Policy related content
The post Policy appeared first on ISOC Switzerland Chapter.
Source - ISOC Switzerland Chapter
Switzerland’s federalist tradition delegates significant autonomy to its 26
cantons, allowing
them to tailor policies and services to local needs. The introduction of a
nationwide
electronic identity (e-ID) system, however, represents a marked shift in digital
governance:
by vesting authority over identity issuance and verification in the federal
state, the new e-ID
law centralizes power and diminishes cantonal prerogatives. While a unified e-ID
promises
interoperability and enhanced security, the concentration of competence at the
Confederation level undermines subsidiarity, stifles local innovation, and risks
a democratic
deficit in a system historically grounded in cantonal and people’s
self-determination.
Swiss Federalism and Cantonal Autonomy
Under Article 3 of the Swiss Constitution, all future powers belong to the
cantons, unless the
Swiss people and the cantons decide, by constitutional amendment, that they
shall be
attributed to the federation. This principle enshrines the subsidiarity norm:
matters best
handled locally remain within cantonal competence, ensuring policies reflect
regional
languages, legal traditions, and administrative capacities. In practice, cantons
exercise
broad authority over education, healthcare, policing, and civil registers and
identity
documents, areas where proximity to citizens fosters trust and responsiveness.
The E-ID Law and the Centralization of Digital Identity
On December 20, 2024, the Swiss Federal Assembly passed the Federal Act on
Electronic
Identity Credentials and Other Electronic Credentials, establishing a
state-recognised e-ID
to be rolled out by 2026. Unlike earlier, canton-driven pilots, the new scheme
mandates that
all public authorities—confederation, cantons, and municipalities—accept the
federal e-ID
alongside physical ID for electronic identification purposes. While private
providers may
operate wallets, the Confederation retains exclusive authority over the trust
framework,
credential schemas, and revocation registries. Consequently, cantonal solutions
will be
superseded by a one-size-fits-all model dictated by federal technical and policy
choices.
Erosion of Subsidiarity and Local Tailoring
By reallocating identity-management powers from cantons to the federal state,
the e-ID law
breaches the subsidiarity ethos. Cantonal administrations lose autonomy over
design and
implementation—functions they have long performed in tandem with local
stakeholders.
This top-down approach risks producing a monolithic system that may not align
with
linguistic and procedural variations across cantons. For instance, user
interface elements or
data-disclosure workflows optimized for German-speaking urban centres may prove
cumbersome in rural, French- or Italian-speaking cantons.
Hindering Innovation and Experimentation
Cantons have historically acted as laboratories of democracy, piloting digital
services—such
as e-voting, local health portals, and municipal e-administration
platforms—before scaling
them nationally. Centralizing identity issuance under the Confederation risks
stifling this
dynamic: any significant alteration or enhancement to the e-ID framework will
require
federal approval, elongating development cycles and dampening the incentive for
localized
experimentation. Moreover, private-sector innovators that previously partnered
with
individual cantons face higher barriers: they must navigate federal procurement
processes
and standardized certification regimes, reducing flexibility and increasing
costs.
Complexity, Incoherence, and Privacy Concerns
Centralized identity provisioning introduces its own technical pitfalls. A major
critique of a state-
run, single identity provider is that no central actor can serve all user groups
coherently—voluntary adoption means some citizens will decline the e-ID,
necessitating parallel
systems and eroding transparency. Services catering to non-Swiss or partially
registered
residents would require separate identity providers, creating confusion and
administrative
overhead. Furthermore, having the Confederation mediate every authentication
event
concentrates sensitive metadata—access logs, usage patterns, and verification
requests—within
a single national database, heightening the risk of mass surveillance.
Furthermore, the notion of a single identity gateway also creates a tempting
target for
adversaries: rather than spreading their efforts across thousands of sites and
services, attackers
can focus on subverting one system to harvest credentials en masse. A breach of
the central
provider—even a transient outage or misconfiguration—could effectively lock
every user out of
their online accounts, from banking and healthcare to social media and
e-government services.
