Apple has long held that weakening encryption for any government would compromise user security for everyone. After pulling Advanced Data Protection in the UK to avoid complying with a backdoor mandate, a similar showdown looms in Canada. Lawmakers there are pushing Bill C-22, which would require tech companies to provide law enforcement with access to encrypted data. Apple and Meta are pushing back hard. Below, we break down the key questions surrounding this legislative battle and what it could mean for Canadian users.

1. What is Bill C-22 and why is it controversial?

Bill C-22 is proposed Canadian legislation that would compel technology companies to give law enforcement agencies “lawful access” to encrypted communications. It aims to help police investigate serious crimes by bypassing end-to-end encryption. However, critics argue that any such access creates a backdoor that could be exploited by hackers, foreign governments, or other bad actors. Apple and Meta have warned that complying would force them to weaken security for all users, making their platforms less safe. The bill has sparked a heated debate between public safety advocates and privacy defenders.

2. How has Apple already responded to similar demands in the UK?

In the United Kingdom, the government ordered Apple to create an encryption backdoor under the Investigatory Powers Act. Instead of complying, Apple opted to remove its Advanced Data Protection feature for UK users. This feature uses end-to-end encryption to protect iCloud backups, photo libraries, and other sensitive data. By withdrawing it, Apple prevented UK authorities from forcing a backdoor but also stripped local users of the highest level of data security. This precedent shows Apple is willing to sacrifice certain services rather than weaken its encryption architecture—and Canadian users could face a similar outcome if Bill C-22 passes.

3. Why does Apple refuse to create encryption backdoors for governments?

Apple’s position is rooted in the fundamental principle that a backdoor designed for “good guys” cannot be reliably sealed off from “bad guys.” As the company argued after the 2015 San Bernardino shooting, there is no such thing as a backdoor available only to authorized law enforcement. Any cryptographic weakness deliberately introduced can be discovered, copied, or exploited by malicious actors worldwide. Apple believes that strong end-to-end encryption is essential for protecting user privacy, personal data, and even national security. Weakening it would undermine trust in Apple’s ecosystem and leave billions of devices vulnerable to cyberattacks.

4. What specific services could Apple remove in Canada if Bill C-22 becomes law?

If Bill C-22 passes and Apple refuses to comply, it would likely repeat its UK strategy by disabling end-to-end encryption features for Canadian users. The most prominent target would be Advanced Data Protection, which secures iCloud data like backups, messages, and Health app information. Other services that rely on end-to-end encryption, such as FaceTime and iMessage, might also be affected. Apple could choose to restrict those features entirely for Canadian accounts rather than introduce a backdoor. The result would be a significant downgrade in privacy and security for Canadian consumers, who would lose the strongest protections currently available on iOS and macOS.

5. How are other tech companies, like Meta, responding to this bill?

Meta has joined Apple in pushing back against Bill C-22. The company argues that the bill would force it to break end-to-end encryption on WhatsApp, Messenger, and Instagram DMs, which could have catastrophic consequences for user safety. Meta has stated it would consider pulling its encrypted services from Canada rather than complying. Like Apple, Meta believes that any mandated backdoor would be exploited by criminals and state actors. Their joint resistance highlights a broader industry consensus: no major tech firm will voluntarily weaken encryption, even under legal pressure, because the reputational and security risks are too great.

6. What can Canadian users do to protect their data if Bill C-22 passes?

If Bill C-22 becomes law and Apple or other companies remove strong encryption features, Canadian users will need to take proactive steps to safeguard their privacy. They can enable third-party encrypted messaging apps like Signal or Telegram that operate outside the jurisdiction of Canadian law. For cloud backups, they can use external drives or encrypted local storage instead of iCloud. Activating an open-source VPN can also help mask communications. However, these workarounds may be less convenient and less integrated than the services Apple currently provides. Ultimately, the best protection is to advocate for privacy-friendly legislation—users can contact their Members of Parliament or support digital rights groups fighting against Bill C-22.