Canada's Bill C-22 is being presented as a modernisation of law enforcement tools. But beneath the legislative language lies an infrastructure architecture with implications that extend far beyond Canada's borders.

In this episode, Darnley breaks down what the bill actually does, what it enables beyond its stated scope, how it connects to the broader Five Eyes intelligence agenda, and what ordinary Canadians, and citizens of all allied nations, can do to protect their privacy.

Topics Covered

• Bill C-22 — The three pillars: metadata retention, warrantless confirmation demands, and compelled surveillance capabilities.
• Beyond the bill — How surveillance infrastructure expands beyond its stated purpose.
• The backdoor risk — Why compelled capabilities create vulnerabilities for everyone, including criminals and foreign states.
• The data broker loophole — How governments buy your data without warrants.
• Five Eyes — The multilateral coordination behind C-22 and similar legislation globally.
• Apple vs. Google — The architectural and corporate divide in resisting government access.
• The privacy defence stack — VPNs, E2E encryption, offshore hosting, encrypted DNS, and hardened devices.

Key Legislation & Events Referenced

• Canada Bill C-22 (Lawful Access, 2026)
• UK Government secret order to Apple for encryption backdoor (2025)
• India government tracking app mandate (2025)
• France 'ghost user' proposal (struck from final legislation)
• Snowden revelations on Five Eyes supra-national surveillance
• 2010 Chinese hack of Google/Microsoft government warrant compliance systems

Click here to send future episode recommendation

Support the show

Subscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

Small businesses now account for over 70% of all data breaches, and if you think you're too small to be a target, attackers are counting on that.

In this episode of Darnley's Cyber Café, cybersecurity veteran Darnley breaks down the three threats hitting small businesses and entrepreneurs hardest right now: AI-powered phishing attacks sophisticated enough, double-extortion ransomware that steals your data before locking you out, and credential theft that exploits the password habits your team probably still has.

With over a decade of real-world incident response and security assessment experience, Darnley cuts through the noise and tells you exactly what you need to do, without the jargon, and without the six-figure budget.

If you run a business and you're not thinking about cybersecurity, this episode is your wake-up call.

Click here to send future episode recommendation

Support the show

Subscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

In this episode of Darnley's Cyber Café, Darnley cuts through the politics and exposes what EU digital sovereignty actually looks like beneath the surface...and it's not what policymakers are telling you.

Drawing from years of hands-on security assessments, incident response, and working directly with compromised organizations globally. Darnley breaks down why moving your data to European servers is a compliance exercise, not a security strategy, and why the firmware, chips, CVEs, and bug bounty programmes keeping your "sovereign" infrastructure alive are overwhelmingly American.

If you're a business owner, IT professional, or anyone following EU tech policy, this episode will change how you think about digital independence, data residency, and what genuine cybersecurity sovereignty would actually require. The cookie banners are real. The independence underneath them is not. Listen now.

Click here to send future episode recommendation

Support the show

Subscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.