Switzerland
From 1 April 2003 Swiss Internet Service Providers (ISPs) will have to keep a log for six months of all the emails sent by their customers


The move has been criticised by experts who say it will be both difficult and costly to implement. Critics also argue that loopholes in the legislation will allow criminals to slip the net. ISPs have had over a year to comply with a change in the law under which they will now log customer activity, such as connection times, emails sent, addressees and senders.

The authorities will be able to access the stored data but only as part of an ongoing investigation into suspected criminal activities. However, the contents of emails will not be stored. Investigators will have to make a specific request to read Internet users private correspondence.

Search warrant

To access the ISP?s electronic logbook, an investigating judge will have to issue a search warrant; in some cases, suspects will have to be informed of proceedings. Only certain types of investigations will have access to the recorded data. Lawmakers chose to limit the types of crime where surveillance can be authorised to offences such as paedophilia and drug trafficking.

"The politicians weren't very pragmatic," said Nicolas Cruchet, an investigating judge in canton Vaud. "These restrictions undermine the value of the law." Until now, there have been no restrictions: a judge could simply ask the ISP to hand over the data. From now on, providers will turn over the data to a specially created Bern-based unit. But judicial experts believe this may not be enough to help investigators.

"The choice of what information can be stored was dictated by technical criteria rather than by the needs of the judicial authorities," said Thomas Hansjakob, an investigating judge in canton St Gallen."The lawmakers didn't want to overburden the ISPs."

Extra costs

ISPs still face difficulties implementing the new rules. Since the law was changed at the start of 2002, they have been installing new data-recording technology at considerable expense. Sunrise, Switzerland's second-biggest ISP, estimated that complying with the legislation would cost the company around SFr1 million ($730,000). Some smaller ISPs have threatened to pass the extra costs on to their customers. There have also been complaints of technical difficulties in implementing the changes.

"We don't expect to be fully ready on April 1," said Fabian Lucchi, head of Infomaniak, a Geneva-based ISP.

Infomaniak has around 100,000 email customers. The company has spent six months developing surveillance software to handle the workload. "We have to be able to filter 300,000 messages every day just in case we have to keep an eye on one of our customers," added Lucchi.

Storage space

Archiving the basic data requires a huge amount of computer storage space; doing the same for email content would be impossible, reckons Lucchi. "Storing everything for six months just defies the imagination," he said. After the six-month storage period, ISPs are expected to delete the records. The legislation may have little or no impact on criminals, and providers' efforts to comply may be all for naught.

Specialists questioned previously by swissinfo said loopholes would ensure that the chances of intercepting emails relating to criminal activities were low. They said criminals would only have to use an email address on a server abroad, like a free "hotmail" account, to circumvent Swiss law.

Loopholes

There are other gaping holes in the legislation: company and university servers are not covered by the new rules; and people using cyber cafés can escape surveillance.

Investigating judges may also be turned off by the cost of implementing email surveillance.

Federal law says ISPs can bill investigators SFr750 ($550) just for consulting their logbooks.

According to legal experts, the costs involved in really complex cases could easily run into tens of thousands of francs.

Key Facts

- Swiss legislation was changed in January 2002 to permit email surveillance
- ISPs had until April 1, 2003 to comply with technical changes required by law.
- Providers will have to keep electronic logs of email traffic for six months.
- Investigators will only be able to access data for specific criminal cases.
- ISPs will not log email content, but only basic data.

Source: Felix Rauch, President SIUG / Praesident SIUG, felix.rauch@siug.ch
SIUG -- Swiss Internet User Group: http://www.siug.ch/



Statewatch News online | Join Statewatch news e-mail list | Statewatch websites