Motion Barthassat (10.4134): Telecommunications services. More security thanks to better mastery of the technology
Rejected (13.12.2012)
Submitted text
The Federal Council is instructed to prepare a draft decree to oblige the nationally active telecommunications service providers to offer systems that enable the visualization of data transmitted in particular via the Internet for each new protocol even before it goes into operation.
Justification
The fight against crime in Switzerland requires that the technical aspects be mastered, especially in the case of telephone surveillance.
The proposed measure is intended to facilitate the work of investigators and thus the analysis of the data flow transmitted by telecommunications service providers. The latter are to be obliged to provide technical support to the law enforcement authorities. Licensed companies may well be required to contribute a technical solution when a new communications system is put into operation in order to be able to monitor data transmitted using their systems in a cost-effective manner. The providers, who realize considerable profits from the licenses, have a duty to promote mastery of the technology they use and make available to citizens.
This solution would serve all law enforcement agencies and at the same time increase the security of citizens. Nowhere are the costs of police telephone surveillance as high as in Switzerland. It is also possible, albeit very complicated and expensive, to monitor telephone calls transmitted over the Internet (e.g., in systems that allow chatting). The costs involved mean that many investigating judges and public prosecutors refrain from such surveillance as part of their investigations, making it more difficult or dooming it to failure.
Statement of the Federal Council
The mover of the motion demands that telecommunications service providers (TSPs) must already provide visualization systems for the data to be transmitted when new telecommunications services are introduced. Among other things, this is intended to reduce monitoring costs.
For the types of surveillance regulated in the Ordinance of 31 October 2001 on the Surveillance of Postal and Telecommunications Traffic (VÜPF, SR 780.11), the TSPs have the obligation to implement the technical guidelines laid down by the Postal and Telecommunications Traffic Surveillance Service (ÜPF) and to deliver telecommunications data accordingly as a copy to the ÜPF service. For surveillance measures ordered and approved by the competent compulsory measures court concerning new telecommunications services not yet specifically regulated, the ÜPF service determines the technical implementation in the individual case (so-called special surveillance measure). In practice, it uses its own monitoring technologies for this purpose. Pursuant to Article 15 of the Federal Act of 6 October 2000 on the Interception of Postal and Telecommunications Traffic (BÜPF, SR 780.1) and Articles 18 and 26 VÜPF, the TSP is already obliged to cooperate and must be in a position to carry out surveillance, i.e. to transmit corresponding data, as soon as a new telecommunications service commences customer operations. Receipt and processing is carried out by the ÜPF service.
The visualization systems necessary to analyze the data provided by the FDA must be implemented on the processing system operated by the service OBPF. The analysis of the data provided by the FDA should not be done by the private FDA, because it is an extremely sensitive law enforcement task. The state would lose too much control over the collected data, as it would have to be stored and intensively processed by the FDA for visualization. This would not be justifiable, especially for data protection reasons. The preliminary draft for the revision of the BÜPF also provides for an obligation on the part of the TSP to provide the ÜPF service with detailed information on new technologies and telecommunications services at any time upon request. This serves to ensure the ability to monitor and is sufficient from today’s perspective. If all 700 to 800 providers were required to create their own visualization systems, this would lead to an unmanageable number of different visualization systems. This would be unsuitable for the law enforcement authorities and the ÜPF service.
Making the commercial approval of new telecommunications services dependent on the successful implementation and testing of FDA-specific visualization systems would significantly slow down innovation. This is because the corresponding detailed technical regulations would first have to be drawn up and tested at relatively high expense. Moreover, the provision of telecommunications services is not subject to licensing. However, licences are required for the universal service (Art. 14 – 19b of the Telecommunications Act of 30 April 1997, TCA, SR 784.10, and Art. 12 – 26 of the Ordinance of 9 March 2007 on Telecommunications Services, OTS, SR 784.101.1) and for the use of the radio frequency spectrum (Art. 22 – 27 TCA, Art. 15 – 48 of the Ordinance of 9 March 2007 on Frequency Management and Radio Licences, OTS, SR 784.102.1). The restriction to TSPs subject to licensing is not justified from the point of view of monitoring.
In general, it must be noted with regard to monitoring costs that TSPs in Switzerland are obliged to procure and implement the equipment necessary for monitoring at their own expense. In return, they are compensated for the specific monitoring measures. On the other hand, a distinction must be made here between standard monitoring and special monitoring measures. The more monitoring that is carried out as standard cases, the greater the chance that the associated savings targets can be realized. Here, it is planned to regulate new technologies such as the Internet and chat as standard measures, thus enabling a uniform and economical derivation of data from monitoring measures.
Conclusion: The FDAs must deliver the monitoring data to the service ÜPF and remove any encryption they have attached. The equipment necessary for data delivery must be acquired and implemented by the TSPs themselves at their own expense. The ÜPF service operates a processing system and performs the visualization of the data to be delivered. Transferring this duty to the FDA would remove control over the collected data from the state, which is not justifiable for data protection reasons.