Zurich, 6 mai 2025 – La consultation qui se termine aujourd’hui sur la révision partielle de l’Ordonnance sur la surveillance de la correspondance par poste et télécommunication (OSCPT) ainsi que de l’Ordonnance du DFJP (OD-SCPT) [1] soulève d’importantes questions et suscite de vives inquiétudes. Les modifications prévues menacent non seulement le droit fondamental à la vie privée, mais aussi la sécurité du chiffrement. Les VPN et autres services de communication chiffrés sont particulièrement visés – avec des conséquences potentiellement désastreuses pour les citoyens et les entreprises. UNE ATTEINTE À LA VIE PRIVÉE La révision de l’OSCPT prévoit une extension des obligations de surveillance pour les fournisseurs de services de télécommunication (FST) ainsi que pour les services de communication dérivés (FSCD), y compris des obligations élargies d’identification des utilisateurs et de conservation des données. Ces mesures portent gravement atteinte à la vie privée des citoyens sans qu’une justification claire à ce recul soit clairement exprimé. Le secret médical ou la protection des sources journalistiques s’en trouvent directement affectés. DES DONNÉES INUTILEMENT STOCKÉES OUVRENT LA PORTE AUX RISQUES D’ABUS Chaque donnée conservée augmente mécaniquement le risque que celle-ci soit utilisée ou consultée de manière abusive. Les métadonnées peuvent donner des aperçus détaillés sur les relations entre individus, leur localisation et leurs habitudes. La conservation obligatoire des métadonnées pendant six mois permet non seulement une surveillance de masse, mais aussi potentiellement d’autres accès illégitimes par des tiers, comme des pirates informatiques, des criminels ou des employés simplement mal intentionnés. Si de telles données tombent entre les mains de criminels, elles pourraient être utilisées pour le chantage, la fraude téléphonique, le phishing, le vol d’identité et d’autres formes d’abus. LA COMPROMISSION DU CHIFFREMENT EST LA MORT DU CHIFFREMENT L’obligation proposée de supprimer le chiffrement compromet la sécurité de tous. Les fournisseurs seraient contraints d’installer des backdoors ou d’utiliser d’autres méthodes qui affaiblissent délibérément le chiffrement afin de pouvoir permettre aux autorités d’accéder à ces données. Mais si ces failles existent, elles existent pour tout le monde: leur installation permettrait aux pirates informatiques, aux criminels ou entités étrangères d’avoir accès à toutes les données circulant dans le pays. On ne peut pas chiffrer pour les uns, et pas pour les autres. Le gouvernement britannique a récemment tenté d’adopter une réglementations en ce sens: la conséquence immédiate en a été qu’Apple a annoncé le retrait des services chiffrés pour ses clients au Royaume-Uni. Citation traduite de l’allemand: «Apple et de nombreux experts en sécurité informatique soutiennent qu’une porte dérobée rend absurde tout chiffrement. Dès qu’il existe un moyen de déchiffrer des données chiffrées, ce n’est qu’une question de temps avant que des criminels ou des régimes autoritaires ne l’exploitent. Le chiffrement de bout en bout signifie exactement cela : personne d’autre que l’utilisateur lui-même – pas même Apple – ne peut accéder aux données. Une porte dérobée constitue donc toujours une faille de sécurité massive.» [2] En Suisse, les services offrant des solutions respectueuses de la vie privée ont traditionnellement une position forte. Les fournisseurs suisses comme Proton, NymVPN, PVY.swiss ou Threema sont particulièrement touchés par la nouvelle réglementation. Proton a déjà annoncé qu’il quitterait la Suisse s’il ne pouvait plus y exercer ses activités correctement. [3] RÉFÉRENCES [1] https://www.fedlex.admin.ch/fr/consultation-procedures/ended#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1 [2] https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910 [3] https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung The post La révision prévue de l’OSCPT menace les droits fondamentaux et compromet le chiffrement appeared first on ISOC Switzerland Chapter.

