Critics of the bill are right to be concerned, so why the curious silence in the government’s Charter Statement?
Shortly after tabling bill C-2 in June, which I’ve written a few posts about, the government tabled Bill C-8, the Cyber Security Act. It too raises serious concerns about privacy but hasn’t attracted nearly as much attention.
In broad terms, the bill does two things. It amends telecommunications law to allow the Minister of Industry to order telcos like Shaw and Telus to make changes to their systems to bolster security and investigate breaches. It also creates a new framework for protecting “critical cyber systems” that support infrastructure like pipelines, banking networks, and commercial telecommunications.
With the bill now at second reading, digital rights advocates have argued before a standing committee that portions of the first part of the bill are especially concerning and likely violate section 8 of the Charter, which guarantees the right to be secure against unreasonable search or seizure.
The nub of the issue is the power in bill C-8 to order a telco like Shaw to do something that might involve the incidental collection of personal information or its disclosure to an agency like the Communications Security Establishment (CSE) investigating a cyberbreach.
To make this more vivid, consider the testimony of Simon Noël, Intelligence Commissioner of Canada, before the committee in October, where he said:
In my experience as IC—with over three years and 45 decisions rendered—for the CSE to analyze and understand a cyber-incident, it must have access to information about the incident. There may be situations where this information is only technical in nature and sharing it with the CSE raises no privacy concerns, as you were told when you met with other witnesses. However, to fully understand the cyber-incident, other situations may require the CSE to have access to information, including technical information, for which Canadians have a reasonable expectation of privacy. I’ve seen it. … I agree that it’s technical information, but I also know that if you want a positive result on an incident of such importance, they need to go into the content. I’ve seen it in every cyber-operation I’ve been involved in.
Critics of the bill point out important gaps in C-8 that fail to address the Commissioner’s concerns. They note features of the bill that might even make problems worse.
Dec 17, 2025
As it inches toward a majority in Parliament, the Liberal government is signaling its intention to move ahead with the controversial parts of the Strong Borders Act it chose to shelve back in October — in response to strong opposition from the other parties.
I’ve written about the various privacy-invasive powers in the bill briefly here, and in more detail here.
Last week I had the pleasure of attending a roundtable with the Honourable Minister of Public Safety, Gary Anandasangaree, who asked for ideas about how to improve the bill.
Here are five:
Oct 25, 2025
Earlier this month, when no other party would support the Liberals in passing Bill C-2—the ‘Strong Borders Act,’ with its controversial surveillance powers—the government shelved it.
More precisely, it split off the contentious parts of the bill from the customs and immigration provisions meant to appease our neighbours to the south and re-tabled those as Bill C-12.
But it didn’t withdraw C-2. The Minister of Public Safety insists that all of C-2 is still on the agenda.
Among the most concerning parts of C-2 that were temporarily shelved are the ‘lawful access’ provisions found in a new statute that the Bill would have brought about: the ‘Supporting Authorized Access to Information Act.’
As I’ve written earlier, this new law would have given the government the power to compel ‘electronic service providers’ like Shaw or Telus, or Apple and Google, to ‘install equipment’ or make technical modifications to give police and CSIS direct access to private data for real-time interception or seizure of stored communications. That’s your email, texts, and everything you have stored in iCloud, in case you were wondering.
Sep 26, 2025
Last week, the Liberal government tabled Bill C-9, containing three new criminal offences targeting hate speech — as a response to the alarming and appalling rise in antisemitic violence in Canada in the past two years, along with attacks against places of worship, schools, and community centres.
The new offences primarily capture acts of intimidation of a physical sort: blocking access to a synagogue, mosque, or temple, or promoting hatred by waving flags or symbols of groups listed as terrorist entities.
But two of the offences will apply to speech online and raise questions for me about where they fit in the panoply of hate speech offences in Canada — and whether we’re likely to see further regulation of online speech this fall.
I thought I’d write this short post to help situate the new offences in the Criminal Code’s existing hate speech provisions, highlight what they add to what we already have, and remind readers about Bill C-36 in 2021, which sought to revive a human rights law that would make hate speech a form of actionable discrimination — since it may be coming back.
Sep 19, 2025
A new article in AI Magazine draws an illuminating comparison between what AI is doing to writing and what photography did to art in the 1840s. It helps to make sense of a question many of us are thinking about more often: does increasing reliance on AI signal the end of writing?
The insights in this piece resonate with me, given the quantum leap in my own use of AI over the past few months.
I’m now making such frequent use of it — integrating it into my research, writing, and editing — that it has me wondering what’s really happening.
As I describe in a piece for the CBA’s National Magazine, I’ve been dipping in and out of Claude, ChatGPT, and Perplexity constantly — to get a quicker lay of the land on new topics, reword sentences, and tighten drafts. But the pace and intensity feel like a transformation as momentous as the shift from typewriter to computer, or from paper-based research to the internet.
To be clear, I’m not using AI to create texts. But using it more often to edit, it sometimes causes me to think about my claim to authorship. At what point does a suggestion — or re-write of a paragraph — mean it’s no longer me?