From 7th to 8th of November over 1,000 programmers, activists, academics and business leaders have gathered in Bolzano, South Tyrol, Italy for the 25th edition of the South-Tyrol Software Freedom Conference (SFSCON). Given the huge dependency of European businesses and administrations on American Big Tech companies, which the current US administration is not hesitant to use as leverage in international relations, Digital Sovereignty has been one of the key topics1 of the conference. Discussions ranged from how Free and Open Source Software (FOSS) can make communities resilient in times of crises, efforts to put existing interoperability requirements into practice, how Free Software communities can assist policy makers in switching to FOSS, to funding opportunities for Free Software by means of * regulatory requirements of the European Union’s Cyber Resilience Act (CRA), * effective public procurement policies which favor Free Software while preventing open washing, or * direct public investments into innovative ecosystems. In addition to attending the informative conference talks, we’ve used the opportunity to connect with our fellow NGI Zero consortium members from OW2 and FSFE, who were both present with booths at the conference, and discuss recent European developments in the realm of Free Software like the upcoming Digital Commons European Digital Infrastructure Consortium (DC-EDIC) and what one can expect from them. Our main takeaway from this year’s SFSCON is a somewhat surprising concurrency of encouraging and discouraging developments in Europe when it comes to the role of Free Software: On the one hand European institutions cut funding for important and successful FOSS projects and increase their dependency on US Big Tech in, e.g., schools, while at the same time making provisions for Free Software in landmark legislation like the CRA or institutionalizing FOSS efforts in, e.g., the European Open Source Academy or the aforementioned Digital Commons DC-EDIC. This situation shows that there is more advocacy work to be done to realize the full potential FOSS offers to achieve Digital Sovereignty. The (unfortunate) fact that we were the, to our knowledge, only Swiss organization at the conference is symptomatic of the – with few laudable exceptions – low importance Swiss policy makers and businesses assign to FOSS. We’re convinced that Swiss administrations, businesses and society at large would stand to benefit from engaging with and learning from the experiences our neighbors make with Free Software. 1. The others being: Health, Engineering, Cybersecurity, Open Hardware, Automation, Fediverse, Skills & Training, Culture, Data Spaces, Community Building. ︎ The post SFSCON 2025: The ever-growing importance of Free Software appeared first on ISOC Switzerland Chapter.

The 10th edition of the South Eastern European Dialogue on Internet Governance (SEEDIG 10) convened in Athens under the theme “A Decade of Dialogue and Cooperation: What’s Next?” The event brought together policymakers, regulators, academics, civil-society representatives, technical experts, private-sector leaders, and youth delegates from across South Eastern Europe to reflect on a decade of digital transformation — and the dilemmas that accompany it. Returning to Athens, where the first global Internet Governance Forum (IGF) was held nearly twenty years ago, lent the event symbolic resonance. Yet SEEDIG 10 was far from a nostalgic gathering; it was forward-looking and, at times, uneasy. A decade on, the region continues to grapple with a central question: how to pursue digital innovation without compromising democratic accountability or sovereignty. A major strand of discussion focused on artificial intelligence (AI) and the digital transformation of public administration. Greece’s gov.gr platform was presented by government officials as a regional model for digital public services. By unifying over 1,500 state functions — from tax filing and healthcare to business registration — under one single digital identity, gov.gr aims to transform how citizens interact with the state. Yet its success also exposes structural dependencies. The platform’s reliance on partnerships with major global technology providers sparked debate over data sovereignty, infrastructure localisation, and long-term control. As a participant said innovation without autonomy risks replacing old inefficiencies with new dependencies. In parallel, Greece has taken visible steps to strengthen digital skills and AI literacy in the public sector and education. The government has recently signed agreements with OpenAI (Initiative: OpenAI for Greece) and Google Greece (Initiative: AI for All) to promote digital capacity-building and “transform public service with AI.” The OpenAI for Greece memorandum, announced in September 2025, introduces ChatGPT Edu in upper-secondary schools and provides teacher training. It also offers mentoring for start-ups in the health, climate, and public-service sectors. Google’s AI for All initiative, launched in 2024, will provide hands-on training for hundreds of civil servants in AI applications, data analysis, and modernisation practices, according to government officials.  