At the beginning of March, the Internet Society brought together advocates, experts, and policymakers from across Europe for a three-day workshop in Brussels focused on the Internet and encryption. The event created an opportunity to explore how the Internet works, why encryption is essential for security and trust online, and how policy decisions can shape its future. Callum Voge and Paula Bernardi opened the workshop by welcoming participants and outlining the program, setting the stage for a series of sessions designed to combine technical understanding with policy and advocacy perspectives. The workshop began with a deep dive into the foundations of the Internet. In a session titled “How the Internet Works”, Hanna Kreitem from the Internet Society explained the Internet’s structure as a network of interconnected networks that communicate through shared protocols. Participants explored how data travels across networks and why the Internet’s decentralized architecture and open standards have enabled its global growth and resilience. Building on this technical foundation, Olaf Kolkman and Gijs Kruitbosch introduced the fundamentals of encryption and its role in protecting online communication. The session covered both classical and modern cryptography and explained how public and private keys are used to secure data as it moves across networks. The discussion then shifted to the policy debates surrounding encryption. In “Understanding Anti-Encryption Technical Proposals”, Callum Voge examined proposals aimed at weakening encryption and the narratives often used to justify them, particularly those centred on law-enforcement access and security concerns. Paula Bernardi complemented the session with case studies highlighting how similar threats to encryption are emerging in different countries. Advocacy and engagement with policymakers were another key focus of the workshop. David Frautschy and Asha Allen from CDT Europe led a session titled “How to Lobby in the EU”, where they explained how the European Commission, the European Parliament, and the Council of the EU shape policy decisions. Participants also explored strategies for building effective advocacy campaigns and communicating policy messages. Later in the day, Svea Wiederkehr from Mozilla and Asha Allen provided an overview of the EU’s current encryption landscape. Their session examined policy initiatives that could undermine encryption and helped participants identify key trends shaping the debate across Europe. The second day began with an interactive activity organised by Paula Bernardi, in which participants were divided into small groups and tasked with developing campaign strategies to explain the importance of encryption to different audiences. A media training workshop followed in which Dimitri Bettoni from MFRR shared technics for effective communications and demonstrated best practices. In the afternoon, Ellie McDonald from Global Partners Digital led the EU Encryption Advocacy Workshop, focusing on global policy developments and advocacy strategies. Participants examined international initiatives such as the UN Cybercrime Convention and the Global Digital Compact, and took part in a group exercise to design their own encryption advocacy campaigns from perspectives including human rights, privacy, and press freedom. A fireside chat with industry representatives brought practical insights into the conversation. Experts from Apple, Meta, Mozilla, Surfshark, and Proton shared their experiences developing and deploying encrypted services, discussing both technical challenges and the increasing policy pressures companies face. The discussion underscored the importance of strong encryption for trust, security, and innovation on the Internet. The workshop concluded with a roundtable discussion at the European Parliament titled “A Shield in Uncertain Times: Encryption as a Bedrock for European Civil Society”. Co-hosted and moderated by MEP Markéta Gregorová (Greens, Czechia), the discussion brought together participants and policymakers to reflect on the workshop’s key themes and the importance of strong encryption for protecting civil society, privacy, and democratic values in Europe. The post Exploring the Internet, Encryption, and Policy: A Workshop in Brussels appeared first on ISOC Switzerland Chapter.

Zurich, 16.02.2026 Today the public consultation on the proposed law on communication platforms and search engines has ended. Interested parties were encouraged to submit their feedback on the draft proposal. ISOC-CH has used the opportunity to express the concerns with the proposed law that contains similar – though lesser – provisions than the EU Digital Services Act (DSA). The biggest concern lies in the decision making process on whether a “potentially illegal” user provided content shall be sanctioned; in particular when it is unclear whether or not a content is illegal (as this also includes legal content). Furthermore, the proposed law intends to delegate this decision from the judiciary to platform operators. While the judiciary is bound to the constitutional fundamental rights (such as freedom of speech and freedom of information, i.e. primarily defensive rights against the state), these rights do not apply to decisions of platform operators. As we learned e.g. by the “Twitter Files”, this setup has been misused by the last US government to delegate censorship in Social Media to private parties (such as NGOs), in order to circumvent the 1st amendment of the US Constitution (freedom of speech) You can find our full response to this public consultation here (in German). The post Public Consultation on Platform Regulation appeared first on ISOC Switzerland Chapter.

