Interpellation Mathys (02.3599): Surveillance of postal and telecommunications traffic
Submitted text
I would ask the Federal Council to answer the following questions:
1. does it agree that the Ordinance of 31 October 2001 on the Surveillance of Postal and Telecommunications Traffic (VÜPF) encourages the undermining of data protection?
2. is it also of the opinion that it must oblige the Internet providers to store the connection data registered in accordance with the VÜPF on network-independent data carriers?
3. is he also of the opinion that this connection data must not be stored in bulk, but must be stored individually for each Internet access on a different network-independent data carrier?
Justification
With the VÜPF, the Confederation also defines the various types of monitoring. The “retrospective surveillance” defined in Article 2 letter d mandates the providers of postal and telecommunications services to register and retain data for six months. Under Article 24, these data for Internet providers are described in more detail. Thus, the service for monitoring postal and telecommunications traffic can request providers to disclose all connection data for the past six months. It can be assumed that Internet providers store this data electronically. It can also be assumed that this data is not stored on network-independent data carriers. At the very least, however, neither the law nor the ordinance stipulate storage on a network-independent data carrier.
In connection with the repeatedly lamented security gaps on the Internet, the question arises in this context as to whether data protection is still guaranteed as a result. Although Article 9 regulates data security for the monitoring service itself and for the transmission of monitoring data to the service, it does not regulate data security for registration and storage by Internet providers. Thus, it seems possible and likely that unauthorized persons could “hack” their way into the corresponding connection data.
These unauthorized persons do not necessarily have to be young people who commit illegal acts in search of excitement and confirmation. They can also be hackers in the services of companies, intelligence agencies or other organizations that have or can develop a natural interest in such connection data and want to derive a profile of private and business transactions from the data obtained in this way. Not only can targets for further attacks be preselected from data obtained in this way, but entire relationship networks of a private or business nature can also be reconstructed. The data stores of providers must appear particularly attractive for such attacks because the data is stored there in concentrated form.
Statement of the Federal Council
The Telecommunications Act (TCA; SR 784.10) permits the processing and storage of certain data from telecommunications traffic. Article 60 of the Telecommunications Service Ordinance (TSO; SR 784.101.1) regulates which data may be processed and under which conditions. In particular, this is data which is required for the establishment of the connection, for the provision of information in accordance with the Federal Act on the Surveillance of Postal and Telecommunications Traffic (BÜPF; SR 780.1) and for the receipt of the fee for the services of the TSP. In addition, certain rights of customers to information are provided for vis-à-vis the TSPs, and they can demand that the TSPs provide information on the name and address of the calling line in the event of abusively established connections.
Accordingly, the TCA already obliges the TSP to record and store the so-called traffic and billing data of all subscribers. The BÜPF and the associated ordinance (VÜPF; SR 780.11) only stipulate that this data and data specified in more detail in the aforementioned law must be released to designated authorities upon request in certain cases (criminal proceedings).
Incidentally, the TSPs also need these data for the purposes mentioned in Article 60 FDV.
1 The UTPA does not encourage the undermining of data protection for the reasons stated above. Based on Article 43 TCA, the TSPs are obliged to keep the data in question confidential and may only release precisely specified data if the requirements of the TCA or the BÜPF and the VÜPF are met.
2 An obligation on the part of Internet providers to store only the connection data required for providing information to the authorities in criminal proceedings on network-independent data carriers makes no sense. As explained above, the TSPs basically store the data in question of all customers for their own purposes; it is not necessarily certain at the time of storage whether they still have to be used for providing information to the authorities in criminal proceedings. An obligation to store the connection data on network-independent carriers is not feasible from the outset for the simple reason that at the time the data is stored, it is still completely open as to which subscriber may have to be provided with information in the future. This leads to a disproportionate effort and also does not guarantee absolute security against unauthorized access. On the contrary, the more data is recorded or stored, the more likely it is that data security will be compromised, regardless of the storage medium.
The legislator only requires the TSP to ensure data security (Art. 43 et seq. TCA and Art. 64 FDV). The technical, administrative and organizational measures to be taken are left to the TSPs. Such a regulation makes sense because it allows the individual TSPs to select the means which are appropriate for their operation.
The solution proposed by the interpellant of a rule on how to ensure safety carries the risk of a solution not adapted to each individual case.