Worse yet, such concentration makes it trivial to compile comprehensive activity
logs, enabling
sophisticated profiling, unsolicited marketing, or politically motivated
surveillance at a scale
previously impossible. Phishing campaigns would only need to mimic one login
flow, increasing
their success rate and reducing the cognitive load on the victim. And because
the e-ID would be
used ubiquitously, there’d be no “dark spaces” left for whistleblowers,
dissidents, or vulnerable
populations to maintain anonymity when they really need it. In short, replacing
the polycentric
patchwork of today’s digital identities with a single monolithic system risks
undermining both
individual security and societal freedoms, trading fragmentation for fragility
and opacity.
Democratic Accountability and the Referendum Safeguard
Switzerland’s direct-democracy mechanisms offer a check against unilateral
centralization:
opponents of the e-ID law have gathered sufficient signatures to force a
nationwide
referendum, likely scheduled for autumn 2025. Yet, in the interim, cantonal
administrations
must adapt to the new federal framework, incurring integration costs and
reengineering
existing digital processes. If the referendum overturns the law, this
transitional burden will
represent wasted resources and damaged trust between the Confederation and
cantons.
Conclusion
The e-ID law exemplifies the tension between the efficiencies of a centralized
digital
infrastructure and the principles of Swiss federalism. While a unified identity
system may
streamline cross-border and inter-cantonal digital services, the shift of power
from cantons
to the Confederation compromises subsidiarity, curtails local innovation, and
risks
democratic disconnect. As Switzerland navigates its referendum, policymakers
should
consider hybrid approaches: granting cantons a participatory role in governance
bodies,
enabling localized interface customization, and ensuring interoperability
standards rather
than monolithic platforms. Such measures could preserve the dynamism of cantonal
digital
experimentation while achieving the interoperability and security goals that
underpin a
national e-ID.
The post Concentration of Power in Swiss E-ID appeared first on ISOC Switzerland
Chapter.
Zurich, 6 mai 2025 – La consultation qui se termine aujourd’hui sur la révision
partielle de l’Ordonnance sur la surveillance de la correspondance par poste et
télécommunication (OSCPT) ainsi que de l’Ordonnance du DFJP (OD-SCPT) [1]
soulève d’importantes questions et suscite de vives inquiétudes. Les
modifications prévues menacent non seulement le droit fondamental à la vie
privée, mais aussi la sécurité du chiffrement. Les VPN et autres services de
communication chiffrés sont particulièrement visés – avec des conséquences
potentiellement désastreuses pour les citoyens et les entreprises.
UNE ATTEINTE À LA VIE PRIVÉE
La révision de l’OSCPT prévoit une extension des obligations de surveillance
pour les fournisseurs de services de télécommunication (FST) ainsi que pour les
services de communication dérivés (FSCD), y compris des obligations élargies
d’identification des utilisateurs et de conservation des données. Ces mesures
portent gravement atteinte à la vie privée des citoyens sans qu’une
justification claire à ce recul soit clairement exprimé. Le secret médical ou la
protection des sources journalistiques s’en trouvent directement affectés.
DES DONNÉES INUTILEMENT STOCKÉES OUVRENT LA PORTE AUX RISQUES D’ABUS
Chaque donnée conservée augmente mécaniquement le risque que celle-ci soit
utilisée ou consultée de manière abusive. Les métadonnées peuvent donner des
aperçus détaillés sur les relations entre individus, leur localisation et leurs
habitudes. La conservation obligatoire des métadonnées pendant six mois permet
non seulement une surveillance de masse, mais aussi potentiellement d’autres
accès illégitimes par des tiers, comme des pirates informatiques, des criminels
ou des employés simplement mal intentionnés. Si de telles données tombent entre
les mains de criminels, elles pourraient être utilisées pour le chantage, la
fraude téléphonique, le phishing, le vol d’identité et d’autres formes d’abus.
LA COMPROMISSION DU CHIFFREMENT EST LA MORT DU CHIFFREMENT
L’obligation proposée de supprimer le chiffrement compromet la sécurité de tous.
