惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

罗磊的独立博客
Apple Machine Learning Research
Apple Machine Learning Research
The Cloudflare Blog
WordPress大学
WordPress大学
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 叶小钗
博客园 - 聂微东
阮一峰的网络日志
阮一峰的网络日志
腾讯CDC
博客园 - 三生石上(FineUI控件)
V
V2EX
有赞技术团队
有赞技术团队
V
Visual Studio Blog
小众软件
小众软件
Jina AI
Jina AI
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - Franky
量子位
T
Tailwind CSS Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
Cisco Talos Blog
Cisco Talos Blog
I
Intezer
Project Zero
Project Zero
A
Arctic Wolf
P
Privacy International News Feed
V
Vulnerabilities – Threatpost
L
Lohrmann on Cybersecurity
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Tor Project blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
Security @ Cisco Blogs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 热门话题
G
GRAHAM CLULEY
Help Net Security
Help Net Security
N
News | PayPal Newsroom
W
WeLiveSecurity
G
Google Developers Blog
Microsoft Security Blog
Microsoft Security Blog
Engineering at Meta
Engineering at Meta
MongoDB | Blog
MongoDB | Blog
C
Check Point Blog

Hacker News: Front Page

SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads GitHub - GainSec/AutoProber: Hardware hacker’s flying probe automation stack for agent-driven target discovery, microscope mapping, safety-monitored CNC motion, probe review, and controlled pin probing. Introducing Claude Opus 4.7 Qwen Studio The Future of Everything is Lies, I Guess: Where Do We Go From Here? GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh Virginia Bans Sale of Geolocation Data Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Ancient DNA reveals pervasive directional selection across West Eurasia [pdf] AI cybersecurity is not proof of work Moving a large-scale metrics pipeline from StatsD to OpenTelemetry / Prometheus GitHub - Nightmare-Eclipse/RedSun: The Red Sun vulnerability repository GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. A Better Ludum Dare; Or, How to Ruin a Legacy GitHub - macOS26/Agent: Any AI, replaces Claude Code, Cursor, OpenClaw. Over 18 LLM providers (Claude, OpenAI, Gemini, Ollama, Zai, HF, Qwen) wired into a native Mac app that writes code, builds Xcode projects, bumps versions, manages git, automates Safari, use AppleScript, JS or Accessibility, extend Agent! w/ MCP Servers, run tasks from your iPhone via Messages. YouTube now lets you turn off Shorts I Made a Terminal Pager Burgers | マクドナルド公式 Commands — HackerNews CLI documentation ChatGPT for Excel PiCore - Raspberry Pi Port of Tiny Core Linux Live Nation illegally monopolized ticketing market, jury finds Google Broke Its Promise to Me. Now ICE Has My Data. Founding Engineer at Adaptional | Y Combinator CRISPR takes important step toward silencing Down syndrome’s extra chromosome GitHub - saffron-health/libretto: The AI toolkit for building reliable browser automations US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf] Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests Fragments: April 14 Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings Laravel raised money and now injects ads directly into your agent Codex Hacked a Samsung TV Tech Valuations Back to Pre-AI Boom Levels A perfectable programming language — Soter GitHub - halfwhey/claudraband: Claude Code for the Power User Partnership through Play: Investigating How Long-Distance Couples Use Digital Games to Facilitate Intimacy Textbooks and Methods of Note-Taking in Early Modern Europe (2008) Eternity in six hours: Intergalactic spreading of intelligent life (2013) Seven countries now generate 100% of their electricity from renewable energy Tell HN: OpenAI silently removed Study Mode from ChatGPT Pro Max 5x Quota Exhausted in 1.5 Hours Despite Moderate Usage Show HN: Oberon System 3 runs natively on Raspberry Pi 3 (with ready SD card) Tell HN: docker pull fails in spain due to football cloudflare block Bring Back Idiomatic Design No one owes you supply-chain security GitHub - xsawyerx/curl-doom: DOOM, played over cURL Apple update turns Czech mate for locked-out iPhone user The Grand Line Cache TTL silently regressed from 1h to 5m around early March 2026, causing quota and cost inflation Building a Z-Machine in the worst possible language The peril of laziness lost Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda AI Will Be Met With Violence, and Nothing Good Will Come of It GitHub - duguyue100/midnight-captain: Inspired by Midnight Commander, tailored to my taste. How to build a `git diff` driver · Jamie Tanna | Software Engineer Center for Responsible, Decentralized Intelligence at Berkeley The Local Universe’s Expansion Rate Is Clearer Than Ever, but Still Doesn’t Add Up - A new synthesis of astronomical measurements confirms a persistent mismatch that could point to physics beyond current models The disturbing white paper Red Hat is trying to erase from the internet – OSnews NetBlocks (@netblocks@mastodon.social) The Future of Everything is Lies, I Guess: Annoyances ‘Abhorrent’: the inside story of the Polymarket gamblers betting millions on war Productive procrastination — Max van IJsselmuiden maps, territory and LMs 447 Terabytes per Square Centimetre at Zero Retention Energy: Non-Volatile Memory at the Atomic Scale on Fluorographane Show HN: Pardonned.com – A searchable database of US Pardons 20 Years on AWS and Never Not My Job The Seasons are Wrong The FAA wants gamers to apply for air traffic control jobs Artemis II crew splashes down near San Diego after historic moon mission Why weekends are under threat We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs How a dancer with ALS used brainwaves to perform live On filing the corners off my MacBooks Installing every* Firefox extension OpenClaw’s memory is unreliable, and you don’t know when it will break Steve Blank Nowhere Is Safe Chimpanzees in Uganda locked in vicious 'civil war', say researchers watgo - a WebAssembly Toolkit for Go linux/Documentation/process/coding-assistants.rst at master · torvalds/linux GitHub - callumlocke/json-formatter: Makes JSON easy to read. Founding Product Engineer at Bild AI | Y Combinator A compelling title that is cryptic enough to get you to take action on it GitHub - Keychron/Keychron-Keyboards-Hardware-Design: Industrial design files for Keychron keyboards and mice. 100+ models with CAD assets in STEP, DXF, DWG, and PDF. Source-available, with commercial use allowed for original compatible accessories within the license terms. [ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released 1D-Chess Helium Is Hard to Replace Keeping a Postgres queue healthy — PlanetScale Serenity Forge (@serenityforge.com) Our response to the Axios developer tool compromise Do Americans read print books, e-books or audiobooks more? Uncharted island soon to appear on nautical charts The Problem That Built an Industry Fragments: April 2 Python Release Python install manager 26.1 Bitcoin miners are losing $19,000 on every BTC produced as difficulty drops 7.8% God sleeps in the minerals Harness engineering: leveraging Codex in an agent-first world Apple Silicon and Virtual Machines: Beating the 2 VM Limit What have been the greatest intellectual achievements? The APL Programming Language Source Code
Canada is about to weaken every lock on your private messages — dontsurveil.me
laurex · 2026-05-18 · via Hacker News: Front Page