While these initiatives demonstrate a strong political commitment to digital upskilling and reskilling, SEEDIG 10 participants urged a more critical reading. Vendor-led training — even when labelled a partnership — risks embedding dependence at the level of tools, methods, and institutional knowledge. When the same corporations that dominate global data and AI markets are entrusted with training governments and educators, the boundary between capacity-building and market capture becomes blurred. Without parallel investment in publicly governed expertise, open educational frameworks, and national research capacity, such collaborations risk deepening the dependencies of every country that seeks to remain independent. Furthermore, the European Union’s ambition to maintain a common area of research and development may be jeopardised by dependence on U.S.-based private vendors. With this approach, EU member states could undermine the Union’s efforts toward a sustainable, ethical, and independent digital ecosystem. Debates around the EU AI Act, the Digital Services Act (DSA), and media sustainability reflected similar tensions. Participants broadly welcomed Europe’s regulatory ambition but warned that outsourcing compliance to the same dominant technology companies undermines accountability. Smaller markets in South Eastern Europe face the dual challenge of aligning with EU frameworks while building independent infrastructures that protect local media, data, and civic space. Behind these regulatory discussions lay a quieter but crucial theme: technical resilience. Panels on routing security, domain-name management, and universal acceptance underscored that regional strength depends not only on regulatory compliance but also on sustained investment in infrastructure, expertise, and governance capacity. Youth participants brought energy and sharp insight, challenging older generations to move beyond symbolic inclusion. Their workshops on AI ethics and cybersecurity called for youth-driven monitoring of digital rights, greater transparency in policymaking, and stronger support for regional innovation networks. SEEDIG’s commitment to intergenerational dialogue reflects its broader ethos: an open, inclusive, and multistakeholder approach to digital governance. The issues raised at SEEDIG 10 — from AI governance to data sovereignty — resonate deeply with the priorities of the Swiss Internet Society (ISOC-CH). Switzerland, too, must navigate the balance between technological innovation and digital self-determination. Questions of trust, accountability, and open standards are not regional but universal. By linking discussions across Europe’s regions, SEEDIG and ISOC-CH can jointly strengthen efforts toward an open, resilient, and rights-based digital future. This time, Athens provided an apt metaphor: a meeting place of historic ideals and modern contradictions. For South Eastern Europe, the question is no longer whether to embrace the digital age — but on whose terms; because, as another participant said, innovation without sovereignty is not progress. ISOC-CH members are encouraged to follow SEEDIG’s initiatives, contribute their expertise, and participate in shaping the next decade of digital governance across Europe. The post SEEDIG 10: Innovation without Sovereignty is Not Progress appeared first on ISOC Switzerland Chapter.

On September 28, 2025, the Swiss electorate will decide the fate of the Federal Act on Electronic Identity Credentials. This legislation proposes the introduction of a state-issued electronic identity, a centralized digital credential designed to streamline access to public and private services alike. While the Federal Council and Parliament advocate for its adoption, a coalition of civic organizations has successfully triggered a referendum, ensuring the final arbiter will be the citizenry. The shadow of the 2021 vote, where a similar proposal was resoundingly defeated, looms large over the debate. Proponents frame the E-ID as an indispensable cornerstone of Switzerland’s digital infrastructure. They contend that a state-controlled system, bound by strict legal and security frameworks, offers a superior alternative to the current patchwork of private commercial logins, thereby fostering greater public trust. The government assures that the E-ID will remain voluntary and free of charge, positing it as a tool of inclusion rather than compulsion. The practical advantages are presented as self-evident: a seamless, paperless conduit for administrative tasks, financial operations, and civic duties, promising unparalleled efficiency. Economically, it is envisioned as a catalyst for innovation and a bolster to the nation’s competitive standing. The broad, cross-spectrum political endorsement is cited as testament to the proposal’s balance and robust design.  