In 1996, at the annual gathering of the World Economic Forum in Davos, a libertarian manifesto rang out across the early web. John Perry Barlow’s “Declaration of the Independence of Cyberspace” imagined a realm beyond the reach of governments—weightless, borderless, self-governing.  Three decades later, the mood has shifted. In 2026, the question that was asked in Davos is no longer whether cyberspace is independent, but whether Europe can claim its own share of it. “Is Europe’s digital sovereignty feasible?” —an admission that sovereignty, once dismissed as obsolete in the digital age, has returned with force. In Brussels, Ursula von der Leyen elevates the concept in her agenda for Europe. The Digital Services Act asserts regulatory authority over global platforms. And in Bern, the Digital Switzerland Strategy 2026 places digital sovereignty at the heart of the country’s technological future. The idea of openness that we took for granted is now out of the window as the world is rapidly getting more confrontational. Geopolitical instability has exposed supply chains once thought secure. Artificial intelligence systems proliferate faster than institutions can comprehend them. Social media platforms shape public discourse at a scale no parliament or newspaper ever commanded. What was once an abstract ideal—control over one’s digital destiny—has become a strategic imperative. But in the rush to reclaim sovereignty, three uncomfortable questions loom—rarely addressed, often postponed. First: sustainability. Digital transformation is not ethereal. It consumes energy, rare earths, water, and land. Sovereignty in the cloud is still grounded in physical infrastructure. Second: health. The same networks that promise empowerment also entrench dependency. Internet addiction, algorithmic amplification, and perpetual connectivity strain mental health in ways policymakers are only beginning to quantify. Third: resilience. As societies entrust essential services—communication, finance, education, health—to digital systems, vulnerability deepens. Physical disasters, cyberattacks, and systemic failures no longer threaten convenience alone; they threaten continuity. It is in this context that the Switzerland chapter of the Internet Society steps into the debate with a deceptively simple question: What does digital sovereignty actually mean? Not as a slogan. Not as a regulatory instrument. But as a lived reality—for policymakers, educators, civil society, and above all, citizens. Respecting key values like openness, privacy, and democracy.  On March 27th, 2026, through a public event with special guests from European civil society organizations, ISOC-CH launches a long-term campaign to examine that question publicly—placing sustainability, health, resilience, openness, privacy, and democracy at its core. And on April 24th, at Open Education Day, it will extend the inquiry to the classroom, asking what digital sovereignty demands of those who shape the next generation. Because sovereignty in the digital age is not declared once and for all. It is negotiated—line by line, protocol by protocol, value by value. The Internet Society (ISOC) Switzerland Chapter is a non-profit organization that engages on a variety of Internet-related topics, ensuring that it is a place of possibility, opportunity, and progress that benefits people worldwide. We provide technically-grounded advice, policy recommendations, and educational material regarding privacy, security, Free and Open-Source Software, and digital sovereignty. We also organize informative events and debates like the annual Public Policy Sessions and participate in collaborative research projects like the NGI0 Commons Fund. As a national chapter of the international organization responsible for the .org domain, ISOC CH acts as a gateway between Switzerland and the international digital civil society. You can consider becoming a member (through the main ISOC web site) following the instructions at https://isoc.ch/membership, or just subscribe to our newsletter (2-3 announcements per year) by sending a message to contact@isoc.ch. The post What does digital sovereignty means for … policy makers, educators, the government, civil society, YOU? appeared first on ISOC Switzerland Chapter.

By Berna Alp and Marianthe Stavridou INTRODUCTION As societies undergo rapid digital transformation, public infrastructure is being fundamentally rethought. Money is no exception. While cash is declining across much of the world the question is no longer whether money will become digital, but how. Digital money or digital money transfers are not merely a technical upgrade. It encodes political choices about privacy, power, accountability, and sovereignty. The architecture chosen today will shape how citizens interact with the state, how markets function, and how much autonomy individuals retain in everyday economic life. In Europe, the Digital Euro project represents one path forward: a centrally governed, account-based system operated through banks and payment service providers. In Switzerland, a different model is emerging—built on open-source software, privacy by design, and cryptographic guarantees rather than institutional promises. This alternative is embodied in GNU Taler, an operational digital payment system already in use. This article compares the two approaches across six criteria that consistently surface in public debates on digital infrastructure: privacy, security, inclusion and usability, transaction costs, tax compliance, and digital sovereignty. Using publicly available documentation from the European Central Bank and real-world deployments of GNU Taler, the comparison highlights a fundamental divergence in design philosophy. At its core, the contrast is simple. The Digital Euro relies on identification, intermediaries, and trust in centralized institutions. GNU Taler relies on data minimization, mathematical guarantees, and transparency through open code. One treats privacy as a policy choice that can be adjusted. The other makes privacy a technical property that cannot be revoked. As governments decide how digital money should work, Switzerland’s experience shows that alternatives to surveillance-based payment systems are not theoretical. They already exist—and they work. DIFFERENT REALITIES – A COMMON ISSUE  As cash usage declines across many societies-from Scandinavia to China-we face a fundamental question: What kind of digital infrastructure should replace it? Two competing paradigms are emerging, and the choices made today will shape the future of money, privacy, and democratic control over critical public systems. The European Central Bank, through its Digital Euro project, represents one approach: centralized control, proprietary systems, and comprehensive transaction surveillance.  Switzerland, through three distinct but interconnected initiatives, offers an alternative: open-source infrastructure, privacy-by-design, and digital sovereignty through transparency[1]. The contrast between the EU and Swiss approaches reflects fundamentally different assumptions about how to achieve security, stability, and public trust in digital infrastructure. These differences stem from two distinct perspectives: a closed socio-economic and political system with a top-down decision-making approach, which may lead to increased surveillance and authoritarianism; and a more complex, mixed system with a bottom-up approach which, when applied correctly, can result in an open, social, and stable system based on trust[2]. Despite the EU’s open-source policy[3], the European Central Bank (ECB) has disregarded it in the Digital Euro project creating also a rift between EU’s policy and ECB’s approach.  