Les fournisseurs seraient contraints d’installer des backdoors ou d’utiliser
d’autres méthodes qui affaiblissent délibérément le chiffrement afin de pouvoir
permettre aux autorités d’accéder à ces données. Mais si ces failles existent,
elles existent pour tout le monde: leur installation permettrait aux pirates
informatiques, aux criminels ou entités étrangères d’avoir accès à toutes les
données circulant dans le pays. On ne peut pas chiffrer pour les uns, et pas
pour les autres.
Le gouvernement britannique a récemment tenté d’adopter une réglementations en
ce sens: la conséquence immédiate en a été qu’Apple a annoncé le retrait des
services chiffrés pour ses clients au Royaume-Uni.
Citation traduite de l’allemand: «Apple et de nombreux experts en sécurité
informatique soutiennent qu’une porte dérobée rend absurde tout chiffrement. Dès
qu’il existe un moyen de déchiffrer des données chiffrées, ce n’est qu’une
question de temps avant que des criminels ou des régimes autoritaires ne
l’exploitent. Le chiffrement de bout en bout signifie exactement cela : personne
d’autre que l’utilisateur lui-même – pas même Apple – ne peut accéder aux
données. Une porte dérobée constitue donc toujours une faille de sécurité
massive.» [2]
En Suisse, les services offrant des solutions respectueuses de la vie privée ont
traditionnellement une position forte. Les fournisseurs suisses comme Proton,
NymVPN, PVY.swiss ou Threema sont particulièrement touchés par la nouvelle
réglementation. Proton a déjà annoncé qu’il quitterait la Suisse s’il ne pouvait
plus y exercer ses activités correctement. [3]
RÉFÉRENCES
[1]
https://www.fedlex.admin.ch/fr/consultation-procedures/ended#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1
[2]
https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910
[3]
https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung
The post La révision prévue de l’OSCPT menace les droits fondamentaux et
compromet le chiffrement appeared first on ISOC Switzerland Chapter.
Zurich, May 6, 2025 – The public consultation on the partial revision of the
Ordinance on the Surveillance of Postal and Telecommunications Traffic
(VÜPF/OSCPT) and the ordinance of Swiss Federal Department of Justice and Police
FDJP (VD-ÜPF/OME-SCPT) [1], which ends today, raises major questions and massive
concerns. The planned changes not only jeopardize the fundamental right to
privacy, but also the security of encryption. VPN and other encrypted
communication services in particular are in the spotlight – with potentially
devastating consequences for citizens and companies.
ATTACK ON PRIVACY
The revision of the VÜPF/OSCPT provides for an expansion of the monitoring
obligations for providers of telecommunications services (FDA/FST) and derived
communication services (AAKD/FSCD), including extended obligations to identify
users and data retention. These measures encroach deeply on the privacy of
citizens. This also affects medical confidentiality and the protection of
journalistic sources.
RISK OF MISUSE OF UNNECESSARILY STORED DATA
Any additional storage of data increases the risk of misuse. Metadata can
provide detailed insights into communication partners, locations and habits. The
mandatory retention of metadata for six months not only enables mass
surveillance, but in principle also other unlawful access by third parties, such
as hackers, criminals or employees of the FDA/FST or AAKD/FSCD. For example, if
such data falls into the hands of criminals, it could be used for blackmail,
telephone fraud, phishing, identity theft or other forms of abuse.
COMPROMISING ENCRYPTION
The proposed obligation to remove encryption compromises the security of
encryption. Providers would be forced to install backdoors or use other methods
that deliberately weaken encryption in order to deliver unencrypted content to
the authorities. Creating such security loopholes not only allows the
authorities, but potentially also hackers, criminals or other unauthorized
persons to access confidential data.
The UK government recently passed similar regulations, which Apple decided not
to implement. Instead, Apple announced the withdrawal of encrypted services for
their customers in the UK.
