Switzerland Goes from Privacy Haven to Privacy Hellhole
Switzerland has been known for being a privacy haven for decades. For years it wouldn’t even reveal banking information to law enforcement except under really limited conditions. That is now distant history.
But now Switzerland is joining countries like Russia and China and instituting the ability to mass surveil its population (and even foreigners who use services based there) and eliminate any privacy that a user thought they might have. Crooks will, no doubt, figure out a way around it, but still the goal is to create 1984 in Switzerland.
So what are they planning to do?
First, service providers with more than 5,000 users must collect a government issued identification. I am sure this will be perfectly secure. I am not completely clear what constitutes a service provider. For example, is a private website that has more than 5,000 users a service provider? Google? Twitter? Facebook? Mitch’s web site? Who exactly is a service provider? It is also not clear who is exempt.
The next feature of this proposed regulation is that they have to retain subscriber data for six months. I assume that this means that so-called no-log VPN providers would be illegal. I also assume that the government doesn’t plan to pay the providers for all of the storage that is required. So, if you are a service provider that needs to spend, say, $10,000 a month, to store the required data – that is your problem.
Finally, in many cases, providers must disable encryption. Does that mean that everyone who runs a web server in the country must create a back door for government surveillance? Probably not, but there is not enough clarity yet.
Proton, the heavily privacy focused service company announced in July that they are spending more than 100 million euros to move their infrastructure out of Switzerland. I am guessing that if this rule really does get implemented, they will not be the only company to leave the country.
The founder and CEO of Proton says that a regulation like this would be illegal even in the United States, which only has a patchwork of state based privacy laws, each one being different and many only covering the very largest companies.
Swiss officials say not to worry, there will be “strict safeguards” against mass surveillance. What those might be are not being disclosed. And, after all, everyone trusts the government these days, right?
Proton’s CEO said that the only country in Europe with a similar law is Russia. Not a good comparison for Switzerland and for people who do business or live there, especially if you want to attract and retain businesses in the country.
The rule does NOT require parliament approval, although there is a public comment period, which, of course, does not require the government to listen to any of the comments or make any changes based on the comments.
If the government wants any of this sensitive data under the proposed rule, all they would need to do is ask. There is no requirement to explain to the court why they want it or get the court’s approval.
So, if you or any service that you use is based in Switzerland, welcome to 1984. We will see how they implement this.
Credit: The Record
by 