance, it's sufficient support to law enforcement and national security to be warranted.
00:07:17.440 So is it more of a national security issue? Is it more of a crime issue?
00:07:22.320 What crime, what violation of the law is this trying to solve that doesn't already exist in terms of what police and investigators are able to accomplish?
00:07:42.100 What can't they do now that this law is trying to fix?
00:07:45.120 What it enables them to do at one level
00:07:48.440 Is to, on the basis of their own internal procedures
00:07:51.280 And police and CSIS would have different procedures
00:07:53.860 They can request, they can demand from a telecommunications company
00:07:58.880 A yes and no answer to the question
00:08:01.720 Is X your client?
00:08:05.280 It's enabling them to do that
00:08:07.260 Without going through the full panoply of judicial authorization
00:08:10.240 Another part of the bill
00:08:12.440 Which you may or may not want to talk about
00:08:14.720 basically says that telecommunications and internet providers have to organize themselves
00:08:21.240 to be able to respond to these requests, which is not the case today.
00:08:28.660 So right now they can just ignore those requests?
00:08:31.900 They can. Or you can go to court, get a court order and say, I want access. But if that particular
00:08:38.140 company is not organized in such a way that they can respond to the court order, there's nothing
00:08:44.760 that can be done. What do you mean by that? I'm not sure I understand that. Well, I'm not, as you
00:08:51.720 know, I'm not an engineer, but basically it means that various telecommunications and internet
00:08:56.420 providers organize themselves in different ways. Some keep data for, you know, a fairly lengthy
00:09:03.400 period of time. Some don't keep information at all. It's all a question of how they organize
00:09:08.960 the information that they have about their clients. And if they aren't organized in such a way as to
00:09:14.260 be able to respond right away, then the official answer is, I'm sorry, we can't help. This
00:09:20.620 legislation or a part of this legislation says, this is all very well and fine. Law enforcement
00:09:26.280 and national security is sufficiently important. You have to organize yourselves in such a way
00:09:30.940 that you can respond to production orders now there's a provision in there that says that
00:09:35.920 they cannot be required to do anything in a technical sense that would endanger uh the
00:09:42.680 security of their system in the sense that it would make it easier for people to access privacy
00:09:47.080 information outside of the framework set out in the law and yet that is one of the uh claims that
00:09:54.380 all of the tech companies all of the telecom companies are making is that if you require them
00:10:00.400 to hold this information that it will obviously, in their view,
00:10:07.720 make it easier for a criminal element, let's say, organized crime,
00:10:13.620 to go in and say, ah, aha, we know they have this information now.
00:10:18.480 Let's go find it there.
00:10:21.420 Well, I acknowledge that that's one of the things that they're arguing,
00:10:24.820 and I suppose at a purely logical level, that's true.
00:10:27.740 But no criminal or national security threat
00:10:31.340 With two brains to rub together
00:10:32.960 Is unaware that these companies
00:10:35.800 Have significantly well-organized databases
00:10:39.500 With consumer information, with client information
00:10:42.460 All this is doing, I guess, is flagging a little bit more directly
00:10:46.180 The fact that this exists
00:10:47.400 I understand, I guess at one level
00:10:50.580 That the companies don't want an additional burden imposed on them
00:10:54.540 It means they're going to have to worry about this
00:10:56.180 In a slightly different way
00:10:57.440 I come back to the view, and this may be my professional malformation in national security, that privacy and national security has to be balanced.
00:11:06.800 Both are important. I think this bill sets out a standard that's entirely reasonable, since the core objective is to enable law enforcement and CSIS to protect you and I and Canadians generally.
00:11:18.600 i think aside from the fact that this bill provides for a variety of protections court
00:11:26.160 orders the intelligence commissioner has to do a variety of things we have the full panoply of
00:11:31.360 review i call it the fog of review in canada you know you have parliamentarians the court the
00:11:36.900 minister the intelligence commissioner all of these people are going to be monitoring what
00:11:42.120 thesis in particular is doing in this in this area so i think the increased risk to individuals
00:11:48.400 is not material i appreciate people some people feel otherwise i just would not agree
00:11:53.360 i i mean we are all online we all live our lives online and to a degree i think a lot of us just
00:12:04.180 assume that well the companies and the government already have all of this information yeah is it
00:12:11.240 difficult, though, for law enforcement to get this information currently?
00:12:17.860 Well, it is. They could ask. I mean, one of the things another part of this bill does is it
00:12:23.020 confirms in law that CSIS and law enforcement can ask these companies to provide the information.