THE DIGITAL EURO’S CLOSED ARCHITECTURE – A MISSED OPPORTUNITY To understand why the Swiss model offers advantages, we first examine the Digital Euro payment system’s design. The European Central Bank presents the Digital Euro as inclusive, privacy-preserving, and sovereign. However, analysis against public-interest criteria reveals significant tensions between these stated goals and the proposed architecture. To evaluate the Digital Euro payment system, we use six criteria that consistently emerge as priorities in citizen surveys, Internet governance debates, and open digital infrastructure design: privacy; security; usability, inclusion & accessibility; freedom from transaction costs; tax collection & income transparency; and sovereignty through open source (FLOSS)[4]. For comparison, we examine GNU Taler, an open-source payment system that takes an alternative architectural approach. GNU Taler is currently operational in Switzerland through Taler Operations AG[5].  THE CORE PROBLEMS PRIVACY THROUGH PROMISES, NOT DESIGN The online Digital Euro relies on an account-based architecture[6] requiring full identification by banks and Payment Service Providers (PSPs). There is zero privacy from them – they know and monitor everything the user does as with credit cards today.  The ECB receives transaction data through the DESP (Digital Euro Service Platform), but claims to use pseudonymisation and encryption techniques to prevent direct linkage to individuals. However, PSPs have full visibility of user identities and transaction details, and the centralized architecture with unique DEAN (Digital Euro Account Number)[7]identifiers creates technical capability for re-identification through behavioral pattern analysis, even if policy promises claim otherwise.   This is fundamentally a trust model: users must believe intermediaries’ promises that they will not exploit or share the data (until they get hacked or e.g. being privatized). The offline variant of the digital euro offers cash-like anonymity while devices remain disconnected, but constrained by strict transaction limits designed to prevent money laundering and tax evasion and to mitigate the fact that such a solution cannot be secure and prevent two-sided anonymous spending that could be hidden from taxation.  THE OFFLINE SECURITY PARADOX Fully offline payment systems face an unsolvable mathematical problem: double-spending. Without real-time network connectivity to verify that a token hasn’t already been spent, a malicious actor could theoretically duplicate and spend the same digital token multiple times. While secure hardware elements can mitigate this risk, such protections have always been compromised historically. The ECB’s response to this inherent weakness, is very low transaction and holding limits, which simultaneously undermines the system’s usability and inclusion objectives. This creates a paradox: offline mode exists to provide cash-like privacy, but the security constraints required will make it too limited for everyday use. INCLUSION WITHOUT INNOVATION Despite its framing as an inclusion initiative, ECB documentation explicitly acknowledges that onboarding, authentication, and usage barriers will not differ materially from existing digital payment solutions.  Around 13.5 million people[8] in the euro area are non-bankable. As access to the Digital Euro will again be given through the existing banks and PSPs, any change to this number is highly unlikely.  Furthermore, the Digital Euro’s reliance on modern smartphones (Android or iPhone) creates additional exclusion barriers beyond the existing requirements for government-issued identification and KYC verification, many people lack access to compatible devices or the technical literacy needed to navigate authentication systems. THE SOVEREIGNTY BLIND SPOT Perhaps most striking is the absence of binding Free Libre Open-Source Software (FLOSS) requirements. Despite explicit EU-level policy commitments to open source in public digital infrastructure, ECB procurement documents do not mandate open-source licensing. This creates long-term vendor dependency, reduced public auditability, weakened democratic oversight and security opacity (vulnerabilities hidden in proprietary code).  For critical monetary infrastructure, arguably more important than any other government system, this represents a significant failure of digital sovereignty. And the fact that the Digital Euro will only work on Android mobiles and iPhones, both US corporate ecosystems, is another proof that sovereignty is far from being addressed in this project. To illustrate what would be possible with exiting FLOSS technology and to compare it to the payment solution design of the ECB for the Digital Euro, let us look at the GNU Taler design. GNU Taler was developed over the past decade and in 2021, the Swiss National Bank published Working Paper 2021-03, “How to Issue a Central Bank Digital Currency,” co-authored by cryptography pioneer David Chaum, GNU Taler founder Christian Grothoff, and SNB official Thomas Moser[9]. The paper proposes a token-based CBDC architecture based on the GNU Taler protocol. HOW GNU TALER WORKS GNU Taler implements a cash-like payment system with asymmetric privacy: cryptographically[10]guaranteed anonymity for payers combined with full transparency for recipients. At the level of technical architecture, a token-based (not Distributed Ledger Technology (DLT) based) system using blind signature cryptography and mathematically guaranteed payer anonymity is in place. The system cannot link payments to spenders, even if forced to do so. Recipients remain fully identifiable, enabling income transparency for taxation. No user accounts, identity-based fraud, or tracking infrastructure are possible Key Innovation here is the security through data minimization, not data protection. What doesn’t exist cannot be stolen, leaked, or abused. COMPARISON: TALER VS. DIGITAL EURO PRIVACY The online Digital Euro is fully account-based and requires identification, giving banks and payment providers complete access to users’ transaction data and leaving privacy dependent on institutional promises that can fail through misuse or breaches. Its offline version offers anonymity but only for small amounts and relies on a mathematically fragile design that is inherently insecure. The offline anonymity may be wiped out once the wallet is reconnected tothe central system. In contrast, GNU Taler provides cryptographically enforced anonymity by never collecting payer data at all. Privacy is guaranteed by design, not policy. As a result, GNU Taler offers unconditional and durable privacy, while the Digital Euro offers either none online, or temporary, but mathematically insecure privacy offline.  