Why do IPS officers commit to being politicians

New surveillance law - tracking at every turn in the digital space

Jump to content
  1. News
  2. Switzerland
  3. Current article
content

Author: Timo Grossenbacher and Dominik Meier

the essentials in brief

  • At the beginning of March, the revised federal law regarding the surveillance of postal and telecommunications traffic (Büpf) came into force. The referendum, on the other hand, had previously failed due to insufficient signatures.
  • Providers like Swisscom had to save certain data on communication behavior with the old Büpf.
  • Now an SRF research shows that surfing behavior itself has to be saved, i.e. who was on which website and when.

It is the eternal hot topic in the “Law on the Monitoring of Postal and Telecommunications Traffic” (Büpf): the so-called data retention. It enables law enforcement authorities to find out, even months after a crime, who was at the crime scene or which people a drug dealer spoke to on the phone.

Associated with this is the storage of so-called marginal data that arise during Internet communication - over a period of six months. In other words: who had access to the Internet at what time and where.

Now it becomes clear for the first time: It may also be necessary to save which websites a person has visited. That means: It may be necessary to record the entire surfing behavior in cellular and WLAN networks.

Recording as a side effect

The reason for this is a passage in the implementing provisions for the new BÜPF. This explicitly asks providers to retrospectively identify their mobile phone and WLAN users. However, this only works completely if their surfing movements are also recorded, as research by SRF shows.

Various providers confirmed to SRF that it would not work without saving the websites visited. Matthias Koch, CEO of Monzoon Networks, one of the largest Swiss providers of public WLANs, says: "This is the only way to clearly identify a user in the event of a criminal offense." He is not aware of any other technical solution. And: With the new BÜPF, the compulsion to identify is fundamentally more stringent - non-compliance will be made a criminal offense. "I am now personally liable if we do not comply with the law."

Koch also emphasizes, however, that the data is stored on a secure server in Germany and only released by court order - not like in other countries where the authorities could constantly overhear.

Why the surfing behavior also has to be recorded

Open the box Close the box

A concrete example: The public prosecutor wants to find out who has committed credit card fraud on a website. At first she only has the IP address of the perpetrator, which she gets from the server logs of the deceived website - the person behind it is still unknown. She goes to the responsible service ÜPF at the Federal Office of Justice. This in turn instructs the associated provider to give the IP address a face - to clearly identify the perpetrator.

Since the possible number of IP addresses on the Internet is actually still limited (IPv4 protocol), the provider uses so-called NAT translation processes in cellular and WLAN networks: Different people can have the same IP address. From the point of view of the deceived website, it is therefore not clear who exactly is behind the registered IP address. The provider must therefore also record which websites each customer has visited - over a period of six months. Otherwise he will not always be able to understand who was on the deceived website at that point in time.

Swisscom says that it depends on the information that the authorities provide about a wanted person. If these are incomplete, they can only identify if they also save the websites visited by all users. At the moment, however, it is still open for Swisscom whether there is actually a corresponding storage obligation.

The SBB, which maintains free WiFi hotspots at numerous train stations, also confirm on request: They are legally obliged to save the connection destinations of their WiFi customers. However, the group is not pursuing any self-interest, emphasizes media spokeswoman Franziska Frey.

Contradiction between desire and reality

Media spokesman Nils Güggi from the responsible service ÜPF, which is affiliated with the Federal Department of Justice and Police (FDJP), confirmed to SRF: "It may actually be necessary that the provider must save the connection destinations". Ultimately, they are legally obliged to comply with the identification.

Explosive: Actually, in the explanatory report on the implementation provisions of the BÜPF, Link opens in a new window, the providers are explicitly encouraged to refrain from storing the connection destinations. However, the formulation is merely a "wish" of the Federal Council and the ÜPF service, Güggi points out. One does not want to intervene too firmly in economic freedom. As the SRF research shows, however, important providers can apparently only poorly meet this request in practice. A contradiction?

Privacy advocate is considering going to court

The Federal Data Protection Commissioner (FDPIC) had always spoken out against the storage of surfing behavior in the consultation procedure on the law. Spokesman Francis Meier says that the FDPIC did not get through to ban them. I stick to a recommendation. But he will monitor the situation and assume that some providers will do without it in the future. "The FDPIC keeps itself open to check this within the scope of a control with certain providers and finally to have it clarified by a court."

Ultimately, it is a serious invasion of privacy: the storage of the data could amount to "content monitoring", which the law does not provide for. And: “From our point of view, it is not necessary for a provider to collect this data. This gives them the opportunity to know exactly which websites someone has surfed on. " What you don't necessarily have to collect shouldn't be collected.

"A grid search becomes possible"

For Erik Schönenberger, managing director of the digital society, which campaigns for fundamental rights on the Internet, the factual storage obligation means the expansion of Internet monitoring in a roundabout way. "The authorities can now not only see who was where when in real life, but also follow us every step of the way on the Internet." This means that new evaluations are also conceivable, for example a «raster search» of which people have visited a relevant website.

ÜPF media spokesman Güggi put it into perspective: Only the provider's security teams would have direct access to the data. At least within the framework of the applicable legal provision, the authorities could not see this data.

  1. News
  2. Switzerland
  3. Current article
Shut down

Always well informed!