00:12:29.980 It was actually, in some doubt, given a Supreme Court ruling. So it's not confirmed they could
00:12:33.980 ask for this information. It goes one step further. But to your broader point, you know,
00:12:39.880 I don't think today we all have as much privacy as we think we do. And I sometimes think the
00:12:46.280 private sector is a greater threat to our privacy than the government is, because the government
00:12:50.680 has a whole raft of protections written into the way they access this kind of information,
00:12:57.760 rather less so from the private sector side. So from my perspective, I tend to assume that
00:13:04.500 any privacy that I have is always at risk. I think in this day and age, if you don't make
00:13:09.340 that assumption, you're probably putting yourself as an individual at risk.
00:13:15.600 Let's back out for a moment and talk about what are the main crimes that we're looking to
00:13:22.780 deal with here. Is this about human trafficking? Is this about the scammers that are constantly
00:13:30.160 going around trying to get you to hand over your credit card information? Is this organized crime?
00:13:36.820 what are they trying to accomplish here? Well, I think there are two sets of answers to your
00:13:42.280 question. On the CSIS side, it's crimes relating to national security, you know, sedition,
00:13:48.180 terrorism, nuclear proliferation, that sort of thing. Whatever CSIS is authorized to do under
00:13:54.540 the CSIS Act, broadly speaking, they're defined fairly precisely in the CSIS Act. It has to fall
00:14:00.620 within one of the categories that CSIS is mandated to deal with.
00:14:06.640 They're all fairly serious.
00:14:08.680 On the law enforcement side, basically, if I understand the legislation correctly,
00:14:13.520 it does not specify which category of crime is to be dealt with.
00:14:17.560 It says that if there's a criminal offense set out in the criminal code
00:14:21.840 or another statute that creates a criminal offense,
00:14:26.820 then the police are authorized to use this legislation.
00:14:29.360 So it could be something as terrible as child pornography, as money laundering, or something as mundane as an international criminal group trying to access our bank accounts and everything in the middle.
00:14:44.700 The law does not specify in any detail what kind of crimes it's meant to deal with.
00:14:50.180 We've seen the, you know, there's been some pushback on this.
00:14:55.860 And, you know, when the government still had a minority, they walked away from C2, the original iteration of this.
00:15:03.420 Then they brought in C22, still while they had a minority.
00:15:09.060 The conservatives are saying, well, we'll help you pass it quickly if you split the bill in two.
00:15:15.340 And there's a lot of talk from the tech sector about part one and part two.
00:15:21.020 Do you see, you know, how do you view that in terms of, because I think most Canadians are looking at this and saying, I'm not quite sure what part one and part two are.
00:15:33.200 I'm not quite sure what the fight is about.
00:15:36.400 Do you see a difference between part one and part two the way that the politicians do?
00:15:40.980 Well, I think part one basically sets out the regime whereby the police and CSIS is allowed for lawful access. They can ask for, they can demand information. You know, there are details, but that's fundamentally what part one is doing.
00:15:57.340 Part two deals with the telecommunications
00:16:00.160 And the internet providers
00:16:02.180 And it's the one that says
00:16:03.860 They have to organize themselves in such a way
00:16:06.120 That they can execute production orders
00:16:08.680 It sets in place
00:16:10.120 A number of review mechanisms
00:16:11.800 Judicial review and whatnot
00:16:13.140 I think the two are related
00:16:16.420 I understand that a number of telecommunication companies
00:16:20.960 Have expressed real concern
00:16:22.160 And the concern is really about part two
00:16:23.740 Because it's the part that requires them
00:16:25.700 to organize themselves to be able to comply with the production order.
00:16:30.060 And this is the part where Apple says if this goes through,
00:16:34.000 they will not comply or they may not offer all of their services going forward.
00:16:39.660 Meta has said the same thing.
00:16:42.460 Yeah, I don't quite understand what the, from their perspective, what the concern is.
00:16:49.280 This particular approach to the law is not unique to Canada.
00:16:52.820 I mean, all of our close allies have something similar. They may or may not call it lawful access, but there are means of accessing information, sometimes just the yes or no of whether a service is provided, sometimes a great deal more.
00:17:08.680 You know, if Apple is trying to argue that in the United States, the FBI can't gain access to the kind of information we're talking about here, I think they're being disingenuous.
00:17:19.680 I mean, the Americans have said that this bill is problematic. They have said that this is a couple of members of Congress have said this is an assault on American companies. But, you know, and, you know, I trust you, Dick. I mean, you know this stuff better than I do. You say that the FBI would be able to access similar information.
