Canada to let telecoms hand over your personal data to cops without warrant

On June 3, 2025, the House of Commons of Canada introduced Bill C-2.

Bill C-2 is described as "An Act respecting certain measures relating to the security of the border between Canada and the United States and respecting other related security measures."

This new federal bill is intended to address border-related issues and proposes significant amendments to certain statutes, including the Criminal Code. The government justified the changes by claiming they will help protect children, battle organized crime and combat fentanyl.

However, the bill sparked concern over potential impacts on Canadians' digital privacy due to warrantless data access. One of the areas of concern is the new definitions Bill C-2 introduces. In Part 14, the bill amends the Criminal Code with "subscriber information" and "information demand" definitions, which are as follows:

• Bill C-2 Part 14 (I): "facilitate access to basic information that will assist in the investigation of federal offences through an information demand or a judicial production order to persons who provide services to the public."
• Bill C-2 Part 14 (iii): "specify certain circumstances in which peace officers and public officers may obtain evidence, including subscriber information, in exigent circumstances."

An information demand allows law enforcement to seek subscriber information from a service provider without a warrant. Also of concern is that the bill prohibits service providers from disclosing information demands for a year, and offers legal immunity for providers who voluntarily offer the information without requiring an information demand request.

The Supreme Court has previously defined subscriber information as "the name, address, and telephone number" of a customer associated with a particular IP address.

However, Bill C-2 is more expansive and can include your contact information, as well as account numbers and "information relating to the services provided to the client," which includes type of services, timeline of services and information that identifies specific devices or equipment.

How can this affect you?

Bill C-2 permits an officer with reasonable suspicion that an offence has been or will be committed to demand preliminary information from a service provider. This could then be used to obtain information from other service providers who might have data about the suspect.

This could include when the service began, when it ended, and other communications services used by the suspect, like Gmail or WhatsApp. Receiving information from these apps would require a warrant; however, this could supply officers with knowledge on where to look for certain information. It could enable access to information about who you were speaking with as well.

Another worrying part of Bill C-2 is this: "allow a justice or judge to authorize a peace officer or public officer to make a request to a foreign entity that provides telecommunications services to the public to produce transmission data or subscriber information that is in its possession or control."

In theory, this means that an officer can receive information such as metadata, including the time and date of information used to identify users. A 'foreign entity' also allows officers to get this information beyond Canada's borders and receive information from international telcos.

Bill C-2 is supposed to be used by an officer with "reasonable suspicion" of a crime that will be or has been committed. However, 'reasonable suspicion' isn't descriptive, has a low threshold, and can be easily circumvented.

Potential scenario

To understand why Bill C-2 is causing alarm, University of Ottawa law professor Michael Geist gives an example in his blog post about the bill.

Imagine if you attended a protest. While there, law enforcement could use an IMSI catcher (a surveillance device that can interpret and analyze communications between a mobile phone and network), which could be used to gain phone identifiers from the attendees and confirm the cellular services they use.

If authorities deem the protest unlawful, they could demand information from the carrier to identify the people at the protest via phone identifiers gathered by the IMSI catcher, and can get names, phone numbers, addresses, e-mail addresses, see what apps they were using and who they were speaking with, all without a warrant. This could even be used to identify if you were at an event in a different country.