However, a closer look reveals significant misgivings. The current proposal is best understood as a hybrid model—not fully open-source, though not entirely a black-box system either. Detractors issue a sobering warning against the creation of a monolithic data repository, arguing that such a concentration of sensitive personal information presents an irresistible target for malicious actors, notwithstanding any promised safeguards. They challenge the very premises of the proposal, suggesting the E-ID is likely to be neither entirely secure, truly free, nor meaningfully voluntary in the long term. History offers a clear pattern of such tools evolving from conveniences into necessities—much as the credit card or mobile number became de facto requisites for participation in modern life. The potential for a similar trajectory here effectively nullifies the principle of voluntary use.  A critical technical objection lies in the system’s architecture not being fully open source. This opacity, critics argue, inherently slows the identification and remediation of security vulnerabilities. In such a model, the relentless search for flaws is ceded to adversaries, while the community of independent researchers and developers is sidelined. This creates a fertile ground for “zero-day exploits” and ensures that when a breach occurs—a scenario treated as inevitable—its impact will be maximized. Additional misgivings include the risks of enrollment fraud and the implications of a centralized—rather than decentralized—digital identity model. Critical questions about data minimization and the exclusion of vulnerable groups, such as the elderly, remain largely unanswered. For opponents, a rejection of this proposal is not a rejection of digital progress itself. Rather, it is a battle for its soul. It’s about being for good and ethical digital progress: decentralized, open-source, and free. It is the affirmation that Switzerland can, and should, aspire to a more sophisticated model: one that is inherently privacy-respecting, decentralized, voluntary and truly worthy of public trust. The referendum presents a fundamental choice: is the E-ID a key to a more efficient and secure future, responsibly stewarded by the state? Or is it a step toward heightened surveillance and systemic vulnerability? On September 28, voters will weigh these competing visions and shape Switzerland’s digital destiny. Marianthe Stavridou PS. The Internet Society has championed  for all these values since the Internet’s early days and has weathered many turning points when the perceived urgency to “catch up” with rapid developments proved destructive. Preserving different options truly available, including non-digital choice, is essential if Swiss society is to defend itself against addiction, cyberattacks, and disasters. Taking slow, careful steps is a Swiss tradition; in this case prioritizing safety and resilience is more important than ever. The post The referendum is not a rejection of digitalization, but a battle for its soul appeared first on ISOC Switzerland Chapter.

Switzerland’s model highlights how open-source AI can democratize technology, breaking the dominance of a handful of corporations over critical digital infrastructure. By making AI models transparent, auditable, and adaptable, open-source frameworks empower governments, researchers, and businesses to innovate without vendor lock-in. This approach not only safeguards digital sovereignty but also accelerates local AI ecosystems, enabling startups and public institutions to build tailored solutions for education, healthcare, and administration. Moreover, open-source AI fosters collaborative progress. Unlike closed systems, where development is siloed within private entities, publicly available models allow global contributions; researchers can refine biases, developers can optimize efficiency, and policymakers can assess risks. This collective effort mitigates the “black box” problem of proprietary AI, where decisions are opaque and accountability is limited. Critically, in a geopolitical landscape where data control equates to power, open-source AI offers a counterbalance. It reduces dependency on foreign tech giants, ensuring that nations retain autonomy over their digital futures. For Switzerland-and other countries adopting similar strategies-this means stronger resilience against external pressures, whether in data governance, economic competition, or ethical standards. Switzerland’s combination of permissive licensing, multilingual inclusivity, and sector-specific oversight offers a noteworthy template for small nations seeking to develop AI capacity without ceding control to large technology firms. By prioritizing transparency and ethical safeguards, this approach ensures that AI serves the public interest rather than corporate interests. Smaller economies, in particular, can leverage this framework to punch above their weight in the global AI race, fostering homegrown innovation while avoiding technological subjugation. Ultimately, Switzerland’s experiment could inspire a new paradigm in AI development: one where transparency, ethics, and public benefit take precedence over profit-driven exclusivity. As the world grapples with AI’s societal risks, open-source models may prove indispensable in aligning technology with democratic values and human rights, proving that innovation need not come at the cost of accountability. Marianthe Stavridou, August 1st, 2025 The post The Wider Impact of Open-Source AI appeared first on ISOC Switzerland Chapter.