Quote (translated from German): “Apple and many IT security experts argue that a
backdoor drives any encryption ad absurdum. Once a way exists to decrypt
encrypted data, it is only a matter of time before criminals or authoritarian
regimes exploit it. End-to-end encryption means exactly that: no one other than
the users themselves – not even Apple – can access the data. A backdoor is
therefore always a massive security gap.” [2]
In Switzerland, services with privacy-friendly solutions traditionally have a
strong position. Swiss providers such as Proton, NymVPN, PVY.swiss or Threema
are particularly affected by the new regulation. Proton has already announced
that it will leave Switzerland if it can no longer conduct proper business here.
[3]
REFERENCES
[1]
https://www.fedlex.admin.ch/de/consultation-procedures/ongoing#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1
[2]
https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910
[3]
https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung
[Translated partially by Deepl.]
The post Planned Revision of Surveillance Ordinances Threatens Fundamental
Rights and Compromises Encryption appeared first on ISOC Switzerland Chapter.
Zürch, 6. Mai 2025 – Die heute endende Vernehmlassung zur Teilrevision der
Verordnung über die Überwachung des Post- und Fernmeldeverkehrs (VÜPF) sowie der
Verordnung des EJPD (VD-ÜPF) [1] wirft grosse Fragen auf und sorgt für massive
Bedenken. Die geplanten Änderungen gefährden nicht nur das Grundrecht auf
Privatsphäre, sondern auch die Sicherheit von Verschlüsselung. Insbesondere VPN
und andere verschlüsselte Kommunikationsdienste stehen im Fokus – mit potenziell
verheerenden Folgen für Bürger und Unternehmen.
ANGRIFF AUF DIE PRIVATSPHÄRE
Die VÜPF-Revision sieht eine Ausweitung der Überwachungspflichten für
Anbieterinnen von Fernmeldediensten (FDA) sowie abgeleiteter
Kommunikationsdienste (AAKD) vor, einschliesslich erweiterter Pflichten zur
Identifikation von Nutzern und Vorratsdatenspeicherung. Diese Massnahmen greifen
tief in die Privatsphäre der Bürger ein. Dadurch wird auch das Arzt-Geheimnis
oder der journalistische Quellenschutz beeinträchtigt.
MISSBRAUCHSRISIKO VON UNNÖTIGERWEISE GESPEICHERTEN DATEN
Jedes zusätzliche Speichern von Daten erhöht das Risiko für deren Missbrauch.
Metadaten können detaillierte Einblicke in Kommunikationspartner, Standorte und
Gewohnheiten geben. Die verpflichtende Vorratsdatenspeicherung von Metadaten
über sechs Monate ermöglicht nicht nur eine Massenüberwachung, sondern
grundsätzlich auch andere unrechtmässige Zugriffe von Dritten, wie Hackern,
Kriminellen oder Mitarbeitern der FDA bzw. AAKD. Wenn solche Daten
beispielsweise in die Hände von Kriminellen geraten, könnten diese für
Erpressung, Telefonbetrug, Phishing, Identitätsdiebstahl oder andere Formen von
Missbrauch verwendet werden.
KOMPROMITTIERUNG DER VERSCHLÜSSELUNG
Die vorgeschlagene Pflicht, angebrachte Verschlüsselungen zu entfernen,
kompromittiert die Sicherheit der Verschlüsselung. Anbieterinnen würden
gezwungen, Hintertüren anzubringen oder andere Methoden einzusetzen, welche die
Verschlüsselung bewusst schwächen, um unverschlüsselte Inhalte den Behörden
ausliefern zu können. Das Anbringen solcher Sicherheitslücken ermöglicht nicht
nur den Behörden, sondern potenziell auch Hackern, Kriminellen oder anderen
Unbefugten den Zugriff auf vertrauliche Daten.
Die britische Regierung hat kürzlich ähnliche Vorschriften beschlossen, worauf
Apple entschied, diese nicht umzusetzen. Stattdessen kündigte Apple den Rückzug
der verschlüsselten Dienste für ihre Kunden in Grossbritannien an.