00:17:44.760 That's certainly my understanding
00:17:46.980 I mean, if you think about it in a, you know, sort of a holistic sort of way
00:17:52.520 The information that we're talking about is, I don't think, particularly a great threat to privacy
00:17:59.120 And asking large telecommunications companies to organize themselves in order to comply with court orders
00:18:06.000 In this case, I don't see the problem
00:18:09.440 Now, in various countries, sometimes the institution can ask for the information without a court order. In some cases, there is a court order. Procedures vary a great deal between, say, the Five Eyes or NATO. But broadly speaking, our allies have provisions in their legislation that allow for access. I think it varies in respect of the extent to which they can require companies to organize themselves.
00:18:36.120 You know, to be honest, I don't remember the details
00:18:38.960 I've been out of this life for a while
00:18:40.440 But I have difficulty understanding how
00:18:42.800 A country like the United States
00:18:46.180 So concerned about national security
00:18:47.980 Legitimately
00:18:49.060 Would say that the FBI
00:18:51.320 Which is sort of our equivalent of CSIS
00:18:54.140 Cannot talk to companies
00:18:56.240 And sort of say, look, you've got to organize yourselves
00:18:58.240 To provide us with information that we seek
00:19:00.200 In pursuit of our national security
00:19:02.060 Or our criminal law mandates
00:19:04.000 all right uh thanks very much for the time today my pleasure i hope i made a little bit of sense
00:19:11.940 it's a complex area to be honest and i think parliament and various organizations are right
00:19:17.800 to push it through but i come back to my initial point the adversaries that these organizations
00:19:23.400 have to deal with are very sophisticated and i think sometimes we forget how sophisticated they
00:19:28.940 are when we look at the tools that our law enforcement and CSIS organizations require.
00:19:35.560 When we come back, the opposite view. Why are people opposed to the bill? We'll speak to
00:19:41.140 Natalie Campbell from the Internet Society about that. Visit BetMGM Casino and check out the newest
00:19:48.820 exclusive, the Price is Right Fortune Pick. BetMGM and GameSense remind you to play responsibly.
00:19:54.500 19 plus to wager Ontario only please play responsibly if you have questions or concerns
00:19:59.520 about your gambling or someone close to you please contact connects Ontario at 1-866-531-2600
00:20:06.080 to speak to an advisor free of charge that MGM operates pursuant to an operating agreement with
00:20:11.380 iGaming Ontario there were so many missed opportunities to catch this before the
00:20:20.820 devastating thing happened. A third of them we found literally in the phone book. These people
00:20:26.660 were not afraid. They knew that nobody was effectively hunting them. They knew they had
00:20:31.760 escaped justice, that they were going to die in their beds. When I give talks at law schools is
00:20:36.580 that the charter ultimately is empowering a minority and it's empowering a minority that's
00:20:40.500 a guild across the country and it's a fairly elite guild and the guild is lawyers. Families who were
00:20:45.320 split by a referendum and brothers and sisters who never talked to each other for years after
00:20:51.640 the referendum because they were so angry at each other because of the emotions on both sides.
00:20:57.020 The reason he was assassinated was not because he was trying to put a satellite into space,
00:21:01.700 but because the gun that he was creating had other applications that made him and the gun
00:21:10.440 very dangerous. It's finally here. A new season of Canada Did What? Host media podcast that
00:21:17.200 revisits the big Canadian political events you might think you remember and tells you the real
00:21:22.740 story you never knew. I'm Tristan Hopper. The voices you just heard are from our brand new
00:21:28.440 season two. We will unpack some of the pivotal moments that help define our country, often
00:21:33.780 without a vote, usually without a plan, and sometimes without anyone admitting what they've
00:21:38.840 done. We'll find out how Canada became a welcoming paradise for untold numbers of Nazi war criminals 0.88
00:21:45.800 after the Second World War. We let them build monuments to their wartime exploits and even 0.84
00:21:50.620 ended up honoring a Nazi fighter in the House of Commons. And I'm sorry to say that none of that
00:21:56.180 happened by accident. We'll bring you the little-known story of a troubled Canadian rocket
00:22:01.260 scientist who turned to a sinister life of selling giant guns to terrible people. And if that sounds
00:22:07.860 like a spy novel, it ends like one too. You'll hear the behind-the-scenes story of Quebec's
00:22:12.580 attempted secession from Canada, and how very close we came to a political crisis that would
00:22:18.280 have made Brexit look like a picnic. You'll hear about how the much-celebrated Charter of Rights
00:22:23.960 and Freedoms turned into something its creators never wanted, and how many of the most extravagant
00:22:29.600 warnings about the document were all quickly proven true. And you'll even hear about how
00:22:35.260 authorities bungled multiple chances to stop the deadliest terrorist attack in our country's history
00:22:40.140 and then proceeded to pretend it never happened. These aren't dusty history lessons. There are
00:22:46.180 stories about power, ambition, madness, and the things about Canada that a lot of people would
00:22:51.420 rather ignore. But not you! You won't want to miss an episode. Subscribe to make sure you get
00:22:57.320 all of Season 2 starting March 2026 anywhere you get your podcasts.
