Governments around the world are seeking more information about online exchanges. Switzerland, which has a tradition of protecting individual freedoms, could soon join the club of democratic countries where confidentiality is a priority. exchanges is in danger, as in France, the United Kingdom or the United States.
VPN, messaging, hosting: Switzerland wants to monitor everything
The Federal Council launched a public consultation on January 29 to revise two ordinances relating to the surveillance of communications (OSCPT and OME-SCPT). The objective is to clarify the categories of companies required to collaborate with the authorities and specify the conditions under which they must remove certain encryption.
Telecommunications service providers (TSPs), like operators and internet service providers (Swisscom, Sunrise, Salt), already have this obligation. They must therefore be able to identify users, provide metadata, and cooperate in the event of surveillance ordered by the courts. The revision does not create There are no new obligations for these providers, but it refines their role and responsibilities. A system of grading obligations is thus put in place to avoid overloading small ISPs and academic networks.
The main new feature of this revision is the inclusion of Derived Communication Service Providers (DCSPs) in the Swiss monitoring system. These include messaging services, videoconferencing, VPNs, messaging apps, and online service hosts. DCSP status is assigned to to companies with more than one million users or a turnover exceeding 100 million Swiss francs.
Switzerland, by virtue of its traditional policy on individual freedoms, is home to several well-known services such as Proton, Threema and NymVPN. However, the ordinance is not limited to regional companies: all companies that fall within its scope of application will have to adapt. Signal, WhatsApp, Facebook Messenger, NordVPN, and others are therefore affected.
Swiss authorities will now be able to demand from a VPN provider or messaging service identifying information (IP address, username, information on the device used), metadata (connection time, approximate location), or even part of the IP packets or secondary data associated with ongoing communications, without the full content.
The ordinance explicitly specifies that end-to-end encryption (E2EE) is not affected: providers cannot be required to deliver what they cannot technically decrypt. If the service offers E2EE exchanges that only the user can decrypt (like WhatsApp or Signal), the company will therefore not be obliged to break this security, and for good reason, it cannot access it itself.
Alexis Roussel, NymVPN co-founder and director of operations, deplores that the new version of the surveillance law makes the activities of Protron, Threema or his company impossible. He intends to fight and assert his point of view during the consultation, which ends on May 6. Beyond that, the Federal Council can adjust the text based on suggestions and criticisms. But no parliamentary vote or referendum is necessary, as the Swiss government has the authority to adopt it alone.
0 Comments