- The Federal Council recognizes the increased risks of systematic surveillance and emphasizes ongoing measures to strengthen data protection and data security.
- When revising the Büpf and the Intelligence Service Act, the Federal Council ensures that constitutional and international law safeguards and proportionality requirements are observed.
Interpellation Derder (14.3654): Digital security. Are we on the wrong track?
Written off.
Submitted text
For months, Swiss and foreign media have been bringing to light the systematic collection and monitoring of data by foreign intelligence services. The example that has caused the most public stir is the NSA activities revealed by Edward Snowden. Under these circumstances, shouldn’t Switzerland secure its digital networks more strongly and better protect the privacy of its citizens?
If the protection of privacy and personal data is indeed a priority, are the ongoing revision of the Federal Act on the Interception of Postal and Telecommunications Traffic (see 13.025, “Büpf. Amendment”) and the creation of a legal basis for the federal intelligence service (see 14.022, “Intelligence Service Act”) moving in the right direction? The answer is no.
These revisions open the door to systematic surveillance of communications, information, and digital data, and serve this data up on a silver platter to foreign powers whose hostile means and intentions have already been proven.
I would like to remind you that recently the European Court of Justice (ECJ) in its judgment (judgment of April 8, 2014 in joined cases C 293/12 and C 594/12) found the European Directive 2006/24 on data retention invalid. This directive is the legal basis for the retention of telecommunications data in the European Union and is equivalent to our Büpf. The ECJ justified its ruling by stating that the directive represents a particularly serious interference with the fundamental right to respect for private life and the fundamental right to the protection of personal data.
Statement of the Federal Council
1 The Federal Council shares the interpellant’s concern about the dangers posed to the privacy of citizens by the systematic monitoring and interception of communications by foreign services (cf. the Federal Council’s response to Interpellation Eichenberger 13.4209, “US-Swiss Safe Harbor Framework. Restoring trust in data exchange with the USA”). The risks to privacy and data security have been accentuated with the rapid progress of information and communication technology in the digital age.
With regard to the general conclusions to be drawn from this for the future of data security, the Federal Council refers in particular to the implementation work on Motion Rechsteiner Paul 13.3841, “Expert Commission on the Future of Data Processing and Data Security”, which was referred by Parliament on June 4, 2014. In the context of the national strategy to protect Switzerland against cyber risks of 27 June 2012 (cf. BBl 2013 563), the Federal Council is also taking account of the threats that may emanate from global digital networking for information and communications infrastructures. Finally, the Federal Council has instructed the FDJP to examine legislative measures to strengthen data protection in order to adapt data protection law to the changed technological and social conditions (cf. the Federal Council’s report on the evaluation of the Federal Act on Data Protection of 9 December 2011; BBl 2012 335).
2 In the context of the ongoing legislative work on the surveillance of postal and telecommunications traffic and on the intelligence service, the existing constitutional and international legal foundations for the protection of privacy (cf. Art. 13 of the Federal Constitution [SR 101], Art. 8 of the European Convention on Human Rights and Fundamental Freedoms [SR 0.101] and Art. 17 of UN Covenant II [SR 0.103.2]) must be observed. In this regard, the Federal Council refers to its statements in the dispatch of 27 February 2013 on the Federal Act on the Interception of Postal and Telecommunications Traffic (Büpf; SR 780.1; BBl 2013 2683) and in the dispatch of 19 February 2014 on the Intelligence Service Act (BBl 2014 2105).
With regard to the total revision of Büpf, it should be specified that the conditions under which telecommunications traffic data (in particular retained marginal data) may be supplied to the prosecution authorities for the prosecution of criminal offences will not change compared to the current law. In particular, this requires an order from the public prosecutor’s office based on urgent suspicion that a serious criminal offense has been committed, as well as authorization from the compulsory measures court. With regard to the judgment of the ECJ of 8 April 2014 in joined cases C‑293/12 and C‑594/12, to which reference is made in the interpellation, some clarifications should also be made: On the one hand, Directive 2006/24/EC on data retention merely contains harmonization provisions that still have to be implemented by the Member States of the European Union in national law on the interception of telecommunications; it cannot therefore be equated with the Büpf. On the other hand, the ECJ does not base its ruling on the fact that the directive represents a particularly serious encroachment on fundamental rights – which is not disputed – but on the fact that the directive does not contain any provisions capable of ensuring that the encroachment is limited to what is absolutely necessary. However, Swiss law – in particular the Code of Criminal Procedure and the Büpf (in the current version as well as in the draft revision) – now contains numerous procedural and substantive rules whose aim is to ensure proportionality.