ABOUT THE POSITION ISOC-CH is a key partner in the Horizon Europe NGI0 Commons Fund, and through this engagement a great opportunity arises to develop as an organization both locally in Switzerland and abroad, creating links between local issues and struggles for digital rights and important developments at the European and global level. The role of ISOC-CH in the NGI0 project is to develop the so-called “Tech dossiers” of Free/Libre and Open Software (FLOSS), as summarized in this page: https://isoc.ch/dossiers/ For this job position, we are searching for a candidate that will cover the topic of digital sovereignty and cloud solutions, addressing policy makers and the government with an expected engagement of 30% (0.3 FTE / 1.5 days per week) for a period of 1 year, with a possible extension up to 2 years, under an employment contract with ISOC-CH under Swiss law with social security, taxation, and paid in Swiss Francs. The 100% salary is fixed to CHF 8,000 gross per month, which for a 30% contract translates to CHF 2,400 / month. ESSENTIAL DUTIES AND RESPONSIBILITIES 1. Document and analyze the digital sovereignty efforts across Europe, with a special focus on cloud solutions and collaborative tools. 2. Develop a digital sovereignty policy strategy in Switzerland, documented in a way to be re-usable in different contexts. 3. Become part of the ISOC-CH NGI0 team and contribute to the development of tech dossiers related to cloud solutions and collaborative tools, and others, according to the needs of the project. APPLICATION DOSSIER Please submit the below documents at contact@isoc.ch before August 20th: 1. A 2-page CV 2. A letter of intent (max. 1,000 words) with your own perspective on digital sovereignty in light of recent developments in Europe and Switzerland and ways to approach it from a policy perspective include a short list of references to relevant material (max. 5). DESIRED QUALIFICATIONS * A degree in law, policy, social science, or other related fields preferred. * More than 3 years work experience on policy related topics * Track record of effectively analyzing issues, thinking creatively and strategically about bringing difficult issues on the policy table. * Good understanding of the Free/Libre and Open source software ecosystem. * Experience working collaboratively and effectively through influence with internal and external stakeholders including government officials, foundations, civil society, industry. * Excellent writing, speaking, and presentation skills with ability to synthesize and summarize findings and recommendations to diverse audiences. * Ability to adapt to shifting priorities and deadlines, while engaging effectively with other teams * Knowledge of research and current trends in Internet-related issues across geographies, with a special focus on digital sovereignty. * Fluency in English is mandatory, as all outputs will be produced in English for European level dissemination. Proficiency in German and/or French is strongly preferred for effective engagement with local stakeholders, review documents, regulations, and participate in regional policy discussions. TIMELINE * 15.06.2025 Job opening and procedure announced * 20.08.2025 Deadline for application submission * 05-15.09.2025 Interviews with top-5 candidates * 01.10.2025 Beginning of the first year contract (30%) ABOUT ISOC The Internet Society Switzerland Chapter (ISOC-CH) is a non-governmental not-for-profit association seated in Zurich, Switzerland, founded in 2012. ISOC-CH is recognized as a chapter of the (global) Internet Society (ISOC), headquartered in Reston, Virginia, USA, and Geneva, Switzerland. ISOC as the umbrella organization is a not-for-profit organization founded in 1992 to provide leadership in Internet related standards, education and policy and specifically ISOC global, the organizational home for groups responsible for Internet infrastructure standards, including the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB). The ISOC-CH association is an equal opportunity employer. Employment selection and related decisions are made without regard to sex, race, age, disability, religion, national origin, sexual orientation, color or any other protected class. Compensation and benefit package for this position will be competitively commensurate with the successful applicant’s qualifications. Applications will be evaluated until the position has been filled. The list of applicants will not be posted publicly and will be reviewed in confidence by members of the evaluation committee. ABOUT NGI0 COMMONS FUND NGI0 Commons fund is part of the NGI Zero coalition, led by NLnet Foundation, which uses a very flexible cascading funding scheme that enables a large number of carefully curated small grants for FLOSS projects (between 5 000 and 50 000 euro). Between now and 2027 the project will award an unprecedented 21.6 million euro in small to medium-size R&D grants towards solutions that bring the next generation of the internet closer. The post ISOC.ch is hiring – application process is open appeared first on ISOC Switzerland Chapter.