SECURITY The online Digital Euro centralizes identity and transaction data, making it a prime target for cyberattacks and leaving risks like fraud and account takeover unchanged. Its offline version is vulnerable to double-spending and depends on historically fragile hardware security. GNU Taler avoids these threats entirely by eliminating user accounts and centralized databases, drastically reducing fraud risks to mainly device theft, which can be managed through available backups. Overall, the Digital Euro brings  nothing new online and introduces new weaknesses offline, while GNU Taler achieves security through data minimization. INCLUSION & USABILITY The online Digital Euro requires full identification, KYC compliance, and access to modern smartphones, effectively reproducing the same barriers that already exclude non-bankable and low-tech users, while its offline mode only allows very small payments and still depends on smartphone hardware, whereas GNU Taler enables digital payments with a single click authorization, offering cash-like simplicity that  even fits the needs of non-literate users, making it genuinely inclusive compared to the Digital Euro’s continued reliance on traditional account creation, identification and multi-factor authentication. TRANSACTION COSTS Although the Digital Euro is advertised as “free for basic use,” intermediaries still need compensation, meaning merchants will pay for infrastructure, compliance, and fraud, whereas GNU Taler is built around near-zero transaction fees, with its Free/Libre Open-Source Software (FLOSS) model removing licensing expenses and enabling economically viable micropayments down to fractions of a cent. So instead of merely shifting fees from Visa/Mastercard to European banks as in the case of the digital euro, GNU Taler delivers real structural cost reductions and significantly lowers fraud-related expenses to benefit all stakeholders. TAX COMPLIANCE For tax compliance, the online Digital Euro enables full transaction surveillance with complete visibility into user activity, while its offline mode allows untraceable cash-like payments limited to small amounts that neither fully prevent abuse nor resolve evasion risks, whereas GNU Taler structurally enforces transparency on merchants’ and recipients’ income without monitoring individual payers-ensuring taxes are collected where money is received rather than where it is spent-uniquely combining strong privacy with effective tax enforcement. SOVEREIGNTY The Digital Euro is likely to depend on proprietary systems, creating vendor lock-in and reliance on US-controlled devices and software ecosystems, and even if built by European firms, closed licensing prevents independent security audits, limits adaptability to evolving policy needs, and ties long-term operation to vendor survival and goodwill, whereas true digital sovereignty requires control over the code itself rather than the provider’s nationality, something GNU Taler achieves as fully Free/Libre Open-Source Software that is publicly auditable, vendor-independent, and deployable across platforms without reliance on specific technologies, delivering complete digital sovereignty. QUICK COMPARISON  CriterionDigital Euro (Online)Digital Euro (Offline)GNU TalerPrivacyAccount-based with full identificationStrong anonymity while offlineCryptographic payer anonymitySecuritySame as for credit cardsDouble-spending vulnerabilityNo ID fraud/Account take over, no data theft possible.UsabilitySimilar to current methods.Limited by transaction capsCash-like simplicityCostFree for basic use; intermediary fees remain and merchants always payAs for online version with high hidden costs (fraud, hardware)Near-zero fees by designTax TransparencyAll transaction details recordedCash-like untraceable transfersIncome transparency onlySovereigntyProprietary software dependencyProprietary hardware & software dependencyFully open source   CONCLUSION: ETHICS AS THE FOUNDATION OF DIGITAL MONEY At its core, the debate between the Digital Euro and GNU Taler is not merely technical or economic—it is fundamentally ethical. Digital payment systems shape power relations between citizens, institutions, and the state. When infrastructure is built around surveillance, centralized control, and proprietary technologies, it normalizes the erosion of privacy, weakens democratic oversight, and concentrates authority in the hands of a few intermediaries. Even when justified in the name of security or efficiency, such architectures risk transforming everyday economic activity into a source of continuous monitoring. The Swiss approach embodied by GNU Taler demonstrates that ethical design is not only possible but practical. By minimizing data collection, enforcing privacy through cryptography rather than policy promises, ensuring transparency where it matters for taxation and law enforcement, and relying on open-source principles, it aligns technological innovation with core democratic values: autonomy, accountability, inclusion, and sovereignty. Instead of asking citizens to trust institutions with vast amounts of sensitive data, it removes the need for such trust altogether through structural safeguards. Ethically responsible digital money should protect individuals by default, not conditionally. It should empower societies through openness, not lock them into opaque systems of control. As governments across Europe and beyond redesign monetary infrastructure for the digital age, the choice is ultimately between systems that can expand surveillance and dependency, and systems that preserve freedom, dignity, and public trust. The lesson from Switzerland is clear: ethical digital infrastructure is not an obstacle to progress, but it is the very foundation of a resilient, inclusive, and democratic financial future. -------------------------------------------------------------------------------- [1] It should be clear that ethics-by-design, privacy-by-design, transparency-by-design, and similar approaches demonstrate that a wide range of values can be taken into consideration during system development. However, they do not guarantee that these values will ultimately be realized. Incorporating such considerations into the design process nonetheless increases the possibility that these values will be embedded in the final system. (Brey, P., Dainow, B. Ethics by design for artificial intelligence. AI Ethics 4, 1265–1277 (2024). https://doi.org/10.1007/s43681-023-00330-4) [2] This distinction draws on debates about governance models in digital infrastructure, particularly contrasting centralized, top-down systems that prioritize control and standardization with decentralized, bottom-up approaches that emphasize transparency, participation, and trust. (Leese, Matthias. (2026). Benchmarking and Provenance: The Politics of Data Trust in EU Internal Security. International Political Sociology 20 (1): olaf042. https://doi.org/10.1093/ips/olaf042 [3] https://commission.europa.eu/about/departments-and-executive-agencies/digital-services/open-source-software-strategy_en [4] The analysis draws primarily on the ECB’s own documentation, publicly available information on the internet and the assessment framework developed in “Decoding the Digital Euro”, a book by Leon V. Schumacher. (2023). Decoding the Digital Euro: Friend or Foe? ISBN: 978-3-9525996-0-0.  [5]https://www.taler.net/en/news/2025-01.html [6]https://www.ecb.europa.eu/euro/digital_euro/timeline/profuse/shared/pdf/ecb.degov240325_digital_euro_multiple_accounts.en.pdf [7] https://www.ecb.europa.eu/euro/digital_euro/timeline/profuse/shared/pdf/ecb.dedocs220420.en.pdf [8] https://www.ecb.europa.eu/press/economic-bulletin/articles/2022/html/ecb.ebart202205_02~74b1fc0841.en.html [9] https://www.snb.ch/en/publications/research/working-papers/2021/working_paper_2021_03 [10] https://en.wikipedia.org/wiki/Blind_signature The post Open Source vs. Closed Control: How Switzerland Built Better appeared first on ISOC Switzerland Chapter.