01

Bill C-22  •  Canada  •  May 2026

For the last decade, your messages have had a lock on them.

Only you, and the person you're talking to, hold the key. Not the app. Not the company. Not the government. You probably don't think about it. That's the whole point — it just works.

Until, possibly, the end of this summer.

What Bill C-22 would do

Every messaging app in Canada would be required to build a second key.

With Bill C-22, the government would hold the copy. The lock you trust would no longer be a lock only you can open. It would be a lock the locksmith was ordered to duplicate.

The paradigm shift

Today

Only you have the key.

  • Even the app's own engineers can't read your messages.
  • If a court demands the content, Signal has nothing to hand over.
  • A hacker who breaks in finds noise, not your conversations.

If Bill C-22 passes

A copy of the key must exist.

  • The provider must build a way in, even when they don't want to.
  • A court can demand the content. The provider must comply or be fined.
  • A hacker who finds the way in walks through it. It has happened.
Photo for Why this is about you

Why this is about you

It touches almost everything you do online.

It's tempting to read a bill called "Lawful Access" as something that affects other people. In practice, the architecture it would build sits inside the apps and services you use every day.

If you text family or friends

Every message you send through Signal, iMessage, WhatsApp, or Messenger becomes legally reachable. Today, the company can't read them. Under this bill, it would be required to be able to.

If you message a doctor or therapist

The confidentiality you assume when texting your clinic, scheduling a sensitive appointment, or messaging through a patient portal relies on the same encryption this bill weakens. Health-care apps are in scope.

If you talk to a lawyer

Solicitor-client privilege depends on confidential communication. End-to-end encryption is how that promise gets enforced in practice today. A backdoor doesn't recognize privilege.

