Senator Ron Wyden (D-OR) has sent a letter to acting Attorney General Todd Blanche and Secretary of State Marco Rubio, who is also serving as acting national security adviser, warning that Canada’s proposed Lawful Access Act poses a direct threat to US national security and citizen privacy.

In the letter, dated Thursday, Wyden says the bill “threatens to weaponize American technology infrastructure by enabling the Canadian government to force U.S. companies to secretly facilitate surveillance of Americans, while systematically undermining the security of their products.”

The legislation, which has already passed Canada’s House of Commons and now awaits Senate approval, would impose several sweeping requirements on electronic service providers, including:

  • Mandatory retention of user metadata, such as location history, for up to one year
  • Authority for the Canadian government to compel providers to build backdoors or install tracking capabilities
  • Requirements that providers re-engineer their systems to more easily share data with law enforcement holding a warrant

Wyden is asking US officials to formally assess whether the law could be used to pressure companies like Apple and Google into handing over data on American users without their knowledge.

The senator’s letter highlights what he calls a statutory gap in US law: nothing explicitly bars American companies from secretly enabling foreign governments to surveil US citizens, even senior officials. “This is not a dilemma of U.S. companies being caught between conflicting international legal obligations; it is a glaring statutory vacuum,” the letter states.

Wyden is recommending that negotiators use the ongoing US-Canada CLOUD Act agreement talks to insert explicit prohibitions against these kinds of extraterritorial engineering mandates.

The situation echoes a February 2025 controversy in which it emerged that the United Kingdom had secretly pressured Apple to weaken encryption on iCloud backups for surveillance purposes. That disclosure triggered significant backlash, and British authorities dropped the demand roughly six months later. At the time, former Director of National Intelligence Tulsi Gabbard told Congress that foreign backdoor mandates on US companies violate citizen privacy and introduce serious cybersecurity risks.

The Citizen Lab, a Toronto-based digital rights research group, has separately argued that portions of Canada’s proposed law are likely unconstitutional under Canadian law.

The letter underscores growing friction between the US and its allies over encryption backdoors and cross-border data access, an issue security professionals will want to watch as the CLOUD Act negotiations continue.