Technology

This government actually does want to search your mail too. No joke. https://www.cbc.ca/news/politics/mail-searches-seu-9.7180828

The thing is, anyone with nefarious intent will just use something else. Theres a zillion ways you could give someone an encrypted message.

Crazy, it's almost like they treat us like inmates!

~~To make things easier please do not seal packages or envelopes for easier and more convenient access~~

Sealing packages and envelopes is now actionable with a limitation period of 10 years.

Hmmm they do? They've been opening mails ever since it exists and now they are mad because they can't open emails? At least I would think so. I don't think governments ever refrained from opening mails and packages if they felt like it.

Only a day or two left to write to your MP and object to it.

They've threatened to for a lot of them, but I'm not actually sure if they've actually done so.

There's a few countries that blocked signal, but I don't know if signal has voluntarily pulled out of any country yet

For example, they've threatened to leave Canada, Sweden, and Australia so far from memory

I don't know of any yet, but these "encryption is for crooks" laws all keep barely failing, so they have not had to yet, from what I've seen.

I managed to use the reader mode trick to get the text:

Signal warns it would pull out of Canada if made to comply with lawful access bill

Marie Woolf 6 - 8 minutes

Udbhav Tiwari, Signal vice-president of strategy and global affairs, says Ottawa’s Bill C-22 could threaten encryption and make private messaging services a potential target for cyberattacks.

Secure messaging service Signal, which uses end-to-end encryption, is warning it would withdraw from Canada if asked to compromise its users’ privacy under Bill C-22, Ottawa’s proposed lawful access legislation.

In an interview, Udbhav Tiwari, Signal vice-president of strategy and global affairs, said the company has deep concerns about measures in the bill, including its potential to introduce security vulnerabilities.

Mr. Tiwari said that Signal “would rather pull out of the country than be compelled to compromise on the privacy promises we have made to our users.”

He expressed fears that Bill C-22, which is currently being scrutinized by Commons committee, could threaten encryption.

Mr. Tiwari also warned changes to systems required under the bill could make private messaging services a potential target for cyberattacks.

“Bill C-22 could potentially allow hackers to exploit these very vulnerabilities engineered into electronic systems, with private messaging services serving as an ideal target for foreign adversaries,” he added in a text message.

Spy watchdog asks for greater oversight of proposed lawful access regime, including to boost public trust

Signal was founded in 2012 and is not linked to major tech companies. It has millions of Canadian users and is used for secure communication by journalists, dissidents, government agencies, private citizens and politicians.

The bill would require telecoms, internet companies and other electronic service providers to make changes to their systems to give surveillance capabilities to police and the Canadian Security Intelligence Service to combat threats and criminal activity.

Signal runs on its own centralized servers. The only user data it stores are phone numbers, users’ last login information and the date they joined the service. Users’ contacts, chats and other information are stored by users themselves, on their phones.

The bill would require “core providers” – which would later be defined through regulations – to retain metadata for up to a year.

The metadata would not include e-mails, web-browsing history, social-media activity or text messages, but it could include information about which telephone numbers have been in touch with each other, and data allowing someone’s location to be pinpointed.

“End-to-end encryption is incompatible with exceptional access, no matter how creative the route taken to achieve it,” Mr. Tiwari added in a statement. “Provisions that enable the deliberate engineering of vulnerabilities into critical infrastructure like Signal are a grave threat to privacy everywhere.”

White hat hackers warn lawful access bill could make it easier for criminals to penetrate Canadian systems

Last year, a Signal chat between U.S. national security officials and Defence Secretary Pete Hegseth mistakenly included a journalist. The chat specified timings of warplane launches and when bombs would drop in planned attacks on Yemen’s Houthis.

At a Commons committee hearing on Bill C-22 earlier this month, Public Safety Minister Gary Anandasangaree, who introduced the bill, was asked about its impact on encrypted services, and described it as “encryption-neutral.”

Tech companies, including Apple, and the Canadian Chamber of Commerce have warned the lawful access regime proposed by the bill could weaken or break encryption.

Meta, which owns encrypted messaging service WhatsApp, testified earlier this month to a Commons committee examining the bill. Rachel Curran, the tech giant’s head of public policy in Canada, warned that the bill “could conscript private companies into service as an arm of the government’s surveillance apparatus – with expansive scope and insufficient safeguards.”

“As drafted, the bill could require companies like Meta to build or maintain capabilities that break, weaken, or circumvent encryption or other zero-knowledge security architectures, and force providers to install government spyware directly on their systems,” she said.

Simon Lafortune, a spokesperson for Mr. Anandasangaree, said Wednesday: “We want to reassure Signal and all service providers that we are not legislating to require them to install capabilities to enable surveillance and any assertions otherwise are false.”

The broadly worded bill could lead to the rollout of forced metadata collection for messaging apps, said Kate Robertson, a senior research associate at the University of Toronto’s Citizen Lab whose expertise includes cybersecurity, state agencies’ use of personal data and surveillance activities.

Ms. Robertson said that when recently pressed to commit to protection for encryption, “government officials were reticent.”

“Encrypted communication systems are a lifeline for human rights defenders, journalists and dissidents around the world,” she said.

Matt Hatfield, director of OpenMedia, a non-profit that advocates for widespread and affordable internet access, said “Signal, WhatsApp and other encrypted messaging services could clearly be scoped into Bill C-22 under its current definitions of electronic service providers.”

“A future public safety minister could issue orders to them requiring them to retain user metadata,” Mr. Hatfield said in an e-mail.

Michael Geist, Canada Research Chair in internet and e-commerce law and professor at the University of Ottawa, said he expected private messaging services to become a high-value target for law enforcement if the bill becomes law, including for obtaining metadata.

He said that currently, courts focus on obtaining data itself, but the lawful access regime would mandate permanent structural changes to company systems.

“There is a significant difference between court-ordered disclosures and mandates to retrofit or change technical structures,” he said.

Pulling out is super easy. Just don't release a compromised version of the app. Done.

If the app in its current form doesn't comply with Canadian law, then the play store can't legally distribute it. So, problem solved.

So basically Signal can pull out of Canada by doing nothing different than they're already doing.

As for the users who already have the app installed, well that's just too bad for the Canadian government isn't it.

Probably the same way Imgur dealt with the UK age verification. If you're from the UK, you are basically IP blocked from Imgur.

Possibly both. Signal will want to protect themselves legally.

It's possible Signal could stop distributing the app through the Play Store and Apple App Store within Canada. Signal is likely to shut off all servers they rent that are hosted inside of Canada at the very least.

In terms of them deactivating people's accounts registered with Canadian numbers that seems less likely to me.

Even if they potentially blocked Canadian IP addresses, Signal already has support for proxies built in and those are ran by diverse people throughout the world. Some individuals host them.

This isn't exactly the same since each situation with each country is different in terms of the law but Signal is banned in some countries such as Iran, Qatar, UAE and others already and people still use Signal by using Signal TLS proxies, VPNs, and other censorship circumvention tools such as Tor.

They didn't deactivate accounts after being banned and they still allow phone number registration in those countries.

For Android people could download the apk file from Signal's website instead of getting it from the Play Store at least.

https://signal.org/android/apk/

While we don't know with certainty what they will do in each situation the past may be an indicator of what they will do to a large extent. But Signal has never pulled out of a country voluntarily before as far as I know so it is uncharted territory.

I think the intentional deactivation of current accounts is unlikely to happen in this case with Canada.

Play store just checks what location you put in for Google account registration and shows the app or not. It's the same for showing region locked movies.