00:23:01.740 there is of course a great deal of opposition to bill c-22 including from those who say it goes
00:23:08.800 too far in invading your privacy there's a great deal of concern around encryption and end-to-end
00:23:15.420 communications that are supposed to be private well to understand that point of view we reached
00:23:21.060 out to natalie campbell she is the director of government relations for the internet society
00:23:25.180 and we reached her just outside of ottawa at her home so natalie let me start here the
00:23:31.620 government initially introduced bill c2 and then faced a lot of pushback they backed off of that
00:23:39.260 they brought in bill c22 not that those two names aren't confusing in and of themselves but
00:23:45.420 did they they promised that they would listen to critics of c2 and and get things right in your
00:23:52.800 view did they that's a really good question and i'll start by saying that i think it's a good
00:23:57.840 thing that people are thinking about, how we can make sure people can have safe and secure
00:24:03.080 experiences online. And that's part of what the Internet Society works towards. Our mission is
00:24:08.320 to connect the unconnected and to make sure we protect the connected. That's one of the reasons
00:24:14.920 that we've been following this bill. When it was introduced as C2 as part of a broader border
00:24:20.980 security package. We were concerned that the lawful access to data part of that bill had some
00:24:29.120 pretty significant threats to the foundation of security online, which is our ability to use
00:24:36.360 encryption technologies. So the main threat that was in C2 and that remains in C22 that we're
00:24:44.940 concerned about is that it creates powers that would allow the government to order any service
00:24:51.520 in Canada to create backdoors to information in order to allow law enforcement to access that
00:25:01.560 information for their purposes. Can you expand on what that is? Because I think a lot of people
00:25:08.360 aren't quite sure about that. I have a decent understanding of what they're asking from
00:25:14.700 talking to various people in tech companies, you know, be it Meta or Google or the different
00:25:21.920 telecoms, Rogers and Bell, which everyone in Canada loves to hate them. But yet they're
00:25:27.920 going to be required by these laws to do certain things. Explain what you mean by creating back
00:25:34.140 doors? Sure. So the, as I said, the law allows for the government to issue secret orders
00:25:43.600 that would force services to have to weaken their security to assist law enforcement with
00:25:51.920 investigations to get access to certain information. The means that they want to
00:25:58.440 be able to force these services to have to comply with could entail having to circumvent or not use
00:26:08.900 at all in tools like encryption, which essentially ensure that the things that we share online or the
00:26:16.600 communications that we have are only accessible to those who are intended to have access.
00:26:23.500 So we do know that, you know, from C2, there was an attempt to kind of make sure that these orders could not create any kind of systemic vulnerability.
00:26:34.360 But the problem is that the way systemic vulnerability is defined in C22 doesn't fully protect against some of the ways, some of the orders that companies might get that could, in fact, create systemic vulnerability.
00:26:53.500 And I'll give you an example, because we track these kinds of laws all around the world because we know that that's usually where we tend to spot things that could threaten people and companies' abilities to use encryption.
00:27:07.860 And we heard a lot of cases where some folks don't think that there should be a technological way to be able to get access to encrypted information just for law enforcement.
00:27:28.080 But the fact is that there's no way to provide access to encrypted information in a way that's just for law enforcement.
00:27:36.800 So when we talk about encrypted information, we're talking about everything from using WhatsApp to Signal, some of the messaging options offered by Apple because they've been quite outspoken about this.
00:27:52.700 Are those the general platforms that we're talking about that people might say, oh, yeah, I use that app.
00:27:58.920 What are you talking about in terms of the apps that people are using that might become vulnerable to their private messages or personal data being released to law enforcement without them even knowing and, you know, perhaps without good reason?
