REMINDER: the community is in read-only mode until July 2nd. This is part of our platform upgrade! Learn more in the FAQs →
Forum Discussion
Solved
1Password's stance on Canada's Lawful Access Bill C-22?
I'm sorry if these touches in a topic that bends to the political, but this is something that I don't think we as keepers of people's most important and sensitive information should be just standing ...
Hey skippingrock! We’ve seen the concerns about Canada’s Bill C-22 and appreciate the discussion. We also want to clarify how the bill relates to 1Password.
The short answer here is that based on how it’s currently written, Bill C-22 would not require 1Password to provide access to customer vault data. It is focused on subscriber information and metadata, not sensitive data such as passwords, vault contents, encryption keys, and emergency kits.
Bill C-22 also includes safeguards meant to prevent companies from being required to introduce systemic vulnerabilities or backdoors for officials to gain access to such sensitive information. Since 1Password is designed so that we cannot access your vault data in the first place, doing so would mean weakening our encryption.
We are continuing to monitor Bill C-22. If anything changes that would weaken customer privacy or security, we would challenge or appeal those requirements. Protecting your data by design is core to how 1Password works, and we won’t compromise on that.
Is this the final word from 1password? If so, I will be obligated to encourage my security department to consider the following scholarly remarks that directly contradict your assessment and put into question the ability of your team to asses state level threats.
Apple Inc. stated plainly and in no uncertain terms:
This Bill Allows the Government of Canada to Force Companies to Break Encryption by Inserting Backdoors into their Products
Professor Michael Geist noted that while sections of the bill suggest providers don't have to comply if an order creates a "systemic vulnerability," sections 12 and 13 "make compliance unconditional and provide that orders prevail over inconsistent regulations". He argued this leaves the intended safeguards existing "in name only" because they are "largely cloaked in secrecy"
Citations
- Apple Inc. Testimony of Erik Neuenschwander, Standing Committee on Public Safety and National Security (SECU), House of Commons, 26 May 2026, https://www.ourcommons.ca/Committees/en/SECU.
- "Parliamentary consultation session." Meeting 37 of the House of Commons Standing Committee on Public Safety and National Security. 2026.
- Bill C-22: An Act respecting lawful access. First Reading, March 12, 2026, Forty-fifth Parliament. https://www.parl.ca/Content/Bills/451/Government/C-22/C-22_1/C-22_1.PDF.
Good points you're mentioning here.
What I see quite annoying is, that 1Password is collecting really much meta-data, location based data and telemetry data and so on. So it really does have and record a huge amount of data.
It's like with mails - all they want/need is those meta-data. And with 1Password you will get a 'lot' of that!
