Translation by Chat GPT
"Whether it’s incidents of hate speech online or attackers who have radicalized themselves on the internet, there is a recurring demand from some politicians and parts of society for greater transparency in the digital realm, such as through messenger surveillance or mandatory real-name usage. At this point, it’s worth taking a look at Switzerland, where a significant expansion of internet surveillance is on the horizon. The fact that this reform is being carried out by regulation is not the only aspect that has drawn heavy criticism.
Switzerland's surveillance law distinguishes between telecommunications service providers (TSPs), which offer traditional public telecommunication services, and providers of derived communication services (DCSs). This second category is now in the sights of the "Post and Telecommunications Surveillance Service" (DÜPF), which broadly interprets its mandate in its report, extending surveillance requirements not only to traditional messaging services but also to cloud, document, and VPN services. The DÜPF openly criticizes the existing separation, which treats the first group more strictly, and wants to subject similar IT companies to the same surveillance obligations in the future.
Specifically, this means that online services with at least 5,000 users would be required to store metadata—such as IP addresses or port numbers—on file for six months. Additionally, these services would be compelled to assist the police and intelligence agencies in decrypting content. According to the independent Swiss online magazine Republik, this would mean that any website where users can send direct messages would be affected.
As a second change, service providers would have to identify their users. This would require submitting a copy of an ID card or driver’s license, or providing a phone number linked to a Swiss-registered SIM card, which would already be tied to an identity. Technical details like IP addresses are explicitly excluded from sufficiency in the Federal Council’s report.
After three similar attempts were blocked by Swiss courts, the government, represented by the Federal Council and the Federal Department of Justice and Police, has now chosen a different approach: the new surveillance regulations will be introduced not with parliamentary involvement, but through amendments to the ordinance on the surveillance of postal and telecommunications traffic (VÜPF) and the corresponding implementation rules.
The public consultation phase, which lasted for about three months, ended on May 6. This phase allows various groups to submit their feedback, but legally binding reviews do not exist, and there is no veto right. Republik calls it "a highly questionable approach from a democratic standpoint" to pursue this route through regulation.
According to the Federal Council and the Justice Department, the measure aims to "standardize certain information and allow for retroactive surveillance regarding user identification." Cooperation from companies in the telecommunications sector is deemed essential for effective monitoring of telecommunications traffic. Every surveillance measure must be validated by a compulsory measures court and "will not affect the general public, but solely suspected criminals." A spokesperson from the surveillance service also claimed, "Most companies will never hear from us and are already collecting this data."
Lawyer Jonathan Messner, who has studied the proposal in detail, disagrees in his conversation with Republik: "Those who claim the data is 'already being collected' are overlooking the fact that many users and providers do not want this—and are now being forced to do so." Indeed, creating an account on the affected websites until now required little to no personal information. Moreover, Messner points out that law enforcement agencies could request automated data from companies every five seconds and "build a complete history in real-time." He argues that with this, internet anonymity would be entirely eliminated, and Republik criticizes that the proposal "sounds like it was written by the Kremlin."
Many share this view. The association Digitale Gesellschaft expressed in a statement: "In the future, it would likely be impossible to use a chat app without having an official ID linked to it, either directly or indirectly." Not only individuals would be affected, but also "people bound by professional confidentiality, such as journalists or lawyers," as well as vulnerable groups like people with unresolved residency status or activists. The Committee on Transport and Telecommunications of the National Council also issued a statement at the end of April recommending rejecting the initiative.
Another aspect highlighted in both statements is the "massive effort" the reform would require from small and medium-sized businesses to secure the new databases against cyberattacks. Digitale Gesellschaft concludes that "the obligations for pilot projects, non-profits, or open-source services would be so burdensome that many companies would be effectively forced to relocate or even not develop services." Furthermore, the regulation would make foreign tech giants like Meta more powerful, as Swiss laws would not apply to them.
The new measures specifically target encrypted communication services like Threema and Proton, both of which have already won legal battles against the DÜPF. Threema CEO Robin Simon has announced that the company is ready to launch a popular initiative "to prevent the expansion of the surveillance state." Proton CEO Andy Yen also remains defiant, emphasizing that "Proton will not comply with this extension of its obligations." He refers to "unjustified" requests to monitor climate activists in France or supporters of Catalonian independence. In the worst case, the Geneva-based company would leave Switzerland, Yen declared.