Policy related content The post Policy appeared first on ISOC Switzerland Chapter.

Switzerland’s federalist tradition delegates significant autonomy to its 26 cantons, allowing them to tailor policies and services to local needs. The introduction of a nationwide electronic identity (e-ID) system, however, represents a marked shift in digital governance: by vesting authority over identity issuance and verification in the federal state, the new e-ID law centralizes power and diminishes cantonal prerogatives. While a unified e-ID promises interoperability and enhanced security, the concentration of competence at the Confederation level undermines subsidiarity, stifles local innovation, and risks a democratic deficit in a system historically grounded in cantonal and people’s self-determination. Swiss Federalism and Cantonal Autonomy Under Article 3 of the Swiss Constitution, all future powers belong to the cantons, unless the Swiss people and the cantons decide, by constitutional amendment, that they shall be attributed to the federation. This principle enshrines the subsidiarity norm: matters best handled locally remain within cantonal competence, ensuring policies reflect regional languages, legal traditions, and administrative capacities. In practice, cantons exercise broad authority over education, healthcare, policing, and civil registers and identity documents, areas where proximity to citizens fosters trust and responsiveness. The E-ID Law and the Centralization of Digital Identity On December 20, 2024, the Swiss Federal Assembly passed the Federal Act on Electronic Identity Credentials and Other Electronic Credentials, establishing a state-recognised e-ID to be rolled out by 2026. Unlike earlier, canton-driven pilots, the new scheme mandates that all public authorities—confederation, cantons, and municipalities—accept the federal e-ID alongside physical ID for electronic identification purposes. While private providers may operate wallets, the Confederation retains exclusive authority over the trust framework, credential schemas, and revocation registries. Consequently, cantonal solutions will be superseded by a one-size-fits-all model dictated by federal technical and policy choices. Erosion of Subsidiarity and Local Tailoring By reallocating identity-management powers from cantons to the federal state, the e-ID law breaches the subsidiarity ethos. Cantonal administrations lose autonomy over design and implementation—functions they have long performed in tandem with local stakeholders. This top-down approach risks producing a monolithic system that may not align with linguistic and procedural variations across cantons. For instance, user interface elements or data-disclosure workflows optimized for German-speaking urban centres may prove cumbersome in rural, French- or Italian-speaking cantons. Hindering Innovation and Experimentation Cantons have historically acted as laboratories of democracy, piloting digital services—such as e-voting, local health portals, and municipal e-administration platforms—before scaling them nationally. Centralizing identity issuance under the Confederation risks stifling this dynamic: any significant alteration or enhancement to the e-ID framework will require federal approval, elongating development cycles and dampening the incentive for localized experimentation. Moreover, private-sector innovators that previously partnered with individual cantons face higher barriers: they must navigate federal procurement processes and standardized certification regimes, reducing flexibility and increasing costs. Complexity, Incoherence, and Privacy Concerns Centralized identity provisioning introduces its own technical pitfalls. A major critique of a state- run, single identity provider is that no central actor can serve all user groups coherently—voluntary adoption means some citizens will decline the e-ID, necessitating parallel systems and eroding transparency. Services catering to non-Swiss or partially registered residents would require separate identity providers, creating confusion and administrative overhead. Furthermore, having the Confederation mediate every authentication event concentrates sensitive metadata—access logs, usage patterns, and verification requests—within a single national database, heightening the risk of mass surveillance. Furthermore, the notion of a single identity gateway also creates a tempting target for adversaries: rather than spreading their efforts across thousands of sites and services, attackers can focus on subverting one system to harvest credentials en masse. A breach of the central provider—even a transient outage or misconfiguration—could effectively lock every user out of their online accounts, from banking and healthcare to social media and e-government services. Worse yet, such concentration makes it trivial to compile comprehensive activity logs, enabling sophisticated profiling, unsolicited marketing, or politically motivated surveillance at a scale previously impossible. Phishing campaigns would only need to mimic one login flow, increasing their success rate and reducing the cognitive load on the victim. And because the e-ID would be used ubiquitously, there’d be no “dark spaces” left for whistleblowers, dissidents, or vulnerable populations to maintain anonymity when they really need it. In short, replacing the polycentric patchwork of today’s digital identities with a single monolithic system risks undermining both individual security and societal freedoms, trading fragmentation for fragility and