Receive all news highlights directly via browser push and always stay up to date. More

Push notifications are brief messages on your screen with the most important messages - regardless of whether srf.ch is currently open or not. If you click on one of the notes, you will get to the corresponding article. You can deactivate these notifications at any time. Fewer

Activate push notifications

You have already hidden this notice about activating browser push notifications several times. Do you want to hide this notice permanently or be reminded of it again in a few weeks?

Most read articles

Scroll left Scroll right

Social login

For the registration we need additional information about yourself.

{* #socialRegistrationForm *} {* firstName *} {* lastName *} {* emailAddress *} {* displayName *} {* mobile *} {* addressCity *} {* / socialRegistrationForm *}

Welcome back

Please log in to enter a comment.

{* loginWidget *} Use a different account

Login and register


Log In

{* #signInForm *} {* signInEmailAddress *} {* currentPassword *} Forgot your password? {* / signInForm *}

Simply log in with your social media account or your Apple ID

{* loginWidget *}

Create a new password

Enter the email address of your user account. We will then send you a link that you can use to create a new password.

{* #forgotPasswordForm *} {* signInEmailAddress *} {* / forgotPasswordForm *}

Create a new password

You will shortly receive an email with a link to renew your password.

Didn't get a message?

If you have not received an e-mail after 10 minutes, please check your SPAM folder and the details of your e-mail address.

Welcome back

Please log in to enter a comment.

{* #signInForm *} {* signInEmailAddress *} {* currentPassword *} Forgot your password? {* / signInForm *} Use a different account

Technical error

Oh oops! A technical issue occured. Please try again later or contact our customer service.

Confirm mobile number

So that you can enter a comment, we ask you to confirm your mobile number. We will send you an SMS code to the mobile number.

There has been an error. Please try again or contact our customer service.

Too many codes have already been requested for the mobile number. The function is blocked to prevent misuse.

Too many attempts. Please request a new code or contact our customer service.

Change mobile number

Too many attempts. Please request a new code or contact our customer service.

This mobile number is already in use. Please change your mobile number or contact our customer service.

Change mobile number

The maximum number of codes for the specified number has been reached. No more codes can be created.

Confirm email address

We have sent you an email at the address {* emailAddressData *} Posted. Please check your e-mail inbox and confirm your account using the activation link you received.

Didn't get a message?

If you have not received an e-mail after 10 minutes, please check your SPAM folder and the details of your e-mail address.

Adjust user data

{* resendLink *}

Register and login


to register

With an SRF account, you have the option of entering comments on our website and in the SRF app.

{* #registrationForm *} {* firstName *} {* lastName *} {* emailAddress *} {* displayName *} {* mobile *} {* addressCity *} {* newPassword *} {* newPasswordConfirm *} {* / registrationForm *}

Confirm email address

We have sent you an email at the address {* emailAddressData *} Posted. Please check your e-mail inbox and confirm your account using the activation link you received.

Didn't get a message?

If you have not received an e-mail after 10 minutes, please check your SPAM folder and the details of your e-mail address.

Adjust user data

{* resendLink *}

Your activation email has been sent

Please check your e-mail inbox. The activation email has been sent.

Verified email address

Thank you for verifying your email address.

user account

In this view you can manage your user data.

{* savedProfileMessage *} {* / editProfileForm *}

Change Password

Deactivate account

User data saved successfully

You can view your data at any time in your user account.


Adjust user data

Change Password

Define a new password for your account {* emailAddressData *}.

{* #changePasswordForm *} {* currentPassword *} {* newPassword *} {* newPasswordConfirm *} {* / changePasswordForm *}

Create a new password

Define a new password for your account.

{* #changePasswordFormNoAuth *} {* newPassword *} {* newPasswordConfirm *} {* / changePasswordFormNoAuth *}

Password saved successfully

You can now log in to the article with your new password.

Create a new password

We did not recognize the code to reset the password. Please re-enter your email address so that we can send you a new link.

{* #resetPasswordForm *} {* signInEmailAddress *} {* / resetPasswordForm *}

Create a new password

You will shortly receive an email with a link to renew your password.

Didn't get a message?

If you have not received an e-mail after 10 minutes, please check your SPAM folder and the details of your e-mail address.

Deactivate account

Your account will be deactivated and you will not be able to reactivate it. Recorded comments are not deleted.

Do you really want to deactivate your account?

{* deactivateAccountForm *} {* / deactivateAccountForm *}

Account deactivated

Your account has been deactivated and can no longer be used.
If you would like to register again for the comment function, please contact SRF customer service.

  • Comment from Urs Loeliger (Urs Loeliger)
    The Büpf cannot change that either:
    Careful people and companies protect themselves from mass surveillance through encryption. The Büpf cannot change that either. There are "end to end" encrypted applications for surfing such as the "Tor" browser, encrypted e-mails and the Swiss IP phone apps such as OpusTel with telephone numbers on the cell phone with modern encryption. In this case, the human rights to privacy can be technically enforced.
    Agree agree to the comment
  • Comment from Beat Reuteler (br)
    Keyword "on a secure server". We all, with the exception of a few ignoramuses, know that there is no such thing as a secure server.
    Agree agree to the comment
  • Comment from martin blättler (bruggegumper)
    It's like with insurance: Nobody reads the fine print as carefully as the fraudster,
    who then benefits from the service, the normal is sure to fall into a cover
    Here, too, those who have something to hide protect themselves most thoroughly - everyone else
    are under general suspicion, but the most honest, as naive, come first.
    Agree agree to the comment

Footer


Metanavigation