00:28:17.140 so this these secret orders can be issued to electronic service providers and the way that
00:28:24.980 is defined um is and the way the government has described who this would apply to is has to be
00:28:32.660 taken in a broader sense possible um and they've said this could apply to businesses online or
00:28:38.060 apps um that use secure messaging it could basically apply to anyone it could apply to
00:28:44.100 medical services, video conferencing services. My Shopify account. Precisely. And so each and
00:28:52.720 every one of these services, if they're offering private messaging, if they are having to secure
00:29:02.200 any kind of sensitive data, you can't do that without encryption, because encryption is a
00:29:07.120 technology that basically ensures that the things that we do, the websites that we go to,
00:29:13.460 the communications that we're sharing if encrypted or the data that we're storing
00:29:17.920 in a lot especially those who have those kinds of services that are speaking out against this bill
00:29:24.640 encryption is core to their service offering if they're guaranteeing that you know your information
00:29:30.520 is going to be protected and only you have access that's because of tools like encryption encryption
00:29:34.900 scrambles information whether it's internet traffic or personal communications private
00:29:39.400 communications, it scrambles it so that only those with intended access have access. So if I'm
00:29:45.040 sending you a message over Signal, for example, I know that that message can only be understood by
00:29:51.960 myself and the intended recipient, which would be you, and that even if Signal tried to get access
00:29:58.300 to that transmission, all they would see is scrambled gibberish. That is core to their
00:30:04.540 service offering. I'm a little surprised by this because Prime Minister Mark Carney was on the
00:30:10.320 board of Stripe prior to entering politics. And for folks that don't know Stripe, it is one of the,
00:30:18.000 it is the preeminent, I would say, payment transaction provider for online. And they use
00:30:27.720 rigorous encryption. They use tokenization. They use all kinds of measures to ensure,
00:30:34.340 as you say, that the transaction that you make with me is not picked up by somebody else and
00:30:40.560 your payment data isn't stolen. So a company like Stripe that we all rely on to accept payments or
00:30:48.960 to make payments is suddenly going to have to build in back doors so that police can see things if
00:30:56.460 they want. They're going to have to keep this information for years. I mean, this, you know,
00:31:03.340 most of us, I mean, pretty much anyone listening to a podcast, if you're so much of a Luddite that
00:31:10.720 you're not ever doing an online transaction, you're probably not listening to a podcast.
00:31:14.700 So I feel comfortable in saying those of us involved in this or listening are doing online
00:31:21.080 transactions. Are you saying that those are at risk through this legislation?
00:31:26.460 I think that those services could be at risk.
00:31:30.400 Any service could be at risk.
00:31:31.960 It's not this bill doesn't mandate that backdoors be created.
00:31:35.700 It gives the government new powers to be able to issue secret orders that could involve forcing companies to weaken security, to either circumvent encryption or to create backdoors to provide access to information that would otherwise be encrypted.
00:31:55.180 So, yes, that could involve a service that is a service that is that is securing the banking industry that could that could involve anyone.
00:32:07.820 And, you know, to your point about Stripe and banking services online, I am of a certain age where when I first started using the Internet, online banking was not a thing.
00:32:19.920 I've been able to see the Internet's development over the decades and to see an online banking service be created.
00:32:29.420 Right. Like this this capability didn't exist when I was younger.
00:32:32.640 The only reason that we're able to offer these kinds of service online or do things like online shopping or be able to like store really personal information online is because of technology tools like encryption.
00:32:44.800 without it. Like, I can't think of a single bank that would offer this kind of service if they
00:32:51.600 weren't able to trust that there were technology tools that allowed them to guarantee that
00:32:57.860 customer data and their own private data could be controlled in terms of access, both when it's
00:33:05.100 at rest and storage, or when it's being transmitted over the internet. So I don't
00:33:12.160 don't think that um you know there's been a lot of broad pushback on c22 because of that
00:33:20.240 very threat to encryption um it's not just me sending naughty messages to someone on whatsapp
00:33:27.800 or signal it's everything that we do online everything when i think about the way i'm not
00:33:34.660 sending naughty messages that's just an example and i'm not judging if you are
00:33:39.680 But the way that I think about these things, and I'm a mom of two kids, 11 and 13, I'm hyper aware of the amount of sensitive information that I rely on the Internet to be able to send about my kids, whether it's to their teachers or to health care providers or any range of services that I interact with.
00:34:02.540 I use email with my doctor.
00:34:05.680 Exactly.
00:34:06.200 now email is not the most secure i know yes that's right um but i couldn't imagine um
00:34:17.480 feeling comfortable sharing any of that kind of information without the guarantee of encryption
00:34:23.960 to give me some amount of control over who has access to that kind of information
00:34:29.680 Let me ask you this, though. You raise valid concerns, and I have some sympathy towards your arguments. But to average people care? I mean, we just went through a pandemic a few years ago where the government decided they could control every part of your life, and people said, yes, give me more of that.
