State of Netpolitics
in Switzerland

February 6th 2018– Patrick Stählin @thepacki

Digital society (Digitale Gesellschaft)

NGO that informs and advises on consumer and legal issues in the digital space. Assessing technological consequences with regard to possible effects on fundamental and human rights. Offers services, software-projects and courses for digital self-defense.

For civil liberties in the digital world.

~20 organisations and political parties, ~300 individual members

Overview

  • Lawful interception (PTS)
  • Intelligence Service Act (NDG)
  • Other laws affecting the internet

Lawful interception (PTS)

How is works

  • Need for reasonable suspicion
  • Prosecutor can request surveillance
  • Compulsory measures courts orders it
  • Post and Telecommunications Surveillance Service (DÜPF) orchestrates it
  • Telecommunications companies deliver
  • But not for all measures, Phone-number and IP-Lookup are possible without a court order

Who needs to be compliant?

  • Electronic postal services (e.g. Email)
  • Telecommunication provider (e.g. telephone-, internet- and VoIP-providers)
  • New: «Provider of derived communication services», who «enable one- or multi-way communication»
  • New: People who provide third-parties with access to their internet

«Provider of derived communication services»

  • Same duties as access providers if:
    • get more than 10 surveillance requests per year
    • annual sales of CHF 100 millions with at least 5'000 users
  • Same duties means active surveillance and data retention

Others: obligation to tolerate

  • Surveillance measures have to be tolerated
  • includes providing access «to buildings, devices, transmission lines, systems, networks and services»

Data retention

  • Metadata of every call, SMS, Antenna-switch, E-mail, IP-connection, IP-change has to be logged
  • Since January 2002
  • Stored for six months

Data retention: Nothing to hide?

Data retention: Striking back

  • Complaint to Post and Telecommunications Surveillance Service
  • Complaint raised in 2014
  • Now at federal administrative court
  • After that: European Court of Human Rights (ECHR)

State Trojans: Mission impossible?

  • Infection through
    • Security holes
      • From the black market?
      • Research and leave it open?
    • Breaking into rooms (how to apply?)
    • Using third-parties?
      • Infection Proxy, Update-Server, SBB-App, Tax-Software, ...

Intelligence Service Act (NDG)

Intelligence Service Act (NDG)

  • In effect since September 1st 2017
  • Various provisions including
    • Everything from Lawful interception (PTS Act)
    • Mass surveillance using taps on internet-cables (Kabelaufklärung)
    • Attacks on computers and networks in foreign countries

Mass surveillance

  • Based on Satellite and Radio-Communications surveillance (started secretly in 2000)
  • Found to be in violation against Human Rights in 2003 and 2004 (GPDel)
  • Wordlist based approach per dossier
  • Each list needs to be re-approved periodically but can stay active indefinitely
  • Communications that enter or exit Switzerland are fair game
  • Relies on telecommunication providers

Mass surveillance: retention

  • 5 (five!) years for metadata
  • 1.5 years for content

Request to the intelligence service (NDB) on 31.8.2017

  • We object to mass surveillance, cease what you're doing (PDF)
  • Additionally cease the existing radio and satellite surveillance program

Answer from the intelligence service

«We can't comply with your request to the intelligence service (NDB) to cease all activities in the field of cable- and radio-surveillance, as we are simply an administrative agency. […] The implementations of this Act, approved by parliament and the people of Switzerland does obviously not violate any fundamental rights, guaranteed by the constitution and the European Human Rights Convention

Now at the federal administrative court

  • Either we get a decision or the intelligence service has to alter their response

Laws affecting the internet

«Gates without wall» – Foto: Sergei Gutnikov , CC BY-SA 3.0

A lot of them

  • Gambling Act (BGS)
  • Copyright Act (URG)
  • Telecommunications Act (FMG)

Gambling Act

  • Online gambling allowed for the first time! If based in Switzerland...
  • Internet blockage of foreign online-casinos

Copyright Act

  • Right to copy remains, downloads here to stay
  • Take- & Stay-Down-Rule for content provider
  • Use of retention data to sue copyright infringers
  • Despite «Adapting to the age of the internet» there are no changes such as Right2Remix or a Fair-Use-Clause

Telecommunications Act

  • Internet blockade to suppress illegal pornography Art. 197 Abs. 4 und 5 StGB
  • Regulation of the last mile on fiber
  • No Net-neutrality, the «Codex of providers» has been adopted, meaning transparency only

Thank you!

Website: www.digitale-gesellschaft.ch

Facebook: DigitaleGesellschaftSchweiz

Twitter: @digiges_ch

Twitter: @thepacki

Netzpolitik-Newsletter: digiges.ch/newsletter

Digitale Gesellschaft
4000 Basel
Schweiz


Konto CH15 0900 0000 6117 7451 1

CC by SA 4.0