opacity. Democratic Accountability and the Referendum Safeguard Switzerland’s direct-democracy mechanisms offer a check against unilateral centralization: opponents of the e-ID law have gathered sufficient signatures to force a nationwide referendum, likely scheduled for autumn 2025. Yet, in the interim, cantonal administrations must adapt to the new federal framework, incurring integration costs and reengineering existing digital processes. If the referendum overturns the law, this transitional burden will represent wasted resources and damaged trust between the Confederation and cantons. Conclusion The e-ID law exemplifies the tension between the efficiencies of a centralized digital infrastructure and the principles of Swiss federalism. While a unified identity system may streamline cross-border and inter-cantonal digital services, the shift of power from cantons to the Confederation compromises subsidiarity, curtails local innovation, and risks democratic disconnect. As Switzerland navigates its referendum, policymakers should consider hybrid approaches: granting cantons a participatory role in governance bodies, enabling localized interface customization, and ensuring interoperability standards rather than monolithic platforms. Such measures could preserve the dynamism of cantonal digital experimentation while achieving the interoperability and security goals that underpin a national e-ID. The post Concentration of Power in Swiss E-ID appeared first on ISOC Switzerland Chapter.

Zurich, 6 mai 2025 – La consultation qui se termine aujourd’hui sur la révision partielle de l’Ordonnance sur la surveillance de la correspondance par poste et télécommunication (OSCPT) ainsi que de l’Ordonnance du DFJP (OD-SCPT) [1] soulève d’importantes questions et suscite de vives inquiétudes. Les modifications prévues menacent non seulement le droit fondamental à la vie privée, mais aussi la sécurité du chiffrement. Les VPN et autres services de communication chiffrés sont particulièrement visés – avec des conséquences potentiellement désastreuses pour les citoyens et les entreprises. UNE ATTEINTE À LA VIE PRIVÉE La révision de l’OSCPT prévoit une extension des obligations de surveillance pour les fournisseurs de services de télécommunication (FST) ainsi que pour les services de communication dérivés (FSCD), y compris des obligations élargies d’identification des utilisateurs et de conservation des données. Ces mesures portent gravement atteinte à la vie privée des citoyens sans qu’une justification claire à ce recul soit clairement exprimé. Le secret médical ou la protection des sources journalistiques s’en trouvent directement affectés. DES DONNÉES INUTILEMENT STOCKÉES OUVRENT LA PORTE AUX RISQUES D’ABUS Chaque donnée conservée augmente mécaniquement le risque que celle-ci soit utilisée ou consultée de manière abusive. Les métadonnées peuvent donner des aperçus détaillés sur les relations entre individus, leur localisation et leurs habitudes. La conservation obligatoire des métadonnées pendant six mois permet non seulement une surveillance de masse, mais aussi potentiellement d’autres accès illégitimes par des tiers, comme des pirates informatiques, des criminels ou des employés simplement mal intentionnés. Si de telles données tombent entre les mains de criminels, elles pourraient être utilisées pour le chantage, la fraude téléphonique, le phishing, le vol d’identité et d’autres formes d’abus. LA COMPROMISSION DU CHIFFREMENT EST LA MORT DU CHIFFREMENT L’obligation proposée de supprimer le chiffrement compromet la sécurité de tous. Les fournisseurs seraient contraints d’installer des backdoors ou d’utiliser d’autres méthodes qui affaiblissent délibérément le chiffrement afin de pouvoir permettre aux autorités d’accéder à ces données. Mais si ces failles existent, elles existent pour tout le monde: leur installation permettrait aux pirates informatiques, aux criminels ou entités étrangères d’avoir accès à toutes les données circulant dans le pays. On ne peut pas chiffrer pour les uns, et pas pour les autres. Le gouvernement britannique a récemment tenté d’adopter une réglementations en ce sens: la conséquence immédiate en a été qu’Apple a annoncé le retrait des services chiffrés pour ses clients au Royaume-Uni. Citation traduite de l’allemand: «Apple et de nombreux experts en sécurité informatique soutiennent qu’une porte dérobée rend absurde tout chiffrement. Dès qu’il existe un moyen de déchiffrer des données chiffrées, ce n’est qu’une question de temps avant que des criminels ou des régimes autoritaires ne l’exploitent. Le chiffrement de bout en bout signifie exactement cela : personne d’autre que l’utilisateur lui-même – pas même Apple – ne peut accéder aux données. Une porte dérobée constitue donc toujours une faille de sécurité massive.» [2] En Suisse, les services offrant des solutions respectueuses de la vie privée ont traditionnellement une position forte. Les fournisseurs suisses comme Proton, NymVPN, PVY.swiss ou Threema sont particulièrement touchés par la nouvelle réglementation. Proton a déjà annoncé qu’il quitterait la Suisse s’il ne pouvait plus y exercer ses activités correctement. [3] RÉFÉRENCES [1] https://www.fedlex.admin.ch/fr/consultation-procedures/ended#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1 [2] https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910 [3] https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung The post La révision prévue de l’OSCPT menace les droits fondamentaux et compromet le chiffrement appeared first on ISOC Switzerland Chapter.