Are you interested in shaping the future of the Internet in Europe? This is a great opportunity for young people in our community to engage directly in European digital policy discussions. The European Dialogue on Internet Governance (EuroDIG) is the European regional event of the United Nations Internet Governance Forum (IGF). Each year, it brings together 600–900 stakeholders from across Europe, both on site and online, to discuss key issues related to the future of the Internet. The messages emerging from these discussions are published and presented to the European Commission, the Council of Europe, the UN Internet Governance Forum, and other relevant institutions. EURODIG 2026: KEY DETAILS * Dates: 26–27 May 2026 * Location: Charlemagne Building, European Commission, Brussels * Host: EURid, the registry for the .eu domain name * Special milestone: Celebrating 20 years of .eu, marking two decades of trusted digital identity in Europe YOUTHDIG 2026: FULLY FUNDED YOUTH PARTICIPATION The Youth Dialogue on Internet Governance (YOUthDIG) is a programme designed to empower young people aged 18–30 to actively participate in EuroDIG. YOUthDIG: * Fully funds participants’ travel to YOUthDIG and EuroDIG * Introduces participants to European digital policies and current Internet governance issues * Provides capacity-building training to enable meaningful participation in EuroDIG sessions * Includes intercultural activities and a strong peer-learning environment * Supports young people in contributing their perspectives to policy discussions The programme begins with four online webinars, followed by a three-day in-person pre-programme, and then continues directly into EuroDIG. * YOUthDIG dates: 22–25 May 2026 * EuroDIG dates: 26–27 May 2026 APPLY NOW The call for applications for YOUthDIG 2026 is now open. We strongly encourage members of our community to apply and to share this opportunity with others who may be interested in contributing to discussions on the future of the Internet. More information and the application details are available here: https://www.eurodig.org/get-involved/youthdig/#tab-call-for-application-26 Thank you for supporting and empowering the next generation of digital leaders. The post Call for Applications: YOUthDIG 2026 & EuroDIG in Brussels appeared first on ISOC Switzerland Chapter.

A small group of experts from ISOC-CH, the pEp (pretty Easy privacy) project, former Planck Security AG/SA, Cisco and Google gathered on Thursday, Oct 29 at L200 to discuss the last developments in the email encryption space, securing email, beyond the body to header protection. The cozy Happy Hour approach gave the base for a longer discussion which started by two input talks on the topic. INPUT 1: THE MOTIVATION (WHY WE SHOULD CARE ABOUT EMAIL ENCRYPTION) by Hernâni Marques (ISOC-CH) The first talk by Hernâni Marques (ISOC-CH, formerly pEp) gave some motivational arguments for why it still matters to care about email encryption, given, e.g., the fact that email is still the most widely distributed identity system for services on the Internet, with virtually no service allowing a proper sign up without an email address which also has the advantage that pseudonyms can be used avoiding to (directly) reveal one’s identity. There was also emphasis put on the existing Mass Surveillance practices — over 10 years ago, former national security contractor Edward Snowden showed the pervasive nature of US-led Mass Surveillance. It can be assumed the existing practice got even reinforced in the meantime. Also Switzerland engages in practices of Mass Surveillance — a respective secret service law was approved with majority vote by the Swiss population, making the also mentioned cypherpunk movement’s core point real privacy for citizens, enterprises or even the very own government, can only be achieved by technical means, that is, using cryptography. INPUT 2: TECHNICAL DEVELOPMENTS (THE RFC 9788 STANDARD) by Bernie Höneisen (Ucom.ch / ISOC-CH) On the second input talk, Bernie Höneisen (Ucom.ch / ISOC-CH) showed ongoing developments from the IETF space which aim at making email encryption more accessible and useful. Main focus was put on the latter part. Using S/MIME or PGP/MIME, emails can be protected body-wise. However, the protection of current email systems typically does not include the header section. But the latter may contain sensitive information; e.g. the Subject header field might give enough clues on what a communication is about (without even knowing the messages’ content). To also protect sensitive information contained in the header section of an email, the IETF recently published a new standard (RFC 9788). In addition to protecting header fields, the document provides means to protect against a few other attacks as well as mechanisms to avoid protected information inadvertently leaking to unprotected (parts of) reply or forwarded emails. As Bernie pointed out and as it can be seen in his slide deck, tests in the past showed that existing header protection attempts showed different kind weaknesses in rendering emails. This included artifacts like having to click on attachments to open an email or even getting nuisance warnings regarding security. Using RFC 9788, also legacy email clients can render the received message without major issues. RFC 9788 describes in details how emails with header protection are created, rendered and replied to in a secure and private manner. Furthermore it includes test vectors and a lot of other useful information. Along with RFC 9788, the IETF also published RFC 9787 providing guidance on End-to-End Email Security for implementers of email systems. OPEN DISCUSSION The discussion following the above was vivid with every person present playing an active role able to talk at length, leading to a few non-obvious take-aways: * People don’t seem to care a lot about email encryption, while the government even has legislation in place targeting that channel (in CH: BÜPF and NDG) * The email system is a legacy system and (because of interoperability) difficult to fix * end-to-end encryption (E2EE) in email is an exception, while most organizations, which use encryption, use S/MIME internally * Other (popular) messaging systems failed at replacing email, and its letter rather than chat / office room character; in that sense subject protection, for setting a topic, is very helpful * Encryption between email servers, which got momentum after Snowden revelations, like widespread HTTPS use, might be enough to solve “80% of the issue with 20% of the effort”, as one participant put; even though this not being a true E2EE solution. * Companies hesitant to E2E email encryption due to legal requirement or preserving information after a employee moves on ABOUT THE EVENT FORMAT The Happy Hour format proved to be a nice way to discuss a topic in an easy atmosphere, with the social aspect playing a bigger role than normally, this by the soon break of the line between presenters and (interested). Happy Hours are a suitable format for events where ISOC-CH members want have to a topic discussed and elaborate on a topic with an expert group, and not just to present a piece of content without the expectation of much engagement. The post EVENT SNAPSHOT: ISOC-CH Happy Hour on email encryption appeared first on ISOC Switzerland Chapter.

From 21–23 November 2025, the Miljenko Dereta Center in Belgrade hosted DESCON 9.0. Organized by the Internet Society – Serbia Chapter, this year’s conference carried the theme “Trust and Power: AI is a Harsh Mistress.”Participants from diverse fields—developers, researchers, activists, artists, and technologists—gathered to explore how today’s technological infrastructure is reshaping society. The event once again distinguished itself through its interdisciplinary reach across ecology, open hardware, digital rights, citizen science, and artificial intelligence. Opening the conference, Desiree Miloshevic, DESCON’s founder, reminded the community that DESCON is where hands-on experimentation meets policy. What began as a small IoT and security meetup has grown into a platform for sustainable connectivity, civic innovation, and climate technology. She called on participants to question assumptions, collaborate across sectors, and build technology that protects dignity and the public good. The keynote by Marianthe Stavridou, Vice-Chair of the Internet Society – Switzerland Chapter, traced a line from Plato’s Cave to the algorithmic systems shaping our perception today. She warned of a drift toward “technofeudalism”, where data becomes the ultimate commodity in the hands of a few. The message is clear: AI is not the fate of humanity but its mirror—ethics, transparency, and openness must guide its developments. The Finnish researcher Jari Arkko spoke remotely, examining AI’s massive and growing environmental footprint, from energy-hungry data centers to costly hardware. Yet he emphasized that AI can still be a net-positive force when used judiciously to optimize energy systems in transport, buildings, and industry. Sometimes, he noted, the best solution is not AI. Later, Urs Gehrig demonstrated how AI is transforming reliability engineering across sectors, from automated train inspections to integrated data systems. His takeaway: AI succeeds when organizations collaborate, understand their processes, and move beyond proofs-of-concept toward practical deployment. Andrijana Gavrilović of the Diplo Foundation unpacked why global AI governance remains slow and fragmented. Drawing on the work of the UN High-Level Advisory Body on AI, she highlighted recommendations for a scientific panel, regulatory interoperability, global data frameworks, and a smaller but focused UN AI office. With forums like the Global Digital Compact taking shape, she stressed that AI is global—and its governance must urgently catch up. From the UNDP, Slobodan Marković reflected on Serbia’s early AI leadership through its 2019 strategy and institutions like the National AI Institute and the national data center. But momentum is fading: political backing has weakened, pilots have stalled, and the upcoming AI strategy lacks a funded action plan. Serbia’s future AI progress, he argued, depends entirely on renewed political will and sustained investment. The Share Foundation team—Andrijana Ristić, Tijana Stevanović, and Filip Milošević—offered a clear-eyed analysis into global spyware operations and Serbia’s own NoviSpy case. They warned that spyware is now an expanding industry threatening not just individuals but democratic systems. Encryption is meaningless if the device is compromised, they stressed, and “I have nothing to hide” is not a defense but a dangerous surrender of rights. The workshop “AI Is a Harsh Mistress” tackled the promises and risks of autonomous decision-making. One group highlighted the strain data centers place on power grids, the erosion of coding competence due to AI assistance, and conflicts between commercial and human-centered AI models. Another group emphasized existing EU protections—such as GDPR Article 22—while noting that enforcement lags behind technological reality. Both agreed on the need for human oversight, stronger legal safeguards, and attention to how AI disproportionately affects vulnerable communities. The DESCON 9.0 Hackathon launched with high energy, challenging teams to upgrade KLIMERKO, the citizen-science air-quality network born at DESCON 7.0. Teams explored new sensors, solar-powered prototypes, LoRaWAN connectivity, indoor TFT displays, and predictive models combining Klimerko data with weather forecasts. Across three days, DESCON 9.0 showed how bottom-up initiatives can bring together people from different disciplines to confront the defining challenges of the algorithmic age. The event underscored a shared belief: technology is not an inevitable force but a human choice. The systems we design must elevate dignity, strengthen trust, and distribute power fairly. The labyrinth of the digital future may be complex—but navigating it is a collective effort. Many thanks to Desiree Miloshevic Evans, Ivan Jelić, Milena Milivojev, Jan Krasni, Božidar Tanasković, Vanja Stanić, the team and the Internet Society – Serbia Chapter for an inspiring and unforgettable event. The post DESCON 9.0: Navigating Trust and Power in the Algorithmic Age appeared first on ISOC Switzerland Chapter.