If you're a journalist or source

Source protection becomes structurally harder. A backdoor doesn't distinguish between a whistleblower exposing corruption and a leak of state secrets. Both flow through the same compromised channel.

If you organize, protest, or dissent

Activist coordination, advocacy work, and political organizing all rely on private communication. Surveillance burdens historically fall hardest on already-policed communities. This bill continues that pattern.

If you run a small business

"Electronic service provider" is defined broadly — your SaaS, your booking system, even a small clinic's patient portal can fall in scope. Some orders come with gag clauses. None come with funding.

If you cross borders

Once Canada builds this framework, foreign governments can request data through mutual legal assistance treaties. Your data — including data created entirely within Canada — becomes reachable by states whose privacy norms differ from yours.

If you're escaping harm

Survivors of intimate-partner violence and stalking often rely on encrypted messaging to coordinate with shelters, lawyers, and family without being tracked. A mandated way around encryption doesn't ask who's looking — it opens the door for whoever finds it.

We already know how this ends

In 1994, the United States passed a law just like this. Phone companies were required to build a second key into their networks.

For thirty years, it sat there. Working as intended.

Then, in 2024 —

stolen.

A hacking group linked to the Chinese state walked through the lawful-access infrastructure of every major U.S. phone carrier.

They listened to calls. They read texts. They watched the data of presidential campaigns.

They were inside for months before anyone noticed.

The copy was the door.

The attack is called Salt Typhoon. Afterwards, Canada's own Centre for Cyber Security joined twelve other governments' cybersecurity agencies in formally recommending more encryption, not less.

What this bill does, by threat vector

What this bill actually compromises.

Bill C-22 isn't a single law doing a single thing — it crosses multiple distinct categories of digital surveillance. Tap any vector to see the plain-language explanation and the specific bill section where it lives.

01 Encryption mandates The state forces providers to build a way around end-to-end encryption.

Plain

The Minister of Public Safety can order any designated "core provider" to build the operational and technical capability to give state actors access to user information — even when that information is end-to-end encrypted. There's a "systemic vulnerability" safeguard, but Meta, Apple, Signal, and NSIRA all say it's inadequate because the Governor in Council retains unilateral authority to define what counts as a "systemic vulnerability."

Bill

Part 2 — Supporting Authorized Access to Information Act, §§ 5–14. See especially s. 7 (Ministerial orders) and s. 14 (Obligation to assist).

Actions

  • PoliticalSign the OpenMedia letter. Email your MP before second reading. Push committee for explicit "no backdoor" language in s. 7.
  • PersonalMove sensitive conversations to Signal (the Signal Foundation has said it would leave Canada rather than comply). Turn on iCloud Advanced Data Protection.
  • CollectiveBack OpenMedia, CCLA, and CIPPIC — they're carrying the legal and lobbying load.
02 Bulk metadata retention Providers must keep records of who-talked-to-whom for up to a year, on everyone.

Plain

Tucked into Part 2, a clause authorizes the government to require providers to retain broad categories of metadata — including transmission data — for up to one year. On everyone, regardless of suspicion. Even data providers don't currently collect for their own business purposes.

New in C-22. This retention provision was added in C-22 — it wasn't in the predecessor Bill C-2. So C-22 isn't just a carve-out of C-2's lawful access content; on metadata, it's an expansion. (Geist, March 2026.)

Michael Geist calls blanket metadata retention "one of the most privacy-invasive tools a government can deploy" — the patterns it captures (who you called, when, from where, with what device) are often more revealing than what was said. The EU struck down equivalent rules in 2014 as disproportionate.

Bill

SAAIA s. 5(2)(d) — authority for the Governor in Council to make retention regulations covering "categories of metadata — including transmission data, as defined in section 487.011 of the Criminal Code — for reasonable periods of time not exceeding one year."

Actions

  • PoliticalDemand SAAIA s. 5(2)(d)'s one-year retention authority be struck or sharply scoped at committee. Cite the 2014 EU Data Retention Directive ruling as precedent.
  • PersonalUse messengers that minimize metadata (Signal logs almost nothing). Turn on disappearing messages.
  • CulturalMake the metadata-vs-content distinction visible — "we don't read your messages" doesn't mean "we don't know who you talk to."
03 Cross-border data sharing Canadian courts can compel foreign providers to hand over Canadian users' data.