Zitat: «Apple und viele IT-Sicherheitsexperten argumentieren, dass eine
Hintertür jede Verschlüsselung ad absurdum führt. Sobald ein Weg existiert, um
verschlüsselte Daten zu entschlüsseln, ist es nur eine Frage der Zeit, bis
Kriminelle oder autoritäre Regime ihn ausnutzen. End-to-End-Verschlüsselung
bedeutet genau das: Niemand außer dem Nutzer selbst – nicht einmal Apple – kann
auf die Daten zugreifen. Eine Hintertür ist daher immer eine massive
Sicherheitslücke.» [2]
In der Schweiz haben Dienste mit Privatsphäre-freundlichen Lösungen traditionell
eine starke Stellung. Schweizer Anbieterinnen wie Proton, NymVPN, PVY.swiss oder
Threema sind durch die neue Regulierung besonders betroffen. Proton hat bereits
angekündigt, die Schweiz zu verlassen, wenn sie hier keine ordnungsgemässen
Geschäfte mehr tätigen kann. [3]
REFERENZEN
[1]
https://www.fedlex.admin.ch/de/consultation-procedures/ongoing#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1
[2]
https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910
[3]
https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung
The post Geplante VÜPF-Revision bedroht Grundrechte und kompromittiert
Verschlüsselung appeared first on ISOC Switzerland Chapter.
Work on Tech-Dossier on Privacy
Since January 2025 ISOC-CH is working on privacy-focused Tech Dossiers (TD),
which relate to various projects which are technically supported by Next
Generation Internet (NGI) funding, provided by the EU Commission and the State
Secretariat for Education, Research and Innovation (SERI) of the Swiss
Confederation (cf. https://www.sbfi.admin.ch/sbfi/en/home/seri/seri.html). In
scope of this work, also the Artificial Intelligence (AI) topic was given
special attention as to show how to make a more sovereign use of its potentials
without neglecting the risks associated to the intensified practice in
datafication of everything (including the collection and use of Personal
Identifiable Information, PII) to make those systems generate (sometimes useful)
answers.
Teaching the Teachers on Privacy
As an audience, we choose to raise awareness among early stage secondary school
teachers in their last step of formation about the dangers of datafication,
which (soon) will have the job to teach their topic (e.g., German or
Mathematics) on secondary schools among Switzerland. As teaching is done more
and more interdisciplinary and with an increasing relation to digitization,
teachers are formed at University of Zurich (UZH) also in aspects of digital
educational tools used in teaching. From our perspective, it’s absolutely vital
that at least young teachers get themselves and critically tought in aspects of
digitization such that they can raise awareness among kids about it and we can
have a scalable effect on spreading critical knowledge on privacy implications
of digital systems, increasing thus media literacy in the general public and
give insights to alternatives which can be used.
Concrete Teacher Audience at University of Zurich
To start this task, we teamed up with Tessa Consoli, Academic Associate to the
Chair of Prof. Dr. Dominik Petko on Teaching and Educational Technology at UZH
in the Institute of Education (IfE; cf.
https://www.ife.uzh.ch/en/research/petko/staff/consolitessa.html), researching
on aspects of the influence and use of digitzation in the secondary school
system. Since Spring Semester 2025 she runs a course on Transerversal Learning
including a strong focus on digitization topics in schools (cf. course
description:
https://studentservices.uzh.ch/uzh/anonym/vvz/?sap-language=DE&sap-ui-language=DE#/details/2024/004/SM/51260439).
With her work, the IfE is assessing which digital educational tools are being
used in the secondary school system across Switzerland, running surveys (cf.
corresponding research work: https://www.ife.uzh.ch/en/research/petko.html).
First Efforts with a Presentation and Reactions
As the course lecturer Tessa sees and shares the interest to shed light not only
on chances, but also on the risks of the ongoing pervasive (mass) datafication —
including the loss of digital sovereignty in the public school system —, we were
invited to give a public intervention in her course on 18.3.2025 (cf. in PDF:
slides), not only showing the problematic global situation of mass datafication
through, e.g., means of Mass Surveillance as shown since — at the very latest —
the Snowden revelations since June 2013, but also how to engage in self-defense
by using technological tools for a more decentralized and private Internet,
using means of media literacy and tools which are also supported by the NGI
funding framework (like, e.g., Mastodon, Tor or Jitsi).