From 7th to 8th of November over 1,000 programmers, activists, academics and business leaders have gathered in Bolzano, South Tyrol, Italy for the 25th edition of the South-Tyrol Software Freedom Conference (SFSCON). Given the huge dependency of European businesses and administrations on American Big Tech companies, which the current US administration is not hesitant to use as leverage in international relations, Digital Sovereignty has been one of the key topics1 of the conference. Discussions ranged from how Free and Open Source Software (FOSS) can make communities resilient in times of crises, efforts to put existing interoperability requirements into practice, how Free Software communities can assist policy makers in switching to FOSS, to funding opportunities for Free Software by means of * regulatory requirements of the European Union’s Cyber Resilience Act (CRA), * effective public procurement policies which favor Free Software while preventing open washing, or * direct public investments into innovative ecosystems. In addition to attending the informative conference talks, we’ve used the opportunity to connect with our fellow NGI Zero consortium members from OW2 and FSFE, who were both present with booths at the conference, and discuss recent European developments in the realm of Free Software like the upcoming Digital Commons European Digital Infrastructure Consortium (DC-EDIC) and what one can expect from them. Our main takeaway from this year’s SFSCON is a somewhat surprising concurrency of encouraging and discouraging developments in Europe when it comes to the role of Free Software: On the one hand European institutions cut funding for important and successful FOSS projects and increase their dependency on US Big Tech in, e.g., schools, while at the same time making provisions for Free Software in landmark legislation like the CRA or institutionalizing FOSS efforts in, e.g., the European Open Source Academy or the aforementioned Digital Commons DC-EDIC. This situation shows that there is more advocacy work to be done to realize the full potential FOSS offers to achieve Digital Sovereignty. The (unfortunate) fact that we were the, to our knowledge, only Swiss organization at the conference is symptomatic of the – with few laudable exceptions – low importance Swiss policy makers and businesses assign to FOSS. We’re convinced that Swiss administrations, businesses and society at large would stand to benefit from engaging with and learning from the experiences our neighbors make with Free Software. 1. The others being: Health, Engineering, Cybersecurity, Open Hardware, Automation, Fediverse, Skills & Training, Culture, Data Spaces, Community Building. ︎ The post SFSCON 2025: The ever-growing importance of Free Software appeared first on ISOC Switzerland Chapter.

The 10th edition of the South Eastern European Dialogue on Internet Governance (SEEDIG 10) convened in Athens under the theme “A Decade of Dialogue and Cooperation: What’s Next?” The event brought together policymakers, regulators, academics, civil-society representatives, technical experts, private-sector leaders, and youth delegates from across South Eastern Europe to reflect on a decade of digital transformation — and the dilemmas that accompany it. Returning to Athens, where the first global Internet Governance Forum (IGF) was held nearly twenty years ago, lent the event symbolic resonance. Yet SEEDIG 10 was far from a nostalgic gathering; it was forward-looking and, at times, uneasy. A decade on, the region continues to grapple with a central question: how to pursue digital innovation without compromising democratic accountability or sovereignty. A major strand of discussion focused on artificial intelligence (AI) and the digital transformation of public administration. Greece’s gov.gr platform was presented by government officials as a regional model for digital public services. By unifying over 1,500 state functions — from tax filing and healthcare to business registration — under one single digital identity, gov.gr aims to transform how citizens interact with the state. Yet its success also exposes structural dependencies. The platform’s reliance on partnerships with major global technology providers sparked debate over data sovereignty, infrastructure localisation, and long-term control. As a participant said innovation without autonomy risks replacing old inefficiencies with new dependencies. In parallel, Greece has taken visible steps to strengthen digital skills and AI literacy in the public sector and education. The government has recently signed agreements with OpenAI (Initiative: OpenAI for Greece) and Google Greece (Initiative: AI for All) to promote digital capacity-building and “transform public service with AI.” The OpenAI for Greece memorandum, announced in September 2025, introduces ChatGPT Edu in upper-secondary schools and provides teacher training. It also offers mentoring for start-ups in the health, climate, and public-service sectors. Google’s AI for All initiative, launched in 2024, will provide hands-on training for hundreds of civil servants in AI applications, data analysis, and modernisation practices, according to government officials.  While these initiatives demonstrate a strong political commitment to digital upskilling and reskilling, SEEDIG 10 participants urged a more critical reading. Vendor-led training — even when labelled a partnership — risks embedding dependence at the level of tools, methods, and institutional knowledge. When the same corporations that dominate global data and AI markets are entrusted with training governments and educators, the boundary between capacity-building and market capture becomes blurred. Without parallel investment in publicly governed expertise, open educational frameworks, and national research capacity, such collaborations risk deepening the dependencies of every country that seeks to remain independent. Furthermore, the European Union’s ambition to maintain a common area of research and development may be jeopardised by dependence on U.S.