Zurich, May 6, 2025 – The public consultation on the partial revision of the Ordinance on the Surveillance of Postal and Telecommunications Traffic (VÜPF/OSCPT) and the ordinance of Swiss Federal Department of Justice and Police FDJP (VD-ÜPF/OME-SCPT) [1], which ends today, raises major questions and massive concerns. The planned changes not only jeopardize the fundamental right to privacy, but also the security of encryption. VPN and other encrypted communication services in particular are in the spotlight – with potentially devastating consequences for citizens and companies. ATTACK ON PRIVACY The revision of the VÜPF/OSCPT provides for an expansion of the monitoring obligations for providers of telecommunications services (FDA/FST) and derived communication services (AAKD/FSCD), including extended obligations to identify users and data retention. These measures encroach deeply on the privacy of citizens. This also affects medical confidentiality and the protection of journalistic sources. RISK OF MISUSE OF UNNECESSARILY STORED DATA Any additional storage of data increases the risk of misuse. Metadata can provide detailed insights into communication partners, locations and habits. The mandatory retention of metadata for six months not only enables mass surveillance, but in principle also other unlawful access by third parties, such as hackers, criminals or employees of the FDA/FST or AAKD/FSCD. For example, if such data falls into the hands of criminals, it could be used for blackmail, telephone fraud, phishing, identity theft or other forms of abuse. COMPROMISING ENCRYPTION The proposed obligation to remove encryption compromises the security of encryption. Providers would be forced to install backdoors or use other methods that deliberately weaken encryption in order to deliver unencrypted content to the authorities. Creating such security loopholes not only allows the authorities, but potentially also hackers, criminals or other unauthorized persons to access confidential data. The UK government recently passed similar regulations, which Apple decided not to implement. Instead, Apple announced the withdrawal of encrypted services for their customers in the UK. Quote (translated from German): “Apple and many IT security experts argue that a backdoor drives any encryption ad absurdum. Once a way exists to decrypt encrypted data, it is only a matter of time before criminals or authoritarian regimes exploit it. End-to-end encryption means exactly that: no one other than the users themselves – not even Apple – can access the data. A backdoor is therefore always a massive security gap.” [2] In Switzerland, services with privacy-friendly solutions traditionally have a strong position. Swiss providers such as Proton, NymVPN, PVY.swiss or Threema are particularly affected by the new regulation. Proton has already announced that it will leave Switzerland if it can no longer conduct proper business here. [3] REFERENCES [1] https://www.fedlex.admin.ch/de/consultation-procedures/ongoing#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1 [2] https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910 [3] https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung [Translated partially by Deepl.] The post Planned Revision of Surveillance Ordinances Threatens Fundamental Rights and Compromises Encryption appeared first on ISOC Switzerland Chapter.

Zürch, 6. Mai 2025 – Die heute endende Vernehmlassung zur Teilrevision der Verordnung über die Überwachung des Post- und Fernmeldeverkehrs (VÜPF) sowie der Verordnung des EJPD (VD-ÜPF) [1] wirft grosse Fragen auf und sorgt für massive Bedenken. Die geplanten Änderungen gefährden nicht nur das Grundrecht auf Privatsphäre, sondern auch die Sicherheit von Verschlüsselung. Insbesondere VPN und andere verschlüsselte Kommunikationsdienste stehen im Fokus – mit potenziell verheerenden Folgen für Bürger und Unternehmen. ANGRIFF AUF DIE PRIVATSPHÄRE Die VÜPF-Revision sieht eine Ausweitung der Überwachungspflichten für Anbieterinnen von Fernmeldediensten (FDA) sowie abgeleiteter Kommunikationsdienste (AAKD) vor, einschliesslich erweiterter Pflichten zur Identifikation von Nutzern und Vorratsdatenspeicherung. Diese Massnahmen greifen tief in die Privatsphäre der Bürger ein. Dadurch wird auch das Arzt-Geheimnis oder der journalistische Quellenschutz beeinträchtigt. MISSBRAUCHSRISIKO VON UNNÖTIGERWEISE GESPEICHERTEN DATEN Jedes zusätzliche Speichern von Daten erhöht das Risiko für deren Missbrauch. Metadaten können detaillierte Einblicke in Kommunikationspartner, Standorte und Gewohnheiten geben. Die verpflichtende Vorratsdatenspeicherung von Metadaten über sechs Monate ermöglicht nicht nur eine Massenüberwachung, sondern grundsätzlich auch andere unrechtmässige Zugriffe von Dritten, wie Hackern, Kriminellen oder Mitarbeitern der FDA bzw. AAKD. Wenn solche Daten beispielsweise in die Hände von Kriminellen geraten, könnten diese für Erpressung, Telefonbetrug, Phishing, Identitätsdiebstahl oder andere Formen von Missbrauch verwendet werden. KOMPROMITTIERUNG DER VERSCHLÜSSELUNG Die vorgeschlagene Pflicht, angebrachte Verschlüsselungen zu entfernen, kompromittiert die Sicherheit der Verschlüsselung. Anbieterinnen würden gezwungen, Hintertüren anzubringen oder andere Methoden einzusetzen, welche die Verschlüsselung bewusst schwächen, um unverschlüsselte Inhalte den Behörden ausliefern zu können. Das Anbringen solcher Sicherheitslücken ermöglicht nicht nur den Behörden, sondern potenziell auch Hackern, Kriminellen oder anderen Unbefugten den Zugriff auf vertrauliche Daten. Die britische Regierung hat kürzlich ähnliche Vorschriften beschlossen, worauf Apple entschied, diese nicht umzusetzen. Stattdessen kündigte Apple den Rückzug der verschlüsselten Dienste für ihre Kunden in Grossbritannien an. Zitat: «Apple und viele IT-Sicherheitsexperten argumentieren, dass eine Hintertür jede Verschlüsselung ad absurdum führt. Sobald ein Weg existiert, um verschlüsselte Daten zu entschlüsseln, ist es nur eine Frage der Zeit, bis Kriminelle oder autoritäre Regime ihn ausnutzen. End-to-End-Verschlüsselung bedeutet genau das: Niemand außer dem Nutzer selbst – nicht einmal Apple – kann auf die Daten zugreifen. Eine Hintertür ist daher immer eine massive Sicherheitslücke.» [2] In der Schweiz haben Dienste mit Privatsphäre-freundlichen Lösungen traditionell eine starke Stellung. Schweizer Anbieterinnen wie Proton, NymVPN, PVY.swiss oder Threema sind durch die neue Regulierung besonders betroffen. Proton hat bereits angekündigt, die Schweiz zu verlassen, wenn sie hier keine ordnungsgemässen Geschäfte mehr tätigen kann. [3] REFERENZEN [1] https://www.fedlex.admin.ch/de/consultation-procedures/ongoing#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1 [2] https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910 [3] https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung The post Geplante VÜPF-Revision bedroht Grundrechte und kompromittiert Verschlüsselung appeared first on ISOC Switzerland Chapter.

