lawyer

Re: Internet privacy laws in Switzerland

It's important to remember that your use of the internet is not always logged in the same place. Your ISP may keep some records, depending on which of their services you use. Before I go into a more detailed explanation I'll talk about what I know of the Swiss situation.

Generally things here are quite relaxed, there's no specific laws aimed at ISPs that I know of. This situation is very different elsewhere (example EU and US) where ISPs are compelled to hold detailed logs for long periods (they hate doing it, it's a lot of work!). The situation in these places scares me somewhat, and I'm glad that I'm living in a country which doesn't seem to want to sacrifice privacy/freedoms in the name of perceived security.

I run a server with about 50 domains on it (including this one). As far as I am aware I could go to jail for 5 years if I were to read any of the private emails which reside on the server. But this isn't really a problem - I have enough of my own email to read, let alone trying to read some of the 4,000 mails that go through the server each day!

Now onto the various ways you might use the internet and how it may be logged.

Your ISP - as long as the ISP isn't running a transparent proxy (I don't think many here in Switzerland do this) then your movements on the web aren't being tracked - at least not by your ISP. However - they may keep logs which tie your use of a certain IP address to you personally. This means that should you do something naughty, the police may ask your ISP who was using that IP address on a certain date/time. For example:

A specific website - All websites keep logs of some sort showing who visited them (recorded by way of IP address) and what those people did on their site and when, how long, etc. Mostly these are used for statistical purposes, but may also give some clues if the server has been hacked, or some othe illegal activity occurs. A classic example would be a child-porn bust. A few years back the authorities in the US set up a sting server to collect the names of people getting child-porn, they traced them with their credit cards and handed over the names of the Swiss ones to the authorities here who rounded them up. They could have also been traced from their IP addresses if their ISPs had kept logs (but this would have been a lot of work).

Your employer - if you use the internet from work then you should assume that all your traffic is going via a company proxy server, and this will be logged (for how long depends on the company). This is usually done to stop employees wasting time or surfing to places where they shouldn't (e.g. porn sites).

Instant message chats (skype, messenger) - These message exchanges go through central servers - therefore the potential exists for every conversation to be logged. Since these companies are usually quite large there would be a great temptation for governments to pressure them to have the logs (to scan for keywords for example). Remember the failed plot to blow up the planes over the Atlantic with liquid explosives? Apparently one of the pieces of evidence that led the police to the plot was also an IM chat. How did they know? Voice chats with these servers are generall established directly between the parties so the chances for the monitoring them are reduced. You should assume absolutely zero privacy on IM chats.

Email - Your email might not be held by your ISP - it could be located anywhere. For example in the case of google's gmail everything which ever passes through that account is never ever deleted (even when it appears like it has). Google's terms of use say that they can basically hand any of it to the authorities if all they do is ask. We discussed some of the issues with google and privacy on this thread. If your email is held by a larger provider the chance is greater (especially in the US) that the authorities have approached the company to ask them to allow them to monitor it.

So what does this mean for you? Well I believe your friend is correct to be concerned. I was recently sent an email from someone I know in Iran (not a friend, just someone I've chatted with before about some software development stuff). He asked me to help him open a bank account via email. I was a little upset with him because this may have brought me unwanted attention. It could be that I've been flagged in some giant database now because I corresponded with a guy from an evil country (i.e. one which will surely be on a watch list) about opening bank accounts.

Should you feel safer using the internet in Switzerland? Probably. But only if your use of it is limited to Switzerland. Chances are that many of the services you use are within the reach of governments with little regard for either the law or your privacy - whether you are innocent or not.