Plain

A new provision lets Canadian courts authorize peace officers to make production requests to foreign entities that provide telecommunications services to Canadians. The extraterritorial reach matters: it ties into the in-progress CLOUD Act conversation between Canada and the U.S., and it means a Canadian subpoena now points at servers outside Canada.

Bill

Part 1, new Criminal Code s. 487.0181 — Application for transmission data or subscriber information held by foreign entity. Threshold: reasonable grounds to suspect.

Why this is its own vector

It's not just data retention — it's the legal architecture for reaching outside the country. Authoritarian governments cite frameworks like this in their own debates.

Actions

  • PoliticalPush to raise s. 487.0181's "reasonable suspicion" threshold to "reasonable belief." Insist any Canada–US CLOUD Act executive agreement goes through Parliament before signing.
  • PersonalChoose providers in jurisdictions with stronger data protection where you can — Swiss or German hosting for sensitive material.
  • EducationalTrack quiet bilateral agreements your government is negotiating. Most never make the news.
04 Platform compulsion Providers can be forced to comply — and forbidden from telling anyone.

Plain

Three mechanisms working together: (1) the "Obligation to Assist" requires designated providers to comply with any order issued under SAAIA; (2) the "Prohibition on Disclosure" makes it illegal for a provider to disclose the existence or contents of an order — sometimes for up to a year; and (3) the new voluntary-disclosure safe harbour shields providers from civil and criminal liability if they hand over data without an order at all. Together: compelled assistance, compelled silence, and incentivized voluntary handover.

Bill

SAAIA ss. 14 (Obligation to assist), 15 (Prohibition on disclosure). Criminal Code s. 487.0195 as amended by C-22 cl. 11 (voluntary-disclosure liability shield). Criminal Code s. 487.0121 (Confirmation-of-service demand, with non-disclosure conditions up to one year).

Actions

  • PoliticalDemand sunset clauses on gag-order durations. Push for a mandatory transparency-report requirement so providers can publish aggregate order numbers.
  • PersonalUse providers with strong track records of resisting unlawful orders. Watch for sudden shutdown notices as red flags (Lavabit, ProtonMail letters).
  • CollectiveBack journalism that exposes secret order regimes — Citizen Lab, the Guardian, the NYT national-security desk.
Photo for On the record

On the record

A row of no's you don't usually see line up together.

Apple

"We will never insert backdoors."

Reuters · May 2026

Signal

"We'd rather pull out of Canada than compromise our users' privacy."

Globe & Mail · 2026

Meta

"Sever Part 2 from this bill. It is unworkable as drafted."

Brief to committee · May 2026

NSIRA

"Under this bill, we cannot do our job."

Canada's own oversight body · April 2026

U.S. Congress

"Providers will inevitably face directives to weaken encryption."

House Judiciary & Foreign Affairs chairs

NordVPN

"There isn't a scenario in which we would compromise our no-logs architecture or encryption protections."

Globe & Mail · May 2026

Windscribe

"VPNs cannot operate if they are forced to retain information on the people who use their networks."

Toronto-based · May 2026

Internet Society

"We need more tools to protect ourselves online, not less."

Keep Canada Protected · 2026

CCF

"Bill C-22 puts at risk Canadians' fundamental right to privacy under Section 8 of the Charter."

Canadian Constitution Foundation · 2026

The institutions opposing this bill include the government's own national security review body, every major messaging company in Canada, the two largest VPN providers (one of them Toronto-based), and the chairs of two U.S. House committees. There is no institutional brief on the public record defending Part 2 — apart from the government itself.

How we got here

This effort to compromise our digital life has been coming for fourteen years.

The same content has appeared three times. It has been defeated twice. Today, it is at parliamentary committee — the last realistic window in which it can be changed.

2012

Bill C-30. The federal "Protecting Children from Internet Predators Act" proposes warrantless access to subscriber information. Withdrawn after public backlash.

Jun 2025

Bill C-2 (Strong Borders Act). The lawful-access content reappears, buried as Parts 14 and 15 of an omnibus border bill. Stalls.

Sep 2025

NSICOP Special Report on Lawful Access. A committee of MPs and senators with top-secret clearance publishes a 100+ page review of Canada's existing lawful-access powers. The report becomes the intellectual scaffolding for the bill that lands six months later.