00:34:50.740 um are you a voice in the wilderness in saying hey look your stuff could be at risk and meanwhile
00:34:58.400 you've got people saying well i don't care if the government has everything i've got um what do i
00:35:03.680 have to hide or well i thought they had it all anyway so what does it matter what do you say to
00:35:11.060 those people yeah it's a really good question i think regardless of what people feel about what
00:35:16.840 access their government has, what kind of information their government can have access
00:35:21.900 to, I think the question is not what kind of government, what kind of information government
00:35:28.220 should have access to, but who else will have access to this? Because there's no backdoor that
00:35:34.740 is only ever going to be available to government or law enforcement. A backdoor is available for
00:35:41.520 anyone in the world to walk through. And we know that attackers are finding these quicker than
00:35:48.460 ever. We're at the start of a new era of cybersecurity where the threats are scarier
00:35:54.300 than ever. We've seen how AI tools can not only spot and detect these vulnerabilities,
00:36:01.780 you know, it used to be a matter of months, but now they can do so in a matter of minutes
00:36:06.640 and then create code to exploit those vulnerabilities.
00:36:10.680 That is downright scary because it only takes one slip up,
00:36:15.720 one back door for an attacker to get in
00:36:18.540 and have access to all kinds of information
00:36:21.820 that they could use for nefarious reasons.
00:36:24.700 Encryption helps protect us against those attacks.
00:36:29.300 And so I have a lot of sympathy for the efforts of law enforcement
00:36:33.840 to want to help prevent crime online.
00:36:37.180 I am a mom.
00:36:38.140 I am a citizen who also wants to prevent crime online.
00:36:42.140 But what scares me is the thought of creating more back doors
00:36:46.700 and forcing companies who are already struggling
00:36:50.040 to keep their own system secure
00:36:53.360 without even being forced to engineer vulnerabilities.
00:36:57.100 What scares me is the risk that they're going to have to carry
00:36:59.480 if they are forced to carry additional vulnerability.
00:37:03.840 um and i think the exposure that it will create for them is is just it's reckless and it's dangerous
00:37:11.300 and it's going to hurt it's going to hurt a lot of people so i've spent a lot of time over the
00:37:17.800 years dealing with issues i'm going to jump to something completely unrelated but then bring it
00:37:22.500 back so bear with me natalie um issues around gun control and people will say well if you're
00:37:29.740 going to have guns, then everyone should keep their guns at the gun range. And no one should
00:37:34.980 have their guns at home. And then the guns will be secure at the gun range. And I just look and I,
00:37:40.460 you know, because I do go target shooting now and again, and I look and I say, these people have no
00:37:45.320 idea where these gun ranges are. They're out in the middle of nowhere. They're completely remote.
00:37:50.540 And it is basically inviting the criminals to go and raid them in the dark of night and get all
00:37:56.800 kinds of guns very easily. And I look at what we're talking about with the storage of metadata
00:38:02.140 in this bill and the weakening of encryption. And it's like, hey, criminals, come over here,
00:38:12.140 get all the stuff that you can sell on the dark web at this location. Would you say that's an
00:38:18.720 accurate depiction of what could be happening? I would say that creating lawful access systems
00:38:26.940 is a very lucrative target for cyber criminals. That is 100% guaranteed. If you build it,
00:38:36.360 they will come. And if there's forced vulnerabilities that allow law enforcement
00:38:44.360 to have access to these systems, then those doors are going to be open to anyone that wants in. And
00:38:49.740 there's a lot of criminal organizations around the world that are very well equipped and funded
00:38:54.360 to find those vulnerabilities and have access. And sometimes it doesn't even take a backdoor
00:39:01.120 to get access. Often it's, you know, a social engineering attack. Phishing email is enough to
00:39:08.160 to enough of a slip up to let an attacker in. But we do know that for sure, when you create
00:39:18.080 these kinds of capabilities, it does get on the radar of these criminal organizations. And
00:39:24.040 it's too juicy to try and pass up. And the other point I would make on that is that
00:39:31.520 Um, we've seen this happen before. There's, uh, I think it was a few months ago, the FBI revealed that they had a breach to their own wiretap system. Um, and this was through a third party.
00:39:46.140 Wiretapped?
00:39:48.900 Attackers got in through a third party to a wiretapped system that revealed potentially information of different targets and everyone associated with those targets.
00:40:01.580 So this is a real threat to the services that we get. Is it a fair tradeoff in terms of what law enforcement says they need?
00:40:11.180 A fair tradeoff to who?
00:40:12.440 Well, in terms of we're making it easier for police to catch criminals, to deal with organized crime, to deal with terrorism, is that a fair trade-off?
