07/16/2026 | Press release | Distributed by Public on 07/16/2026 11:41
Washington, D.C. - U.S. Sen. Ron Wyden, D-Ore., today urged the Trump Administration to act quickly to protect U.S. national security and the safety of Americans' communications from the serious threat posed by a proposed Canadian spying law, known as Bill C-22.
Wyden warned that the law threatens to weaponize American technology, by forcing U.S. companies to secretly conduct surveillance of Americans, in a letter to Marco Rubio, in his capacity as the President's National Security Advisor, and Acting Attorney General, Todd Blanche, sent today.
"Bilateral trust with our closest intelligence partners cannot be built on the secret subversion of American cybersecurity infrastructure," Senator Wyden wrote. "We must ensure that Canada's domestic legislation does not create a back door into the devices of American officials."
A "glaring statutory vacuum" currently exists under U.S. law, which does not explicitly prohibit American companies from secretly facilitating foreign surveillance of U.S. citizens-even if the target is the President or a senior government official, Wyden wrote.
The letter requests the administration:
Evaluate Bill C-22: Determine whether Canada's proposed spying law will permit the Canadian government to demand surveillance assistance from U.S. companies like Apple and Google targeting Americans, including the previously listed scenarios.
Leverage CLOUD Act Negotiations: Utilize the ongoing U.S.-Canada CLOUD Act agreement negotiations to establish ironclad, explicit prohibitions against these extraterritorial technical and prospective engineering mandates.
Defend U.S. Government Infrastructure: Take all necessary administrative and regulatory steps to insulate U.S. government officials and the American public from foreign surveillance demands against American firms.
Canada is not the first country to pursue dangerous powers to weaken the security of American technology. In February 2025, the press revealed the U.K. secretly demanded that Apple weaken the security of encrypted iCloud backups to facilitate surveillance demands. Then Director of National Intelligence, Tulsi Gabbard, confirmed in a letter to Congress that foreign mandates requiring U.S. firms to engineer surveillance backdoors violates privacy rights, and creates potential for cyber exploitation by hostile actors. The U.K. finally scaled back their requests to Apple, after U.S. officials raised objections.
"The U.S. government cannot allow foreign governments to coerce U.S. companies into conducting surveillance against Americans, least of all our own intelligence, military, and diplomatic personnel. We must ensure that U.S. companies cannot be secretly ordered to facilitate the surveillance of Americans," concluded Senator Wyden.
Wyden warned that without new protections, foreign governments could force American technology companies to take a host of actions that threaten Americans' safety and privacy, including:
Mandating Local Backups: Requiring that new data backups for American targets that have not enabled end-to-end encryption be stored in the foreign jurisdiction.
Disabling End-to-End Encryption for Target Backups: Forcibly disabling end-to-end encryption for specific American targets and requiring new unencrypted data be stored on the company's local servers.
Implementing a "Ghost Key": Requiring that new encrypted data backups for American targets be stored in the foreign jurisdiction but rendered accessible via a hidden, government-controlled "ghost" decryption key.
Relocating and Demanding Software Signing Keys: Requiring that the company store in the foreign jurisdiction a copy of the encryption keys used to sign software updates for the devices of American targets-keys that are ordinarily secured within the U.S.-rendering them vulnerable to foreign government seizure.
Delivering Spyware via Software Updates: Forcing trusted American firms to assist in the delivery of foreign-government spyware to American targets via compromised software updates.
The full letter is here.
###