Oct 2025

Bill C-12. The border parts are reintroduced without the lawful-access sections. Eventually becomes law in March 2026 — without them.

Mar 12 2026

Bill C-22 introduced as a standalone lawful-access bill. First reading.

Apr 20 2026

Second reading passes. Bill referred to the Standing Committee on Public Safety and National Security (SECU).

May 7 2026

Most recent committee meeting. NSIRA, Meta, the Canadian Telecommunications Association, the Internet Society have all filed briefs.

Today · May 15

Committee is reviewing written briefs (NSIRA, Meta, CTA, Internet Society, others) and hearing witnesses. Clause-by-clause review hasn't started yet — meaning the bill text is still open to amendment. This is the window in which the bill can still be changed.

Late May

More witness hearings. SECU's witness list is partially public; the rest is set by the chair (Hon. Jean-Yves Duclos). Civil society organizations, cryptographers, and additional industry voices are still being scheduled. Written briefs continue to be accepted.

Early Jun est.

Clause-by-clause review. Members go through the bill line by line and vote on amendments — every party can propose them. This is the last realistic moment to add specific protections, such as a hard statutory bar on encryption-breaking orders.

Mid-Jun est.

Committee reports back to the House. Report-stage debate. Final amendments by motion. Third reading vote in the House of Commons.

Late Jun

Senate referral, if the House passes it. The Senate runs its own committee study and three readings. Historically, the Senate has been a meaningful check on lawful-access legislation. Could move fast or slow the bill considerably.

After

Royal assent, if both chambers pass it. The bill becomes law. The Minister can begin issuing technical-capability orders within weeks. After this point, the politics is over — the fight moves to the courts.

Committee's end date isn't publicly announced. Based on the government's stated timeline — passage before Parliament rises for next major committee milestone (around May 27) — committee study most likely wraps in late May or early June. Check LEGISinfo for current status.

Time is running out

The window to influence this outcome is closing.

Days

Hours

Minutes

Seconds

By this date, the committee studying the bill is expected to finish hearing witnesses. In early June, MPs will go through the bill line by line and vote on changes — the last realistic chance to alter what it says. After that, the bill goes back to the full House of Commons, where changing it becomes much harder.

Photo for If this passes

If this passes

Here's what happens after the vote.

A bill becoming law isn't a single moment of change — it rolls out in stages. Some consequences hit immediately. Others compound over years. Together, they're what's actually being decided right now.

01 The first days

The Minister gains a new pen, and a list of recipients we can't see.

Within weeks of royal assent, the Minister can begin issuing technical-capability orders to electronic service providers. Some orders are public. Some are classified — even the existence of an order can be a state secret. The first round will likely go to the big providers most Canadians use every day. Smaller services will not be told they're next until they are.

02 The first year & the court fight

Providers comply, leave, or fight in court.

Apple has said publicly they will not comply. Signal has said they will leave. WhatsApp's parent company has said the technical demands are unworkable. Smaller Canadian SaaS companies — most of which can't afford a Charter challenge — will face the hardest choice. Litigation will take years. During those years, the orders are still in force.

Lawyers expect this bill to be challenged under Section 8 of the Charter — your right against unreasonable search. But that challenge happens after the law is in force. By then the backdoors are built, the metadata is being collected, and orders are going out. Untangling that in court can take years.

03 The first hack

It has happened before.

The capability built for police becomes the capability that gets stolen. Three confirmed cases of mandated lawful-access infrastructure being breached, across three decades:

  • 2005 The Athens Affair. Unknown attackers compromised the lawful-intercept system mandated in Vodafone Greece's network. The Greek Prime Minister and roughly 100 senior officials had their calls monitored for almost a year before anyone noticed.
  • 2010 Operation Aurora. Chinese state-linked attackers breached Google's internal compliance system — the same portal used to respond to lawful U.S. government data requests — and read the Gmail accounts of dissidents and journalists.
  • 2024 Salt Typhoon. A Chinese state-linked group walked through the CALEA-mandated lawful-intercept infrastructure of every major U.S. phone carrier. Months of calls and texts. Presidential campaigns. Members of Congress.

Three countries. Three decades. Three different attackers. The same architectural decision in every case. The same outcome. Canada's smaller providers will not have better security than the systems that have already failed.

04 Years out

The vulnerability becomes someone else's law, too.