00:40:24.080 That's a really good question. When I think about how law enforcement are going about
00:40:35.020 taking access to this information, I think about the vast amounts of information that are already
00:40:42.860 available. And I think it's definitely we're thinking about how can we better equip law
00:40:49.160 enforcement to make use of the information that currently exists. A lot of information exists on
00:40:54.600 in open text that can be really helpful to investigations. I don't like the framing of,
00:41:01.920 well, is this a worthwhile trade-off? Because I don't think it's fair to ask people,
00:41:07.920 should they be willing to have virtually every interaction in their day-to-day lives from work
00:41:14.300 to keep in touch with family, to accessing services that we have no choice to access online,
00:41:22.440 and doing so in a way that could make our security and safety more vulnerable than ever.
00:41:30.000 So essentially, I don't think the answer to stopping crime is making us more vulnerable to crime.
00:41:36.140 There's a lot of other ways we can definitely support the efforts of law enforcement,
00:41:41.180 And it's really important to think about those. Bill C-22 is not the answer to that.
00:41:48.100 Does C-22 weaken the protections that we have through police having to go to a judge and ask for a warrant?
00:41:57.580 Because I think the warrant system is one that we have developed over centuries. It offers protections, also offers access for law enforcement.
00:42:09.640 It is a compromise that we've all come to live with.
00:42:15.920 Does C-22 weaken that system so that you don't have as many checks and balances or that you have a lower threshold in terms of what police must provide to gain access?
00:42:31.060 Yeah, that's an interesting question.
00:42:33.220 a lot of organizations have a lot of different opinions on the thresholds. I think it's reason
00:42:40.500 to suspect the Internet society's focus isn't necessarily on the procedural elements of what
00:42:48.240 they need to have approval to be able to issue these orders or to get access to certain information
00:42:56.820 that exists. What we're really focused on is making sure that we're not preventing companies
00:43:01.880 and people from being able to make use of the strongest security tools online, which
00:43:07.700 are encryption.
00:43:08.520 So that's really our focus in this bill and part two specifically, because giving law
00:43:18.340 enforcement the ability to issue secret orders that could undermine encryption, create these
00:43:25.500 back doors. And in a way that prevents people getting these orders from even seeking counsel
00:43:32.900 from a lawyer or an IT specialist on whether it does create systemic vulnerability, that's where
00:43:41.680 we take a real issue with this bill because of the threat that has to online security.
00:43:47.360 The Conservatives recently said that they would help the government pass Bill C-22 if they split
00:43:53.940 And they said they're willing to pass part one, but not part two, that part two needs more study, needs to have more hearings. That's the position that Meta took forward when they went to council. Is that an acceptable compromise to you and to the Internet Society? Is part one okay and part two bad? And if so, give me like a simple, quick answer as to why.
00:44:19.700 i don't know that the answer is going to be quick but um i'll do my best so i think so like i said
00:44:27.360 the internet study when we think about uh the kind of internet we want we think about it in
00:44:32.060 terms of one that is open globally connected secure and trustworthy crucial to a secure and
00:44:37.160 trustworthy internet are security which are possible because of tools like encryption but
00:44:42.160 also privacy um which is two sides of the same exact coin when it comes to internet security
00:44:49.040 So while there are a lot of privacy concerns from organizations, and certainly we feel that forcing services to have to collect more information than they might already do, that is a privacy concern.
00:45:03.400 But from our perspective, the core risk in Bill C-22 is part two and its ability to force services to create those back doors.
00:45:13.460 Now, we do know that the minister has said that they were willing to propose amendments to better protect things like encryption and to better define systemic vulnerability.
00:45:25.880 But that doesn't address the fact that there's a sort of loophole in the bill that could allow any of the terms in the bill to be redefined through regulations.
00:45:36.220 So that's where we would still have concerns even if we did see great amendments. We would certainly love to see amendments that better and explicitly protect things like encryption, making sure people can keep using those tools and making sure that these orders would not create systemic vulnerability and better definitions there.
00:45:56.580 um but that still does not give i think um assurances that that will continue to be the
00:46:05.560 case in an enduring kind of way that um it doesn't provide legal certainty um for a lot of people
00:46:12.500 if this is vulnerable to being redefined in in the regulation phase natalie i'll leave you with
00:46:19.620 this i've got a quick reaction and comment um going through the legislation i spotted this part
00:46:26.420 which reads, it's section 5.1, it says the governor and council, which means cabinet,
00:46:34.480 the governor and council may, by regulation, amend the schedule by adding, amending, or deleting a
00:46:41.800 class of electronic service providers. That may not sound like an awful lot to people, but what
00:46:47.320 this legislation does is say, okay, after we've passed it, cabinet can change who this law applies
00:46:53.820 to, how it applies to them, and what this all really means. And to me, that is a weakness of
00:47:02.360 any legislation, whether it's on privacy, encryption, it doesn't matter what it's about.