-based private vendors. With this approach, EU member states could undermine the Union’s efforts toward a sustainable, ethical, and independent digital ecosystem. Debates around the EU AI Act, the Digital Services Act (DSA), and media sustainability reflected similar tensions. Participants broadly welcomed Europe’s regulatory ambition but warned that outsourcing compliance to the same dominant technology companies undermines accountability. Smaller markets in South Eastern Europe face the dual challenge of aligning with EU frameworks while building independent infrastructures that protect local media, data, and civic space. Behind these regulatory discussions lay a quieter but crucial theme: technical resilience. Panels on routing security, domain-name management, and universal acceptance underscored that regional strength depends not only on regulatory compliance but also on sustained investment in infrastructure, expertise, and governance capacity. Youth participants brought energy and sharp insight, challenging older generations to move beyond symbolic inclusion. Their workshops on AI ethics and cybersecurity called for youth-driven monitoring of digital rights, greater transparency in policymaking, and stronger support for regional innovation networks. SEEDIG’s commitment to intergenerational dialogue reflects its broader ethos: an open, inclusive, and multistakeholder approach to digital governance. The issues raised at SEEDIG 10 — from AI governance to data sovereignty — resonate deeply with the priorities of the Swiss Internet Society (ISOC-CH). Switzerland, too, must navigate the balance between technological innovation and digital self-determination. Questions of trust, accountability, and open standards are not regional but universal. By linking discussions across Europe’s regions, SEEDIG and ISOC-CH can jointly strengthen efforts toward an open, resilient, and rights-based digital future. This time, Athens provided an apt metaphor: a meeting place of historic ideals and modern contradictions. For South Eastern Europe, the question is no longer whether to embrace the digital age — but on whose terms; because, as another participant said, innovation without sovereignty is not progress. ISOC-CH members are encouraged to follow SEEDIG’s initiatives, contribute their expertise, and participate in shaping the next decade of digital governance across Europe. The post SEEDIG 10: Innovation without Sovereignty is Not Progress appeared first on ISOC Switzerland Chapter.

On September 28, 2025, the Swiss electorate will decide the fate of the Federal Act on Electronic Identity Credentials. This legislation proposes the introduction of a state-issued electronic identity, a centralized digital credential designed to streamline access to public and private services alike. While the Federal Council and Parliament advocate for its adoption, a coalition of civic organizations has successfully triggered a referendum, ensuring the final arbiter will be the citizenry. The shadow of the 2021 vote, where a similar proposal was resoundingly defeated, looms large over the debate. Proponents frame the E-ID as an indispensable cornerstone of Switzerland’s digital infrastructure. They contend that a state-controlled system, bound by strict legal and security frameworks, offers a superior alternative to the current patchwork of private commercial logins, thereby fostering greater public trust. The government assures that the E-ID will remain voluntary and free of charge, positing it as a tool of inclusion rather than compulsion. The practical advantages are presented as self-evident: a seamless, paperless conduit for administrative tasks, financial operations, and civic duties, promising unparalleled efficiency. Economically, it is envisioned as a catalyst for innovation and a bolster to the nation’s competitive standing. The broad, cross-spectrum political endorsement is cited as testament to the proposal’s balance and robust design.  However, a closer look reveals significant misgivings. The current proposal is best understood as a hybrid model—not fully open-source, though not entirely a black-box system either. Detractors issue a sobering warning against the creation of a monolithic data repository, arguing that such a concentration of sensitive personal information presents an irresistible target for malicious actors, notwithstanding any promised safeguards. They challenge the very premises of the proposal, suggesting the E-ID is likely to be neither entirely secure, truly free, nor meaningfully voluntary in the long term. History offers a clear pattern of such tools evolving from conveniences into necessities—much as the credit card or mobile number became de facto requisites for participation in modern life. The potential for a similar trajectory here effectively nullifies the principle of voluntary use.  A critical technical objection lies in the system’s architecture not being fully open source. This opacity, critics argue, inherently slows the identification and remediation of security vulnerabilities. In such a model, the relentless search for flaws is ceded to adversaries, while the community of independent researchers and developers is sidelined. This creates a fertile ground for “zero-day exploits” and ensures that when a breach occurs—a scenario treated as inevitable—its impact will be maximized. Additional misgivings include the risks of enrollment fraud and the implications of a centralized—rather than decentralized—digital identity model. Critical questions about data minimization and the exclusion of vulnerable groups, such as the elderly, remain largely unanswered. For opponents, a rejection of this proposal is not a rejection of digital progress itself. Rather, it is a battle for its soul. It’s about being for good and ethical digital progress: decentralized, open-source, and free. It is the affirmation that Switzerland can, and should, aspire to a more sophisticated model: one that is inherently privacy-respecting, decentralized, voluntary and truly worthy of public trust. The referendum presents a fundamental choice: is the E-ID a key to a more efficient and secure future, responsibly stewarded by the state? Or is it a step toward heightened surveillance and systemic vulnerability? On September 28, voters will weigh these competing visions and shape Switzerland’s digital destiny. Marianthe Stavridou PS. The Internet Society has championed  for all these values since the Internet’s early days and has weathered many turning points when the perceived urgency to “catch up” with rapid developments proved destructive. Preserving different options truly available, including non-digital choice, is essential if Swiss society is to defend itself against addiction, cyberattacks, and disasters. Taking slow, careful steps is a Swiss tradition; in this case prioritizing safety and resilience is more important than ever. The post The referendum is not a rejection of digitalization, but a battle for its soul appeared first on ISOC Switzerland Chapter.