Lawful access

Lawful access refers to the ability of law enforcement agencies or the Canadian Security Intelligence Service (CSIS) to legally obtain certain information or intercept communications. It's used to investigate crimes and threats, such as:

• drug trafficking
• money laundering
• extortion
• smuggling
• child sexual exploitation, and
• murder
• terrorism
• espionage, and
• foreign interference

Lawful access includes two things:

1. The legal authorities to obtain information and data, such as warrants, or productions orders.These authorities are set out in federal statutes, including the Criminal Code and the CSIS Act.
2. That Electronic Service Providers (ESPs) establish and maintain the technical capabilities to provide law enforcement and CSIS with the information they are legally authorized to obtain under these authorities. There is currently no regulatory framework in Canada to facilitate or standardize these technical capabilities. This is discussed below under the heading "Lawful access in Canada".

There are strict rules for requesting information about an individual in the course of an investigation, out of respect for privacy and Charter rights.

Understanding lawful access

Law enforcement and CSIS use many investigative tools, including lawful access. Lawful access is when communications are legally (e.g., with warrant or production order) intercepted or information is seized or when data is obtained from electronic service providers, like telecommunications companies. Just as law enforcement will get a warrant to search a house for drugs, they also need legal authorization to look for information that ESPs should have access to, e.g., meta data of a suspected drug dealer.

In Canada, lawful access is notably used, among others, by:

• federal law enforcement and intelligence agencies, including the Royal Canadian Mounted Police (RCMP) and CSIS
• provincial and municipal police forces
• the Competition Bureau

Communications and information may be legally obtained from:

• Wired technologies, such as landline telephones
• Wireless technologies, such as smartphones and satellite communications
• Internet technology, such as e-mail and web-based services

Lawful access can only be used when authorized by the law, usually though a warrant, a production order, or a wiretap authorization issued by a judge, which is granted under specific circumstances. A warrant authorizes law enforcement to do something, while a production order orders someone, like a Canadian telecommunications company, to provide information or data in their possession. A wiretap authorization is a very specific type of warrant that allows law enforcement and CSIS to intercept private communications exchanged in real-time.

A warrant, an authorization to intercept private communications, or a production order will only be granted if a judge is satisfied that specific legal requirements are met.

To obtain a warrant or production order to access communications stored on a device, for example such as an email or text messages, law enforcement and CSIS must provide the court with reasonable grounds to believe that an offence has been or will be committed and that the information will afford evidence of that offence. To obtain a warrant or production order for narrow information like IP addresses or a call log, law enforcement and CSIS must provide the court with reasonable grounds to suspect that an offence has been or will be committed and that the information will assist in the investigation of the offence.

Key components of a warrant or production order include:

• the facts supporting law enforcement to believe a crime has been or will be committed
• the person reasonably believed to be in the possession or control of the information sought
• where known, the specific places or devices where evidence related to the crime exists
• clearly defined limits on what can be searched, or seized (i.e., IP addresses, the content and/or types of communications that took place, with whom and for how long, etc.)
• terms and conditions imposed by the judge to ensure that the rights of the persons affected by the warrant or production order are taken into account
• a specific duration or time limit where the continuous collection of IP addresses, phone numbers or the tracking of a person is permitted

For example, intelligence indicates that members of an organized crime group are directing an individual to commit criminal acts, such as extortion and drug trafficking, through messages on cellphones. In this scenario, law enforcement could apply for a production order to order a Canadian telecommunications company to provide the messages exchanged on one of the individuals' cellphones as the evidence suggests this to be the method of communication used to plan or carry out the crimes.

Your privacy

Current provisions for lawful access in Canada respect privacy laws and the Canadian Charter of Rights and Freedoms.

Without legal authority, law enforcement and CSIS cannot intercept communications or request information and data. Lawful access does not allow law enforcement and intelligence investigators to monitor just anyone’s Internet use, e-mail content or social media activity. It also does not require companies to store all of their customers’ communications.

The Government of Canada will continue to respect the rights and freedoms of people living in Canada with any update to lawful access tools, including legislation.

Lawful access in Canada

We live in a complex digital environment with many ways to communicate. New technology and other digital tools make communication faster and more accessible but they are also often misused for illicit purposes. A wide variety criminals, extremists and other bad actors take advantage of this digital environment. They use online platforms for criminal activities like online fraud, selling illicit products and money laundering. It's also a place where threats to Canada can be planned, coordinated and financed, such as terrorist attacks or foreign interference activities.

Law enforcement and CSIS have had to work for decades with outdated laws that do not require ESPs to have the technical capability to respond to lawful access requests made by authorities. This means, even when investigators have a warrant or production order to obtain communications, the ESP may not have the ability to provide the communication or information.

This results in lost time, missing information, or investigations being abandoned.

Canada is the only country amongst its Five Eyes partners, the G7, and across the European Union without legislation requiring ESPs to develop and maintain lawful access capabilities. Our coverage is limited and there are growing blind spots in interception and location tracking, with inconsistent capabilities among ESPs. This negatively impacts all Canadian law enforcement and CSIS to investigate domestically and collaborate on international investigations, such as transnational organized crime activities or terrorist plots.

In many investigations, law enforcement or CSIS are not able to take action that people in Canada would expect them to, such as tracking a phone or intercepting a call. As Canada struggles to obtain basic capabilities and other countries are advancing their investigative tools for emerging technology, Canada risks becoming an 'intercept haven' for threat actors.

In March 2026, the Government of Canada introduced an act that will keep Canadians safe (Bill C-22). This Bill proposes to modernize lawful access to give law enforcement and CSIS the modern tools people in Canada expect them to have to keep communities safe.