Once Canada has the framework, foreign governments can request data through mutual legal assistance treaties. Authoritarian governments cite the Canadian precedent for their own laws. Companies operating in Canada either accept the same architecture globally, or build a two-tier product where Canadian users get the weaker version.

The U.K.'s Investigatory Powers Act has been in force since 2016 — and in 2025, the Home Office used it against Apple's Advanced Data Protection. Apple withdrew the feature from the U.K. rather than weaken it. Australia's Assistance and Access Act, passed in 2018, is the broadest comparable framework in the Five Eyes; civil society and industry have spent six years documenting its harms. These are not cautionary stories from elsewhere. They are the architecture Canada is about to copy. We are deciding whether to join them.

How to push back

Protect your privacy.

What committee members are watching is the breadth of opposition — whether it's coming from many directions at once. Pick whichever fits your time and inclination. They all matter.

Start here · 15 minutes

Email your MP. Tell them to vote against Part 2.

The single highest-leverage move you can make right now. Especially if your MP sits on the Public Safety committee — they're the ones reviewing the bill this week. One paragraph, in your own words, mentioning that you're a constituent.

Find your MP →

Other ways to be heard, in parallel:

Political

Add weight to the political path.

  • Sign an open letter 5 minutes

    Adds your name to the OpenMedia campaign. Volume signals scale even if individual letters land harder.

  • Submit a brief to SECU 30 minutes

    Written briefs are still being accepted at committee. Even a one-page letter on the public record adds to what MPs see during clause-by-clause review.

Personal

Defend your own communications.

  • Use Signal 2 minutes

    The strongest end-to-end encrypted messenger. Open-source, independently audited, free, works on every platform. Move sensitive conversations there.

  • Audit your phone's defaults 15 minutes

    Disable ad tracking. Turn on encrypted backups. Limit which apps can read your contacts, location, mic, and camera. Most of the surveillance footprint on your phone is in defaults you never chose.

  • Choose open alternatives 30 minutes

    Migrate off closed platforms whose business model is harvesting you. Signal over WhatsApp. Firefox over Chrome. Proton or Tuta over Gmail. Open-source tools are auditable, community-built, and structurally harder to silently compromise.

Collective

Move with others.

  • Join a live Q&A 1 hour

    Hear directly from people working on this. Ask questions. Find out what's happening at committee right now, from people who are there.

  • Support digital-rights organizations 5 minutes

    OpenMedia (Canada), EFF, Internet Society, Citizen Lab — the orgs litigating, lobbying, and researching this fight need ongoing support.

  • Share the PSA + media pack 5 minutes

    Most Canadians likely don't know this change is happening. The media pack has pre-written social copy, posters, talking points, FAQ, and templates — built for activists, organizers, journalists, and educators who want to share this resource.

Upcoming events

Hear from the people working on this.

Live conversations with researchers, advocates, and organizers tracking Bill C-22. Ask questions. Find out what's happening at committee right now, from people who are there.

Photo for Community board

Share this anywhere.

A briefing kit, not just assets: one-pager, talking points, FAQ, plus posters and pre-written templates. Free to use.

When posting on social, tag with #cdnpoli and #BillC22 so it reaches the right audience.

For journalists

Who can speak to this on the record.

A short list of informed people, projects and organizations likely available for contact. If you're working on a piece and need someone who can speak to a specific angle, start here.

Michael Geist

Canada Research Chair in Internet Law · U. of Ottawa

Speaks toLegal & policy analysis, comparative law, internet regulation, the Online News Act parallel

media@uottawa.ca EN / FR

Robert Diab

Professor of Law · Thompson Rivers University

Speaks toCharter rights, metadata retention regimes, comparative Five Eyes analysis

media@tru.ca EN

OpenMedia

Digital-rights advocacy · Vancouver

Speaks toCivil society framing, public engagement, the campaign coalition

media@openmedia.org EN / FR

Citizen Lab

Munk School · University of Toronto

Speaks toTechnical research on surveillance, encryption analysis

info@citizenlab.ca EN

CIPPIC

Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic

Speaks toStatutory analysis, Charter challenges, public interest litigation

cippic@uottawa.ca EN

CCLA

Canadian Civil Liberties Association

Speaks toCivil liberties framing, historical context (Bill C-30), advocacy

media@ccla.org EN / FR