Moti­on Moli­na (18.3507): Imple­men­ta­ti­on of the BÜPF in accordance with the voting dispositions

Sub­mit­ted text

The Fede­ral Coun­cil is ins­truc­ted to amend the Ordi­nan­ce on the Sur­veil­lan­ce of Postal and Tele­com­mu­ni­ca­ti­ons Traf­fic (VÜPF) to the effect that tho­se obli­ged to coope­ra­te pur­su­ant to Artic­le 2 let­ters b.-f. BÜPF, only the con­trol data (hea­der) may be stored in Inter­net communications.

Justi­fi­ca­ti­on

During the revi­si­on of the BÜPF, the Fede­ral Coun­cil repea­ted­ly assu­red the public that the sto­rage of Inter­net com­mu­ni­ca­ti­on Exclu­si­ve­ly the mar­gi­nal data (hea­der) affec­ted and stored by the par­ties obli­ged to coope­ra­te. Accor­ding to the cur­rent imple­men­ta­ti­on of the BÜPF in the cor­re­spon­ding Regu­la­ti­on by the Fede­ral Coun­cil, howe­ver, the pro­vi­ders can use the enti­re data packa­ges, i.e. also the “sur­fing dataare syste­ma­ti­cal­ly stored. This is an addi­tio­nal encroach­ment on the fun­da­men­tal rights of bla­me­l­ess citi­zens, which was not inten­ded by the legis­la­tu­re and should be cor­rec­ted accordingly.

State­ment of the Fede­ral Coun­cil of 29.8.18

Neither the Fede­ral Act of 18 March 2016 on the Sur­veil­lan­ce of Postal and Tele­com­mu­ni­ca­ti­ons Traf­fic (BÜPF; SR 780.1) nor its imple­men­ting ordi­nan­ces requi­re tho­se obli­ged to coope­ra­te to retain the con­tent (user data) of inter­net com­mu­ni­ca­ti­ons. In par­ti­cu­lar, neither the enti­re IP data packets inclu­ding user data nor all so-cal­led IP hea­der data need to be retai­ned. The­re is thus No legal basis, to find out retroac­tively, which web­sites a par­ti­cu­lar per­son has visi­ted and cer­tain­ly not what was com­mu­ni­ca­ted. This is pos­si­ble only in real time and by means of moni­to­ring orde­red by the prosecutor’s office and appro­ved by the court, and only from the moment of activation.

The only requi­re­ment is that cer­tain pro­vi­ders must be able to unam­bi­guous­ly iden­ti­fy the aut­hor­ship or ori­gin of a spe­ci­fic Inter­net con­nec­tion retro­s­pec­tively. And this is only pos­si­ble if the aut­ho­ri­zed aut­ho­ri­ty pro­vi­des the neces­sa­ry infor­ma­ti­on, in par­ti­cu­lar the time of the sear­ched con­nec­tion. Ulti­m­ate­ly, not­hing else is requi­red than in the case of a tele­pho­ne direc­to­ry query. One would like to know the Iden­ti­fy cus­to­mers can, which has a spe­ci­fic inter­net con­nec­tion at a spe­ci­fic time has been estab­lished. Howe­ver, the search is not for a pho­ne num­ber, but for an ori­gin IP address.

Many pro­vi­ders use non-uni­que methods, e.g., “car­ri­er-gra­de net­work address trans­la­ti­on” (CGNAT), to allo­ca­te IP addres­ses to their cus­to­mers. This means that many cus­to­mers have the same public ori­gin IP address at the same time use. In such cases, a query based on an ori­gi­na­ting IP address and a spe­ci­fic time will result in many hits. The assign­ment of Inter­net con­nec­tions to indi­vi­du­al cus­to­mers can only be made by the pro­vi­der ope­ra­ting the CGNAT system. This pro­vi­der must the­r­e­fo­re pro­vi­de fur­ther infor­ma­ti­on than only the public ori­gin IP address assi­gned to the cus­to­mer and the time of assign­ment. The Reten­ti­on of the desti­na­ti­on IP addres­sesThe name of the domain name of a visi­ted web­site can be found out based on this infor­ma­ti­on, may the­r­e­fo­re be neces­sa­ryif the Pro­vi­der requi­res them for the uni­que iden­ti­fi­ca­ti­on of the aut­hor­ship or ori­gin of a par­ti­cu­lar Inter­net connection.

Accor­ding to Art. 22 BÜPF, pro­vi­ders are obli­ged to sup­p­ly the ÜPF ser­vice with all infor­ma­ti­on that enables the iden­ti­fi­ca­ti­on of the per­pe­tra­tor. Howe­ver, pro­vi­ders are free to deci­de how to ensu­re this iden­ti­fi­ca­ti­on tech­ni­cal­ly.. Based on Art. 22 para. 2 BÜPF, the Fede­ral Coun­cil has defi­ned the mar­gi­nal data for the pur­po­se of iden­ti­fi­ca­ti­on in Art. 21 of the Ordi­nan­ce of 15 Novem­ber 2017 on the Inter­cep­ti­on of Postal and Tele­com­mu­ni­ca­ti­ons Traf­fic (VÜPF; SR 780.11). Edge data do not con­tain any infor­ma­ti­on on the con­tent of tele­com­mu­ni­ca­ti­ons traf­fic, but only pro­vi­de infor­ma­ti­on on how who is or was in cont­act with whom and when. The mar­gi­nal data on the allo­ca­ti­on and trans­la­ti­on of IP addres­ses and port num­bers must be retai­ned for six months for iden­ti­fi­ca­ti­on pur­po­ses and then destroy­ed in order to mini­mi­ze the inter­fe­rence with fun­da­men­tal rights.

It should also be noted that the obli­ga­ti­on to retain mar­gi­nal data for iden­ti­fi­ca­ti­on pur­po­ses does not app­ly to all pro­vi­ders, but only to pro­vi­ders of tele­com­mu­ni­ca­ti­ons ser­vices who have not been exempt­ed from cer­tain moni­to­ring obli­ga­ti­ons (Art. 26 para. 6 BÜPF, Art. 51 VÜPF), as well as pro­vi­ders of deri­ved com­mu­ni­ca­ti­ons ser­vices with more exten­si­ve moni­to­ring obli­ga­ti­ons (Art. 27 para. 3 BÜPF, Art. 52 VÜPF). Thus Only a few lar­ge pro­vi­ders affec­ted.

Final­ly, the expl­ana­to­ry report on the VÜPF express­ly points out that from the point of view of data pro­tec­tion law Pro­ce­du­res are to be imple­men­ted, whe­re the Sto­rage of con­nec­tion desti­na­ti­ons (desti­na­ti­on IP addres­ses) not requi­red and is the­r­e­fo­re to be omit­ted. On the other hand, the Fede­ral Coun­cil does not want to inter­fe­re with the eco­no­mic free­dom of the pro­vi­ders and the­r­e­fo­re does not pre­scri­be the pro­ce­du­re, but only the pur­po­se, name­ly the iden­ti­fi­ca­ti­on of the per­pe­tra­tors of cri­mi­nal acts via the Inter­net and the iden­ti­fi­ca­ti­on of per­sons in the case of thre­ats to inter­nal or exter­nal security.

The Fede­ral Coun­cil pro­po­ses that the moti­on be rejected.

AI-gene­ra­ted takea­ways can be wrong.