The intervention at UZH proved to be very useful as the teachers present weren’t
generally aware of the scope of the (non-consensual) datafication going on,
which happens to be used, e.g., in AI systems as training material, imposing
privacy risks of data leakage and loss of control through automatic
decision-making with people don’t understand why certain (e.g., insurance)
prices for them rise or they don’t get a credit. Awareness at which points data
gets collected by own actions was also not very sharp: most people weren’t aware
that “simple” news sites massively collect behavioral data and share it with
hundreds of “partners” — a problem which can be reduced by using certain Add-Ons
or Browser Bundles (especially for smart phones) to share less data by technical
means.
The post NGI0: Teach the Teachers on Dangers of (Mass) Datafication appeared
first on ISOC Switzerland Chapter.
On Friday, 7 February 2025, the Washington Post reported that the UK government
had issued a Technical Capability Notice (TCN) to Apple under the Investigatory
Powers Act 2016. This secret order would force Apple to build a backdoor into
its end-to-end encrypted cloud services, jeopardizing the security and privacy
of all users worldwide, not just in the UK.
The ISOC Switzerland Chapter, alongside over 100 civil society organizations,
companies, and cybersecurity experts, co-signed a joint letter led by the Global
Encryption Coalition (GEC). Addressed to the UK Home Secretary, the letter urges
the Home Office to rescind its demand that Apple compromise its encrypted
services. It highlights the severe risks this order poses to security, privacy,
the economy, and freedom of expression.
As encryption advocates have long warned, any backdoor for law enforcement
creates vulnerabilities that can be exploited by cybercriminals, foreign
espionage, and other malicious actors. The UK’s move represents a dangerous
attempt to undermine encryption, endangering the privacy and security of
millions of Apple users worldwide.
Further Reading:
* Draft Technical Capability Regulations notified to European Commission
following targeted consultation
* Apple’s submission of evidence on the Investigatory Powers Act Amendments
Bill
* BBC’s coverage of Apple’s July 2023 submission
The post UK Government’s Demand for an Apple Backdoor Puts Global Security at
Risk appeared first on ISOC Switzerland Chapter.
ISOC-CH is a key partner in the Horizon Europe NGI0 Commons Fund, and through
this engagement a great opportunity arises to develop as an organization both
locally in Switzerland and abroad, creating links between local issues and
struggles for digital rights and important developments at the European and
global level.
The role of ISOC-CH in the NGI0 project is to develop the so-called “Tech
dossiers” of free/libre and open software. That is, a comprehensive introduction
to a certain are of digital services (e.g., cloud storage, video conferencing,
AI), addressing specific audiences (e.g., policy makers, youth, educators,
elderly) with a suitable medium (e.g., guidelines, podcast, curriculum).
For this project, we are searching for a candidate that will cover the topic of
cloud solutions, addressing policy makers and the government in the context of
digital sovereignty with an expected engagement of 20% for a period of 1 year,
with a possible extension up to 2 years..
In addition, this year, the Board of ISOC Switzerland will be reshuffled. We are
looking for additional board members, including for treasurer and/or policy.
For more information and application process, you can reach us at
contact@isoc.ch or in one of the upcoming events announced on our web site,
https://isoc.ch, and linkedin page.
More details about the application process will be announced after the General
Assembly 2025.
Before, you are very welcome to join the ISOC-CH’s Policy Sessions 2025 on the
topic of E-ID, an excellent introduction for this job position!
The ISOC-CH board.
The post ISOC-CH is hiring! appeared first on ISOC Switzerland Chapter.