(hlk, May 17, 2025)
"Whether it’s incidents of hate speech online or attackers who have radicalized themselves on the internet, there is a recurring demand from some politicians and parts of society for greater transparency in the digital realm, such as through messenger surveillance or mandatory real-name usage. At this point, it’s worth taking a look at Switzerland, where a significant expansion of internet surveillance is on the horizon. The fact that this reform is being carried out by regulation is not the only aspect that has drawn heavy criticism.
ID, please
Switzerland's surveillance law distinguishes between telecommunications service providers (TSPs), which offer traditional public telecommunication services, and providers of derived communication services (DCSs). This second category is now in the sights of the "Post and Telecommunications Surveillance Service" (DÜPF), which broadly interprets its mandate in its report, extending surveillance requirements not only to traditional messaging services but also to cloud, document, and VPN services. The DÜPF openly criticizes the existing separation, which treats the first group more strictly, and wants to subject similar IT companies to the same surveillance obligations in the future.
Specifically, this means that online services with at least 5,000 users would be required to store metadata—such as IP addresses or port numbers—on file for six months. Additionally, these services would be compelled to assist the police and intelligence agencies in decrypting content. According to the independent Swiss online magazine Republik, this would mean that any website where users can send direct messages would be affected.
As a second change, service providers would have to identify their users. This would require submitting a copy of an ID card or driver’s license, or providing a phone number linked to a Swiss-registered SIM card, which would already be tied to an identity. Technical details like IP addresses are explicitly excluded from sufficiency in the Federal Council’s report.
By Regulation
After three similar attempts were blocked by Swiss courts, the government, represented by the Federal Council and the Federal Department of Justice and Police, has now chosen a different approach: the new surveillance regulations will be introduced not with parliamentary involvement, but through amendments to the ordinance on the surveillance of postal and telecommunications traffic (VÜPF) and the corresponding implementation rules.
The public consultation phase, which lasted for about three months, ended on May 6. This phase allows various groups to submit their feedback, but legally binding reviews do not exist, and there is no veto right. Republik calls it "a highly questionable approach from a democratic standpoint" to pursue this route through regulation.
According to the Federal Council and the Justice Department, the measure aims to "standardize certain information and allow for retroactive surveillance regarding user identification." Cooperation from companies in the telecommunications sector is deemed essential for effective monitoring of telecommunications traffic. Every surveillance measure must be validated by a compulsory measures court and "will not affect the general public, but solely suspected criminals." A spokesperson from the surveillance service also claimed, "Most companies will never hear from us and are already collecting this data."
"Like Written by the Kremlin"
Lawyer Jonathan Messner, who has studied the proposal in detail, disagrees in his conversation with Republik: "Those who claim the data is 'already being collected' are overlooking the fact that many users and providers do not want this—and are now being forced to do so." Indeed, creating an account on the affected websites until now required little to no personal information. Moreover, Messner points out that law enforcement agencies could request automated data from companies every five seconds and "build a complete history in real-time." He argues that with this, internet anonymity would be entirely eliminated, and Republik criticizes that the proposal "sounds like it was written by the Kremlin."
Many share this view. The association Digitale Gesellschaft expressed in a statement: "In the future, it would likely be impossible to use a chat app without having an official ID linked to it, either directly or indirectly." Not only individuals would be affected, but also "people bound by professional confidentiality, such as journalists or lawyers," as well as vulnerable groups like people with unresolved residency status or activists. The Committee on Transport and Telecommunications of the National Council also issued a statement at the end of April recommending rejecting the initiative.
"Massive Burden" for SMEs
Another aspect highlighted in both statements is the "massive effort" the reform would require from small and medium-sized businesses to secure the new databases against cyberattacks. Digitale Gesellschaft concludes that "the obligations for pilot projects, non-profits, or open-source services would be so burdensome that many companies would be effectively forced to relocate or even not develop services." Furthermore, the regulation would make foreign tech giants like Meta more powerful, as Swiss laws would not apply to them.
Threema and Proton in Focus
The new measures specifically target encrypted communication services like Threema and Proton, both of which have already won legal battles against the DÜPF. Threema CEO Robin Simon has announced that the company is ready to launch a popular initiative "to prevent the expansion of the surveillance state." Proton CEO Andy Yen also remains defiant, emphasizing that "Proton will not comply with this extension of its obligations." He refers to "unjustified" requests to monitor climate activists in France or supporters of Catalonian independence. In the worst case, the Geneva-based company would leave Switzerland, Yen declared.
(hlk, May 17, 2025)
