Interpellation Frick (02.3739): Internet traffic. Police State Surveillance?
Done (10.03.2003)
Submitted text
The Federal Council Ordinance on the Surveillance of Postal and Telecommunications Traffic (VÜPF; SR 780.11) stipulates that all providers (Internet service providers) must guarantee the retroactive surveillance of all customers at all times. They must always be able to provide information about all of their customers’ e‑mail traffic retroactively to six months. The information includes the time and date of sending or receiving all e‑mails, the envelope information, etc., (but without the content of the individual e‑mails and their attachments; Art. 24 let. h in conjunction with Art. 2 let. d VÜPF).
The effect is the same as if the postal service had to provide information on all letters and parcels received and sent by all citizens at any time retroactively for six months, or if telephone providers had to list all telephone calls made retroactively for six months.
This leads to the following consequences, among others:
- The e‑mail traffic of all citizens is registered completely and for a long time.
- Providers will be required to make extraordinarily expensive investments and operating costs, which will drive smaller ones out of the market in particular.
- The crime-fighting objective that is probably being pursued will simply come to nothing, because it will be very easy to switch to foreign providers that are not subject to such a recording obligation.
I would ask the Federal Council to answer the following questions:
1) In its opinion and that of the FDJP experts, is the legal basis of the Federal Act on the Surveillance of Postal and Telecommunications Traffic sufficient for such a massive intrusion into the privacy of all citizens without there being any grounds for suspicion of any kind? Is the Federal Council also prepared to consult external data protection experts on the viability of the legal basis?
2. what objective necessity does it believe justifies ordering such a massive intervention in general? Does it share the view that data recording can be circumvented by a simple detour via foreign providers?
3. why does it not issue analogous regulations for postal and telephone traffic?
4. how do the provisions of the VÜPF relate to the federal data protection provisions? Has the federal data protection commissioner been consulted about this provision, and what was his opinion?
5. what is its position on the fact that the above-mentioned provisions are forcing smaller providers out of the market because they are being forced to make disproportionately high investments and incur disproportionately high operating costs, from which the financially strong and market-strong providers in particular are profiting as a result?
6. have the other States, in particular those of the European Union, adopted equivalent rules?
Chronology
Statement of the Federal Council
The regulation according to which providers must retain the so-called marginal data for six months was already in force before the entry into force of the Federal Act on the Surveillance of Postal and Telecommunications Traffic (BÜPF; SR 780.1) and had its legal basis in the Telecommunications Act). When the BÜPF came into force, it was incorporated into its Article 15 paragraph 3 and not into the associated ordinance (Ordinance on the Interception of Postal and Telecommunications Traffic, VÜPF; SR 780.11).
The provision must be seen in the context of Article 45 of the Telecommunications Act (TCA; SR 784.10) and Article 60 of the Ordinance on Telecommunications Services (OTS; SR 784.101.1). The two provisions allow providers to store their customers’ data for as long as is necessary to receive the payment owed for the service provided. In addition, based on the same provision, providers are obliged to store their customers’ data for as long as there is a possibility of disputing the invoice for the service provided (Art. 60 para. 2 FDV).
1. the formal legal basis (Art. 15 para. 3 BÜPF on the one hand and Art. 45 TCA on the other) adopted by Parliament is sufficient for the obligation of providers to store the data in question for a clearly defined period of six months. The Federal Data Protection Commissioner was consulted during the legislative process and had no objections to the creation of the legal basis.
2. on the one hand, the necessity arises from the fact that providers must prove that the disputed amounts were rightly charged in those cases in which invoices for their services are disputed. On the other hand, the obligation to store data for a certain period of time is of central importance for law enforcement authorities. However, this data will only be handed over to the aforementioned authorities if a request is submitted by the competent cantonal or federal authorities and approved by the licensing authorities. The prerequisite for this is, in particular, a concrete suspicion of a crime in the case of certain offenses mentioned in the catalog of the BÜPF.
Circumvention of Swiss legislation is possible, as in countless other areas of the legal system. In the present case, the possibility of circumvention must be put into perspective insofar as the foreign authorities can be asked for assistance with requests for legal assistance.
The aforementioned provision also applies to telephone traffic (Art. 15 para. 3 BÜPF), and analogous provisions exist for postal traffic (cf. Art. 12 para. 2 BÜPF).
4 The Federal Data Protection Commissioner was consulted on the draft regulations for both the BÜPF and the VÜPF. He did not explicitly comment on the question of storing certain data for a certain period of time.
5 The providers already store the data or parts thereof for their own business interests (cf. above, item 2). The aforementioned provision of the BÜPF, according to which the marginal data must be stored for six months, does not lead to disproportionately high additional investment and operating costs.
6 The European countries have enacted or are in the process of enacting comparable regulations in the areas of surveillance of postal and telecommunications traffic. The implementation of these regulations is not uniform. To the extent that European standards already exist (so-called ETSI standards), the Federal Council or the Federal Department of the Environment, Transport, Energy and Communications, which is responsible for issuing the implementing regulations, has taken these standards as a basis. In those areas where there are no decisions adopted by the European Union or standards issued by ETSI, the drafts for the future ETSI standards form the basis for the regulations.