Staff Reports
House Judiciary Chairman Jim Jordan and House Foreign Affairs Chairman Brian Mast just waved a red flag at our northern neighbor. Their joint letter to Canada’s Minister of Public Safety, Gary Anandasangaree, warns that Bill C-22 — the so-called Lawful Access Act — could open backdoors into encryption and put Americans’ private data at risk. This is not polite diplomacy. It’s a clear push to protect U.S. citizens from another country’s overreach into tech and privacy.
The new warning from House GOP
The core news is simple: two senior Republican committee chairs formally told Canada the bill could create cross-border vulnerabilities. The letter says Bill C-22 would expand surveillance powers, let Canada compel tech firms to build capabilities that could weaken encryption, and allow “secret ministerial orders” reviewed only by an Intelligence Commissioner. The chairs urged Canada to coordinate with the United States and suggested using the CLOUD Act framework so lawful access happens without exposing Americans to new risks. That’s the development. Everything else is context — useful, but secondary.
Why Americans should care
Tech doesn’t respect borders. Big cloud services and apps run across the globe. If a Canadian order forces a U.S. company to change design or add a capability, that change can’t be neatly boxed into Canada. It would affect U.S. users just as much as Canadians. The chairmen called that out: a forced redesign “cannot be geographically limited.” Translation: your private messages, health records, and bank info could become less safe because Ottawa wants quicker access for its police. If you like encryption, you should not shrug this off.
Don’t buy the “modernization” defense
Ottawa says Bill C-22 merely modernizes old laws so law enforcement can do its job. That’s a fine talking point for press releases, but it ignores the real problem: vague legal language plus secret ministerial orders equals power without accountability. Civil-liberty groups and encryption experts have already warned about this. And the U.S. chairs are right to point to the UK episode with a Technical Capability Notice as proof that domestic orders can have global knock-on effects. When polite euphemisms hide sweeping surveillance tools, Americans should be alarmed — not reassured.
What should happen next
Congress and the White House should press for a firm, legal mechanism to protect Americans — not just polite notes or quiet diplomacy. The CLOUD Act framework exists for a reason: it can let partners lawfully request data while respecting legal safeguards. If Canada won’t play ball, Washington should insist on clear limits, transparency, and no secret orders that force U.S. companies to build systemic vulnerabilities. This is about more than national pride. It’s about keeping Americans’ data safe from well-meaning reformers who think the ends justify exposing everyone to new cyber risks.