On Friday, 7 February 2025, the Washington Post reported that the UK government had issued a Technical Capability Notice (TCN) to Apple under the Investigatory Powers Act 2016. This secret order would force Apple to build a backdoor into its end-to-end encrypted cloud services, jeopardizing the security and privacy of all users worldwide, not just in the UK. The ISOC Switzerland Chapter, alongside over 100 civil society organizations, companies, and cybersecurity experts, co-signed a joint letter led by the Global Encryption Coalition (GEC). Addressed to the UK Home Secretary, the letter urges the Home Office to rescind its demand that Apple compromise its encrypted services. It highlights the severe risks this order poses to security, privacy, the economy, and freedom of expression. As encryption advocates have long warned, any backdoor for law enforcement creates vulnerabilities that can be exploited by cybercriminals, foreign espionage, and other malicious actors. The UK’s move represents a dangerous attempt to undermine encryption, endangering the privacy and security of millions of Apple users worldwide. Further Reading: * Draft Technical Capability Regulations notified to European Commission following targeted consultation * Apple’s submission of evidence on the Investigatory Powers Act Amendments Bill * BBC’s coverage of Apple’s July 2023 submission The post UK Government’s Demand for an Apple Backdoor Puts Global Security at Risk appeared first on ISOC Switzerland Chapter.

ISOC-CH is a key partner in the Horizon Europe NGI0 Commons Fund, and through this engagement a great opportunity arises to develop as an organization both locally in Switzerland and abroad, creating links between local issues and struggles for digital rights and important developments at the European and global level. The role of ISOC-CH in the NGI0 project is to develop the so-called “Tech dossiers” of free/libre and open software. That is, a comprehensive introduction to a certain are of digital services (e.g., cloud storage, video conferencing, AI), addressing specific audiences (e.g., policy makers, youth, educators, elderly) with a suitable medium (e.g., guidelines, podcast, curriculum). For this project, we are searching for a candidate that will cover the topic of cloud solutions, addressing policy makers and the government in the context of digital sovereignty with an expected engagement of 20% for a period of 1 year, with a possible extension up to 2 years.. In addition, this year, the Board of ISOC Switzerland will be reshuffled. We are looking for additional board members, including for treasurer and/or policy.  For more information and application process, you can reach us at contact@isoc.ch or in one of the upcoming events announced on our web site, https://isoc.ch, and linkedin page. More details about the application process will be announced after the General Assembly 2025. Before, you are very welcome to join the ISOC-CH’s Policy Sessions 2025 on the topic of E-ID, an excellent introduction for this job position! The ISOC-CH board. The post ISOC-CH is hiring! appeared first on ISOC Switzerland Chapter.

The second plenary meeting of the NGI0 Commons Fund consortium took place in Brussels on January 30th 2025, in the context of the FOSDEM conference, where the presence of NGI0 at the FOSDEM was impressive, During the plenary meeting, ISOC-CH developed the plan for the development of the so-called “tech dossiers”, which will focus on three distinct thematic areas: video conferencing, AI and privacy, and Cloud solutions, targeting three distinct target audiences respectively: like-minded non-experts, school teachers, and policy makers. The description of the whole implementation plan for the tech dossiers and an interesting job opening will be announced soon. For now, the most important news is that the project selection is running smoothly and the sixth call of NGI Zero Commons Fund opened up on February 1st 2025, with a deadline of April 1st 2025 12:00 CEST (noon). To get some inspiration, here is the list of the first 50 projects funded under the NGI0 Commons fund: https://nlnet.nl/news/2025/20250101-announcing-grantees-June-call.html The post NGI0 Commons Fund update and 6th call for funding appeared first on ISOC Switzerland Chapter.

