OTTAWA — As legislators prepare for a slugfest of a meeting on the Liberal government’s bill to ease police eavesdropping on digital communications, tech leaders are warning that, unless it’s amended, Bill C-22 could make their businesses impossible to operate in Canada. 

“The issue isn’t lawful access for specific investigations. The issue is mandatory, standing surveillance readiness, in advance,” said Avery Pennarun, CEO of Tailscale. The company raised $230 million in growth capital last year, supporting its business-oriented virtual private network (VPN) products.

If it were passed as written, Tailscale would use “the legal and technical processes available to us” to challenge the law, he said.

To assist potential police investigations, Bill C-22 would force providers to collect and keep exactly the kinds of data that privacy laws, particularly Europe’s, tell them not to, Pennarun said.

“If Europe says you can’t keep it and Canada says you have to keep it, we’re in an untenable situation, right? I can’t operate because I can’t do both,” Pennarun said. In that case, he would have to look at moving, he said: Tailscale has a lot of European customers and they just won’t stand for what Canada is proposing.

“A company providing the services that Tailscale provides almost has to go somewhere else, so that we can provide the service that people want to buy,” Pennarun said.

Yves Eric Laliberte, CEO of Montreal-based cybersecurity company Mondata, zeroed in on the same problem. Mondata keeps its nose out of customer data as much as it can, he said.

“We’re trying to not have access to anything, because you’re supposed to have the least access privilege for everybody, and to try to hide private information—personally identifiable information—from as many people as possible,” Laliberte said.

Simon Lafortune, a spokesperson for Public Safety Minister Gary Anandasangaree, said the minister is open to changes that “enhance transparency, accountability and efficiency.” Still, the government wants the bill passed as soon as possible, he said.

Big Tech and top cops will go head to head on the issue Tuesday, during a special double-length meeting of the House of Commons committee examining the bill.

Apple and Google executives are testifying in the first half. One by one, they and other digital giants have called for big changes in the bill: Apple, Meta, Shopify, Google. So has the Canadian Chamber of Commerce. The common thread: Requiring providers to provide “lawful access” to their systems for even legitimate investigative purposes, on the terms laid out in the bill, means less security for everyone.

Hackers linked to China have previously walked through digital doors created for U.S. law enforcement, for instance.

Encrypted messaging company Signal has said it would rather stop serving Canadians than have to compromise on the security it promises its users. VPN provider NordVPN has said the same. Canadian consumer VPN provider Windscribe has said it might move its headquarters.

The bill would let the government determine later which businesses are subject to stricter data retention requirements, to change the list with relative ease, and to let Anandasangaree or his successors give similar orders to other companies on a case-by-case basis. The government says that’s “future-proofing” the legislation so that it’s not tied to the technologies of 2026.

Pennarun acknowledged that keeping pace with technology is a hard problem, but said the law’s solution is poor.

“We can have a layer of regulation that is sensible, but what you can’t do is have law enforcement people writing the regulations,” he said.

Laliberte is also worried about the compliance burden on smaller companies. Only firms given direct ministerial orders are eligible for compensation for the work required, and entirely at the minister’s discretion.

Anandasangaree introduced Bill C-22 in March, promoting it in an Ottawa news conference, surrounded by senior police officers. In a nutshell, they argue that they’re trying to solve 21st-century crimes committed by crooks with encrypted smartphone apps, using a law written to let them listen in on phone calls made over copper wires.

“Technology has moved forward. Our laws are stuck in another century,” Anandasangaree said at the time.

Senior police officers, like Ontario Provincial Police Commissioner Thomas Carrique—who was with Anandasangaree at that announcement—and child-exploitation investigators are to testify in the second half of the meeting.

The National Police Federation filed a brief with the committee saying law enforcement struggles to fight online extortion and child exploitation and to crack crime rings whose members use encrypted communications, even with court orders behind them.

“A judge issues a production order or wiretap authorization, and the service provider simply cannot or will not comply because it has no system to do so. Investigations stall, evidence is lost, victims remain at risk and offenders go unidentified,” the federation’s filing says.

If anything, it argues, the bill needs language adding to providers’ obligation to preserve data so that it can’t be wiped by a user or automatic processes while police are going through legal steps to obtain it.

Pennarun remains hopeful that Parliament will eventually pass a bill he and other tech leaders can live with.

“As written, I think it’s very bad,” he said. “I’m a realistic person. I don’t think it’s very likely to pass as written.”