In June 2016, Swiss civil society activists are redoubling their efforts to collect signatures in support of a referendum vote on the revision of a surveillance law best known under the German acronym BÜPF, “federal law concerning surveillance of postal communications and telecommunications”. This revision would legalise surveillance by means of IMSI catchers (fake relay antennas for mobile phone) and govware trojans (spyware used by the government). It would require even private persons and associations to be subject to internet wiretapping on their premises, mailservers, etc.
Unlike the situation in many other countries where public referendums are rare, in the Swiss system they are a normal part of the legislative process: The role of the Parliament is to debate possible amendments to legislative proposals, and to decide what is the specific text of a possible new law or change to an existing law. However, whether this output of the parliamentary process actually becomes law, is often decided directly by the people in a referendum vote. 50 000 signatures from Swiss citizens of voting age are required for making the referendum happen. In a small country like Switzerland, with a correspondingly small number of privacy activists, that is a significant hurdle.
The Swiss parliament is also proposing another related law, which contains noteworthy provisions on digital surveillance: The intelligence service law, “Nachrichtendienstgesetz” (NDG). This would give the Swiss intelligence service many additional powers, allowing it to use trojans, as well as introducing a form of internet mass surveillance in which internet communications are scanned for keywords. The NDG went through the Parliament faster than the revision of BÜPF, and consequently the hundred-day period for collecting referendum signatures was a few months earlier. In that case, the efforts of collecting signatures for the referendum was successful, and consequently there is going to be a referendum vote on the intelligence service law. The vote has been announced to take place on 25 September 2016.
In the case of the NDG, a very large part of the referendum signatures was collected by political groups which are also opposed to the revision of the BÜPF. However, these groups have not given this proposal the same degree of priority and they therefore aren’t putting major efforts on collecting signatures for the BÜPF referendum.
Even if the referendums on BÜPF and NDG take place, and citizens say “no” to these two surveillance laws, one aspect of Swiss surveillance legislation remains that threatens people’s privacy: data retention. Telecom providers must retain communications metadata for six months. This is already defined in the current BÜPF. Digitale Gesellschaft Switzerland, a civil rights organisation working on digital rights issues, has initiated legal proceedings to challenge the Swiss practice of data retention on grounds of fundamental rights. The case is currently “pending ready for a decision” at the Swiss Federal Court of Administration. Given the fact that Switzerland does not have a constitutional court, it is likely that the matter will be taken to the European Court of Human Rights.
BÜPF: What would change under the revised law, what is unchanged
Video: A Swiss perspective on the surveillance craze
EDRi: Swiss data retention visualisation (07.05.2014)
EDRi: Citizens demonstrate against data retention in Switzerland (04.06.2014)
EDRi: Data retention in Kosovo and Switzerland – legalising illegal laws (28.01.2015)
(Contribution by Norbert Bollow, EDRi observer, Switzerland)