Privacy Giants Draw a Line: NordVPN, Signal, and Windscribe Threaten to Exit Canada Over Surveillance Bill

Canada’s proposed lawful access legislation is triggering a mass pushback from some of the world’s most trusted privacy-focused tech companies and this time; the warnings are coming with ultimatums.

NordVPN became the latest company to speak out on Friday, announcing it is actively reviewing Bill C-22 and would not hesitate to pack up its Canadian operations if the legislation forces it to weaken its privacy infrastructure.

“There isn’t a scenario in which we would compromise our no-logs architecture or encryption protections,” the company stated bluntly on X, formerly Twitter. “To prevent this, we will consider all viable options, including limiting or, if necessary, removing our presence from Canadian jurisdiction.”

A NordVPN spokesperson confirmed the company is closely tracking the bill’s progress through a parliamentary committee, adding that legislation should never be used as a tool to undermine the very protections users rely on.

NordVPN’s stance echoes a similar warning earlier this week from Signal, the encrypted messaging platform widely used by journalists, activists, lawyers and, as it turns out, Canadian parliamentarians themselves. Conservative MP Jacob Mantle didn’t mince words about the stakes, noting on X that every member of Parliament relies on Signal precisely because they trust it to be secure.

“No one wants Gary reading their messages,” Mantle quipped, referencing Public Safety Minister Gary Anandasangaree.

Canadian VPN company Windscribe was even more pointed in its frustration. Headquartered on Canadian soil unlike Signal, which could simply shut off its Canadian servers Windscribe said it would relocate its entire operation if the bill passes.

“We pay an ungodly amount of taxes to this corrupt government, and in return they want to destroy the entire essence of our service to basically spy on its own citizens,” the company wrote. “Not happening. We’ll move HQ and take our taxes elsewhere.”

The government is pushing back hard on what it describes as a fundamental misreading of the bill. A spokesperson for Minister Anandasangaree said the government wants to “reassure Signal and all service providers” that it is not legislating to enable mass surveillance, calling assertions to the contrary “false.”

Simon Lafortune, the spokesperson, went further, saying the government “categorically rejects” claims that the bill would allow surveillance through everyday devices like smart TVs, home cameras, or connected cars, or require companies to build so-called backdoors. Under the proposed framework, he emphasized, law enforcement would still be required to obtain legal authorization such as a court-issued warrant before accessing any data.

So what does Bill C-22 actually say? Under its provisions, telecom providers like Bell and Rogers could be compelled to confirm whether they provide service to a specific individual or number a measure the government says would accelerate investigations. The bill would also require electronic service providers to develop and maintain technical capabilities enabling police and the Canadian Security Intelligence Service to access communications during investigations.

Large telecoms and satellite providers would face mandatory baseline requirements. Beyond that, the public safety minister could issue orders compelling any provider large or small to develop specific surveillance capabilities, with a secrecy clause preventing companies from even disclosing that such an order exists.

The bill would also permit regulations requiring providers to retain metadata digital footprints of communications, not the content itself for up to a year.

The opposition isn’t limited to VPN providers. Apple and Meta have both warned the bill could force companies to break encryption by inserting government-accessible backdoors something Apple flatly stated it “will never do.”

The controversy has even crossed the border. Last week, senior U.S. Congressional leaders from the judiciary and foreign affairs committees sent a joint letter to Minister Anandasangaree warning that the bill would “drastically expand Canada’s surveillance and data access powers” in ways that pose cross-border risks to American citizens. They argued it could allow Canadian officials to compel American companies to build systemic vulnerabilities into their encrypted systems vulnerabilities that could then be exploited by hackers and foreign adversaries.

Ottawa dismissed the letter as a misunderstanding of how the legislation would function.

Civil liberties organizations and law professors have also raised alarms, arguing the bill opens the door to serious Charter violations. The government, for its part, insists the legislation will give law enforcement modern tools to combat crime while remaining fully compliant with the Charter of Rights and Freedoms.

The bill remains before a parliamentary committee, and the standoff between Ottawa and the privacy industry is only intensifying.