00:47:08.760 If you give cabinet the ability to change and amend everything after the fact, you're essentially,
00:47:16.560 we've moved from rule of law to rule by decree. And that's not what our system is based on.
00:47:23.820 Yeah, I don't know if you're looking for comment or a reaction to that, but I think that's kind of the crux of that concern when I talk about legal certainty.
00:47:33.740 um i don't think that
00:47:38.400 while this current government's intentions may be to um with the best intentions i think that
00:47:46.940 when we're creating laws and when we're thinking about how can we contribute to an internet that
00:47:53.600 is more secure these are not things that should be rushed um or the next government could have
00:48:01.520 bad intentions. You don't know, and that's why you don't put things like that in laws. Natalie,
00:48:07.060 thanks so much for your time today. Thank you very much. It was great to meet you,
00:48:11.140 and nice to speak to you. The debate around Bill C-22 will continue long after it passes with
00:48:16.560 people who have legitimate grievances and legitimate ideas on both sides going back and
00:48:21.700 forth. But eventually, it will pass. It will become law, and then we will have to see how
00:48:27.620 it is implemented. And that is where the rubber will hit the road. You can let us know what you
00:48:32.680 think, leaving a comment or sharing this on social media. Thanks for listening. Full Comment
00:48:37.180 is a post-media podcast. My name is Brian Lilly, your host. This episode was produced by Andre
00:48:42.260 Pru, theme music by Bryce Hall. Kevin Libin is the executive producer. Thanks for listening.
00:48:47.640 Make sure that you hit subscribe, share this on social media, and until next time, I'm Brian Lilly.
00:48:57.620 There were so many missed opportunities to catch this before the devastating thing happened.
00:49:05.760 A third of them we found literally in the phone book.
00:49:09.260 These people were not afraid.
00:49:11.500 They knew that nobody was effectively hunting them.
00:49:14.140 They knew they had escaped justice, that they were going to die in their beds.
00:49:18.420 When I give talks at law schools is that the charter ultimately is empowering a minority,
00:49:22.420 and it's empowering a minority that's a guild across the country,
00:49:25.380 and it's a fairly elite guild, and the guild is lawyers.
00:49:27.240 Families who were split by referendum and brothers and sisters who never talked to each other for years after the referendum because they were so angry at each other because of the emotions on both sides.
00:49:40.160 The reason he was assassinated was not because he was trying to put a satellite into space, but because the gun that he was creating had other applications that made him and the gun very dangerous.
00:49:55.220 It's finally here.
00:49:56.780 A new season of Canada Did What?
00:49:59.060 Host media podcast that revisits the big Canadian political events
00:50:02.780 you might think you remember
00:50:04.440 and tells you the real story you never knew.
00:50:07.600 I'm Tristan Hopper.
00:50:08.880 The voices you just heard are from our brand new season two.
00:50:12.820 We will unpack some of the pivotal moments that helped define our country,
00:50:16.520 often without a vote, usually without a plan,
00:50:18.840 and sometimes without anyone admitting what they'd done.
00:50:22.960 We'll find out how Canada became a welcoming paradise 0.70
00:50:26.120 for untold numbers of Nazi war criminals after the Second World War. 0.85
00:50:30.620 We let them build monuments to their wartime exploits
00:50:33.380 and even ended up honoring a Nazi fighter in the House of Commons.
00:50:37.440 And I'm sorry to say that none of that happened by accident.
00:50:41.180 We'll bring you the little-known story of a troubled Canadian rocket scientist
00:50:44.860 who turned to a sinister life of selling giant guns to terrible people.
00:50:50.280 And if that sounds like a spy novel, it ends like one too.
00:50:53.660 You'll hear the behind-the-scenes story of Quebec's attempted secession from Canada,
00:50:57.700 and how very close we came to a political crisis that would have made Brexit look like a picnic.
00:51:03.880 You'll hear about how the much-celebrated Charter of Rights and Freedoms
00:51:07.740 turned into something its creators never wanted,
00:51:10.540 and how many of the most extravagant warnings about the document were all quickly proven true.
00:51:16.720 And you'll even hear about how authorities bungled multiple chances
00:51:20.340 to stop the deadliest terrorist attack in our country's history
00:51:23.300 and then proceeded to pretend it never happened.
00:51:26.800 These aren't dusty history lessons.
00:51:28.940 They're stories about power, ambition, madness,
00:51:31.600 and the things about Canada that a lot of people would rather ignore.
00:51:35.720 But not you!
00:51:37.080 You won't want to miss an episode.
00:51:39.020 Subscribe to make sure you get all of Season 2 starting March 2026
00:51:43.000 anywhere you get your podcasts.
00:51:46.140 Thank you.