Zurich, May 6, 2025 – The public consultation on the partial revision of the Ordinance on the Surveillance of Postal and Telecommunications Traffic (VÜPF/OSCPT) and the ordinance of Swiss Federal Department of Justice and Police FDJP (VD-ÜPF/OME-SCPT) [1], which ends today, raises major questions and massive concerns. The planned changes not only jeopardize the fundamental right to privacy, but also the security of encryption. VPN and other encrypted communication services in particular are in the spotlight – with potentially devastating consequences for citizens and companies. ATTACK ON PRIVACY The revision of the VÜPF/OSCPT provides for an expansion of the monitoring obligations for providers of telecommunications services (FDA/FST) and derived communication services (AAKD/FSCD), including extended obligations to identify users and data retention. These measures encroach deeply on the privacy of citizens. This also affects medical confidentiality and the protection of journalistic sources. RISK OF MISUSE OF UNNECESSARILY STORED DATA Any additional storage of data increases the risk of misuse. Metadata can provide detailed insights into communication partners, locations and habits. The mandatory retention of metadata for six months not only enables mass surveillance, but in principle also other unlawful access by third parties, such as hackers, criminals or employees of the FDA/FST or AAKD/FSCD. For example, if such data falls into the hands of criminals, it could be used for blackmail, telephone fraud, phishing, identity theft or other forms of abuse. COMPROMISING ENCRYPTION The proposed obligation to remove encryption compromises the security of encryption. Providers would be forced to install backdoors or use other methods that deliberately weaken encryption in order to deliver unencrypted content to the authorities. Creating such security loopholes not only allows the authorities, but potentially also hackers, criminals or other unauthorized persons to access confidential data. The UK government recently passed similar regulations, which Apple decided not to implement. Instead, Apple announced the withdrawal of encrypted services for their customers in the UK. Quote (translated from German): “Apple and many IT security experts argue that a backdoor drives any encryption ad absurdum. Once a way exists to decrypt encrypted data, it is only a matter of time before criminals or authoritarian regimes exploit it. End-to-end encryption means exactly that: no one other than the users themselves – not even Apple – can access the data. A backdoor is therefore always a massive security gap.” [2] In Switzerland, services with privacy-friendly solutions traditionally have a strong position. Swiss providers such as Proton, NymVPN, PVY.swiss or Threema are particularly affected by the new regulation. Proton has already announced that it will leave Switzerland if it can no longer conduct proper business here. [3] REFERENCES [1] https://www.fedlex.admin.ch/de/consultation-procedures/ongoing#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1 [2] https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910 [3] https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung [Translated partially by Deepl.] The post Planned Revision of Surveillance Ordinances Threatens Fundamental Rights and Compromises Encryption appeared first on ISOC Switzerland Chapter.