The second plenary meeting of the NGI0 Commons Fund consortium took place in
Brussels on January 30th 2025, in the context of the FOSDEM conference, where
the presence of NGI0 at the FOSDEM was impressive,
During the plenary meeting, ISOC-CH developed the plan for the development of
the so-called “tech dossiers”, which will focus on three distinct thematic
areas: video conferencing, AI and privacy, and Cloud solutions, targeting three
distinct target audiences respectively: like-minded non-experts, school
teachers, and policy makers.
The description of the whole implementation plan for the tech dossiers and an
interesting job opening will be announced soon.
For now, the most important news is that the project selection is running
smoothly and the sixth call of NGI Zero Commons Fund opened up on February
1st 2025, with a deadline of April 1st 2025 12:00 CEST (noon).
To get some inspiration, here is the list of the first 50 projects funded under
the NGI0 Commons fund:
https://nlnet.nl/news/2025/20250101-announcing-grantees-June-call.html
The post NGI0 Commons Fund update and 6th call for funding appeared first on
ISOC Switzerland Chapter.
The voting in the UN General Assembly that was expected to pass the Draft
Convention on Cybercrime, was postponed.
This Draft was the outcome of many years of negotiations which started with a UN
resolution initiated in 2019 by Russia, China and other states (such as Iran,
Egypt, Sudan, and Uzbekistan) , with 88 votes to 58, and 34 abstentions.
There is a wide consensus that this convention puts in danger human rights,
privacy, and safety online, and a large number of human rights and journalists’
associations have officially expressed their criticism of the surveillance
pact, including Privacy International, Access Now, the IPI, and European Digital
Rights, the umbrella organisation of many European NGOs.
ISOC global in their position article on the UN convention state clearly two
major concerns regarding its potential negative impact:
> 1) Impact on the work of security researchers: As highlighted in this
> statement from security experts, good faith security research is crucial to
> ensuring the security of the Internet and preventing cybercrime.
> 2) Impact on encryption: Article 28.4 on search and seizure of electronic data
> might be interpreted to allow countries to authorize competent authorities to
> order the handover of encryption keys or other sensitive information about the
> security of hardware or software.
Adrienne Fichter, in her article titled “The UN community has negotiated a
global surveillance regime — but it could have been worse”, explains in detail
all the shortcomings of this convention and the potential impact in the Swiss
context.
A recent article (9.Dec 2024) by Lawfare media analyzes the legal language of
the Draft Convention and another one by Anja P. Jakobi und Lena Herbst, at the
same day, concludes that despite the problems with this convention,
> It is, however, unlikely that the draft Convention will fail to pass the GA.
> Therefore, it seems advisable to accept the treaty with reservations and
> become a state party to the Convention. Without internal critics, the
> ‘Conference of Parties’ (CoP), tasked with reviewing and implementing the
> convention, could develop additional measures and worsen a Convention that at
> least includes some human rights safeguards. In particular, due to Russia’s
> and China’s growing influence, rejecting the Convention could pave the way for
> ‘digital authoritarianism’ in a central UN norm on cyberspace. Still,
> accepting the Convention requires careful monitoring, not only of the CoP, but
> also of its results in practice. If reviews of the treaty show that its
> implementation means compromising human rights and data protection, states
> should continuously reevaluate whether to stay or leave the treaty, with the
> Budapest Convention as a remaining fallback option.
The argument of making compromises to “stay at the table of negotiations” have
been used also for other critical issues in recent debates among digital rights
associations in Switzerland. And although “staying at the table” is a valid
argument, for such important threats on fundamental human rights, someone needs
to stay out of the table and fight for privacy, self-determination, and safety!
So, we are in a critical moment of this process, and signing the ongoing
petition, initiated by the Pirate Party CH, and supported by the ISOC
Switzerland Chapter, we can pass the message to policy makers that people care
for human rights and privacy:
https://act.campax.org/petitions/un-cybercrime-convention-stoppen-arreter-la-convention-des-nations-unies-sur-la-cybercriminalite
The post UN Convention on Cybercrime: staying out of the table and fighting for
human rights, privacy, and safety appeared first on ISOC Switzerland Chapter.