Canada's C-22 Surveillance Bill Triggers Signal Pullout Threat — A Cautionary Tale for South Asian Encryption Debates

Male / Colombo bureau — A fight over encryption in Ottawa is being watched closely from Indian Ocean capitals where the same arguments, almost word for word, are already on the table. Canada's proposed Lawful Access Act, known as Bill C-22, would force telecom carriers, internet platforms and messaging apps to build wiretap-ready surveillance hooks for police and the Canadian Security Intelligence Service, and to warehouse user metadata for up to a year. Signal has told Canadian reporters it will exit the country rather than weaken its promise to users. Apple has hinted it could strip privacy features the way it did in the United Kingdom last year.

For readers in Delhi, Dhaka, Islamabad, Colombo and Male, this is not a distant North American story. India's Information Technology Rules of 2021 already require significant social media intermediaries to enable the identification of the "first originator" of a message — a provision WhatsApp is still contesting in the Delhi High Court on the grounds that traceability cannot be done without breaking end-to-end encryption. Pakistan's PECA framework gives the FIA broad data-access powers. Sri Lanka's draft Online Safety Act has been criticised by the Asia Internet Coalition for similar overreach. Bangladesh's Cyber Security Act, the rebadged Digital Security Act, still allows warrantless device access in defined cases.

Public Safety Minister Gary Anandasangaree, himself of Sri Lankan Tamil origin, insists the Canadian bill is "encryption-neutral." Critics inside the University of Toronto's Citizen Lab — a research outfit that has documented spyware targeting journalists across South Asia — say officials would not commit to protecting encryption when pressed in committee.

The cross-border angle matters for the region. House Judiciary chair Jim Jordan and Foreign Affairs chair Brian Mast have warned Ottawa that forcing US platforms to weaken security for Canadian users weakens it for everyone, and "invites reciprocal demands from other nations." Read that line from a Male or Colombo desk and the implication is direct: if a G7 democracy normalises mandated backdoors, smaller jurisdictions with weaker judicial review get political cover to do the same.

The 2024 breach of US carriers by Salt Typhoon, a Chinese state-linked group that exploited lawful-intercept ports built under CALEA, is the technical counter-argument. Backdoors do not stay locked. For South Asian regulators currently drafting their next round of intermediary rules, the Canadian fight is a live preview of the trade-off — and the bill is for now still stuck in Commons committee, with metadata provisions widely expected to face Charter challenge.