Zürch, 6. Mai 2025 – Die heute endende Vernehmlassung zur Teilrevision der Verordnung über die Überwachung des Post- und Fernmeldeverkehrs (VÜPF) sowie der Verordnung des EJPD (VD-ÜPF) [1] wirft grosse Fragen auf und sorgt für massive Bedenken. Die geplanten Änderungen gefährden nicht nur das Grundrecht auf Privatsphäre, sondern auch die Sicherheit von Verschlüsselung. Insbesondere VPN und andere verschlüsselte Kommunikationsdienste stehen im Fokus – mit potenziell verheerenden Folgen für Bürger und Unternehmen. ANGRIFF AUF DIE PRIVATSPHÄRE Die VÜPF-Revision sieht eine Ausweitung der Überwachungspflichten für Anbieterinnen von Fernmeldediensten (FDA) sowie abgeleiteter Kommunikationsdienste (AAKD) vor, einschliesslich erweiterter Pflichten zur Identifikation von Nutzern und Vorratsdatenspeicherung. Diese Massnahmen greifen tief in die Privatsphäre der Bürger ein. Dadurch wird auch das Arzt-Geheimnis oder der journalistische Quellenschutz beeinträchtigt. MISSBRAUCHSRISIKO VON UNNÖTIGERWEISE GESPEICHERTEN DATEN Jedes zusätzliche Speichern von Daten erhöht das Risiko für deren Missbrauch. Metadaten können detaillierte Einblicke in Kommunikationspartner, Standorte und Gewohnheiten geben. Die verpflichtende Vorratsdatenspeicherung von Metadaten über sechs Monate ermöglicht nicht nur eine Massenüberwachung, sondern grundsätzlich auch andere unrechtmässige Zugriffe von Dritten, wie Hackern, Kriminellen oder Mitarbeitern der FDA bzw. AAKD. Wenn solche Daten beispielsweise in die Hände von Kriminellen geraten, könnten diese für Erpressung, Telefonbetrug, Phishing, Identitätsdiebstahl oder andere Formen von Missbrauch verwendet werden. KOMPROMITTIERUNG DER VERSCHLÜSSELUNG Die vorgeschlagene Pflicht, angebrachte Verschlüsselungen zu entfernen, kompromittiert die Sicherheit der Verschlüsselung. Anbieterinnen würden gezwungen, Hintertüren anzubringen oder andere Methoden einzusetzen, welche die Verschlüsselung bewusst schwächen, um unverschlüsselte Inhalte den Behörden ausliefern zu können. Das Anbringen solcher Sicherheitslücken ermöglicht nicht nur den Behörden, sondern potenziell auch Hackern, Kriminellen oder anderen Unbefugten den Zugriff auf vertrauliche Daten. Die britische Regierung hat kürzlich ähnliche Vorschriften beschlossen, worauf Apple entschied, diese nicht umzusetzen. Stattdessen kündigte Apple den Rückzug der verschlüsselten Dienste für ihre Kunden in Grossbritannien an. Zitat: «Apple und viele IT-Sicherheitsexperten argumentieren, dass eine Hintertür jede Verschlüsselung ad absurdum führt. Sobald ein Weg existiert, um verschlüsselte Daten zu entschlüsseln, ist es nur eine Frage der Zeit, bis Kriminelle oder autoritäre Regime ihn ausnutzen. End-to-End-Verschlüsselung bedeutet genau das: Niemand außer dem Nutzer selbst – nicht einmal Apple – kann auf die Daten zugreifen. Eine Hintertür ist daher immer eine massive Sicherheitslücke.» [2] In der Schweiz haben Dienste mit Privatsphäre-freundlichen Lösungen traditionell eine starke Stellung. Schweizer Anbieterinnen wie Proton, NymVPN, PVY.swiss oder Threema sind durch die neue Regulierung besonders betroffen. Proton hat bereits angekündigt, die Schweiz zu verlassen, wenn sie hier keine ordnungsgemässen Geschäfte mehr tätigen kann. [3] REFERENZEN [1] https://www.fedlex.admin.ch/de/consultation-procedures/ongoing#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1 [2] https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910 [3] https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung The post Geplante VÜPF-Revision bedroht Grundrechte und kompromittiert Verschlüsselung appeared first on ISOC Switzerland Chapter.