The voting in the UN General Assembly that was expected to pass the Draft Convention on Cybercrime, was postponed. This Draft was the outcome of many years of negotiations which started with a UN resolution initiated in 2019 by Russia, China and other states (such as Iran, Egypt, Sudan, and Uzbekistan) , with 88 votes to 58, and 34 abstentions. There is a wide consensus that this convention puts in danger human rights, privacy, and safety online, and a large number of human rights and journalists’ associations  have officially expressed their criticism of the surveillance pact, including Privacy International, Access Now, the IPI, and European Digital Rights, the umbrella organisation of many European NGOs. ISOC global in their position article on the UN convention state clearly two major concerns regarding its potential negative impact: > 1) Impact on the work of security researchers: As highlighted in this > statement from security experts, good faith security research is crucial to > ensuring the security of the Internet and preventing cybercrime. > 2) Impact on encryption: Article 28.4 on search and seizure of electronic data > might be interpreted to allow countries to authorize competent authorities to > order the handover of encryption keys or other sensitive information about the > security of hardware or software. Adrienne Fichter, in her article titled “The UN community has negotiated a global surveillance regime — but it could have been worse”, explains in detail all the shortcomings of this convention and the potential impact in the Swiss context. A recent article (9.Dec 2024) by Lawfare media analyzes the legal language of the Draft Convention and another one by Anja P. Jakobi und Lena Herbst, at the same day, concludes that despite the problems with this convention, > It is, however, unlikely that the draft Convention will fail to pass the GA. > Therefore, it seems advisable to accept the treaty with reservations and > become a state party to the Convention. Without internal critics, the > ‘Conference of Parties’ (CoP), tasked with reviewing and implementing the > convention, could develop additional measures and worsen a Convention that at > least includes some human rights safeguards. In particular, due to Russia’s > and China’s growing influence, rejecting the Convention could pave the way for > ‘digital authoritarianism’ in a central UN norm on cyberspace. Still, > accepting the Convention requires careful monitoring, not only of the CoP, but > also of its results in practice. If reviews of the treaty show that its > implementation means compromising human rights and data protection, states > should continuously reevaluate whether to stay or leave the treaty, with the > Budapest Convention as a remaining fallback option. The argument of making compromises to “stay at the table of negotiations” have been used also for other critical issues in recent debates among digital rights associations in Switzerland. And although “staying at the table” is a valid argument, for such important threats on fundamental human rights, someone needs to stay out of the table and fight for privacy, self-determination, and safety! So, we are in a critical moment of this process, and signing the ongoing petition, initiated by the Pirate Party CH, and supported by the ISOC Switzerland Chapter, we can pass the message to policy makers that people care for human rights and privacy: https://act.campax.org/petitions/un-cybercrime-convention-stoppen-arreter-la-convention-des-nations-unies-sur-la-cybercriminalite The post UN Convention on Cybercrime: staying out of the table and fighting for human rights, privacy, and safety appeared first on ISOC Switzerland Chapter.

On May 15th, ISOC Switzerland Chapter hosted the Public Policy Sessions 2024 including a diverse set of introductory talks and a very interesting panel on the topic of disinformation online, organized by Bernie Hoeneisen, co-founder of ISOC-CH. You can watch the recorded live stream here: https://livestream.com/internetsociety/isoc-ch-public-policy2024 First, Markus Kummer (ISOC-CH Chapter Advisory Council Representative) introduced... The post Public Policy Sessions 2024 (summary) appeared first on ISOC Switzerland Chapter.

The ISOC Switzerland Chapter is proud to be one of the partners of the Horizon Europe project NGI0 Commons Fund, which started on January 1st 2024. The project is part of the NGI0 NGI Zero coalition, led by NLnet Foundation, which uses a very flexible cascading funding scheme that enables a large number of carefully... The post ISOC-CH is a partner of the NGI0 Commons Fund appeared first on ISOC Switzerland Chapter.

The ISOC’s General Assembly 2022 took place online on December 15, 2022 The draft minutes of AGM 2022 are available here: GA-2022-minutes_DRAFT.pdf The approved minutes of the AGM 2021 are available here: GA-2021-minutes_APPROVED.pdf The post General Assembly 2022 appeared first on ISOC Switzerland Chapter.