Canada’s latest legislative push, Bill C-22 or the Lawful Access Act, revives the invasive surveillance measures of last year’s failed Bill C-2, raising alarms over privacy erosion under the guise of border security. Introduced in 2026, Bill C-22 mandates digital services—ranging from telecoms to messaging apps—to retain user metadata for a year and expands data-sharing with foreign governments, including the U.S., while allowing the Minister of Public Safety to compel companies to create backdoors for law enforcement access without introducing 'systemic vulnerabilities,' a term left dangerously vague (EFF, 2026). This echoes the UK’s 2023 demand for Apple to weaken encryption in iCloud’s Advanced Data Protection, resulting in the feature’s withdrawal for UK users—a precedent highlighting how such policies can degrade privacy protections globally (The Guardian, 2023). Beyond the EFF’s critique, the bill’s gag orders on companies, preventing disclosure of backdoor mandates, stifle transparency and public accountability, a point under-discussed in initial coverage but critical to understanding the law’s chilling effect on corporate resistance (Canadian Civil Liberties Association, 2026). Mainstream coverage often misses the broader pattern: Bill C-22 fits into a global trend of governments leveraging security rhetoric to justify surveillance overreach, as seen in the UK and Australia’s 2018 Assistance and Access Act, which similarly pressured tech firms to bypass encryption (Australian Government, 2018). The Salt Typhoon hack of 2024, exploiting ISP systems built for law enforcement access, underscores the inherent risks of mandated backdoors—hackers inevitably target these weaknesses, a reality Canadian officials seem to ignore by claiming surveillance can be vulnerability-free (EFF, 2026). Additionally, the bill’s ambiguous definitions of 'encryption' and covered services could ensnare a wider net of tech entities, potentially stifling innovation as companies like Meta and Apple, already vocal opponents, may limit features or exit markets to avoid compliance—a ripple effect not adequately addressed in primary reporting. What’s at stake extends beyond Canada’s borders; Bill C-22 could set a precedent for other democracies to adopt similar measures, especially as data-sharing provisions with the U.S. raise concerns flagged by the U.S. House Judiciary and Foreign Affairs committees (EFF, 2026). This bill doesn’t just recycle C-2’s flaws—it amplifies them by embedding systemic risks into digital infrastructure at a time when cyberattacks are escalating. If passed, C-22 could normalize state overreach in tech regulation, undermining global privacy standards and emboldening authoritarian regimes to cite Canada as justification for their own surveillance laws—a geopolitical consequence largely absent from current discourse.