Signal, a secure messaging service that uses end-to-end encryption, has warned it could withdraw from Canada if it is asked to comply with Bill C-22, otherwise known as the lawful access bill.
In an interview with The Globe and Mail, Udbhav Tiwari, Signal’s vice-president of strategy and global affairs, said the company has deep concerns about some of the measures in the bill, including the potential to introduce security vulnerabilities. He also said that Signal, which has been around since 2012, “would rather pull out of the country” than compromise the privacy promises it made to its userbase.
Tiwari also warned that the system changes required by the bill could leave private messaging services like Signal vulnerable to cyberattacks.
“Bill C-22 could potentially allow hackers to exploit these very vulnerabilities engineered into electronic systems, with private messaging services serving as an ideal target for foreign adversaries.”
As a note, Signal is open-source and runs on its own centralized servers. The only user data it stores is phone numbers, the last time someone logged in, and the date they joined the service. Users’ contacts, chats, and other information are stored on their devices. Moreover, the Signal Protocol is an end-to-end encryption system for messages and voice communications used not just by Signal but by many other apps, including the popular WhatsApp.
Shifting over to Bill C-22, this bill would require telecoms, internet companies, and other electronic service providers to modify their systems to enable police and the Canadian Security Intelligence Service to use surveillance capabilities to target threats and other criminal activity.
One part requires “core providers” (to be defined later through regulations, according to The Globe and Mail) to retain metadata for up to a year. This metadata reportedly will not include emails, search history, social media activity, or text messages, but it could include information such as which phone numbers have been in contact with each other and data that allows someone’s location to be pinpointed. However, I should note that similar technology has been around for 30-plus years and is common for tracing missing people or suspects in criminal investigations.
However, the other part of the bill is more concerning. It would allow the federal government to secretly order companies to weaken encryption or create backdoors in order to access information. While that alone is concerning, adding backdoors would weaken encryption overall, creating new vulnerabilities that criminals could exploit.
Signal is not alone in speaking up on this. Apple recently raised concerns about the context of Bill C-22 and said it “will never” add a backdoor to its end-to-end encryption, and warned that the company might not be able to release certain features in Canada because of this.
Source: The Globe and Mail
MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.
