Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

II. Surveillance policies

National security, government surveillance and law enforcement

The Swiss police system is traditionally strongly organised by the 26 cantons. Every canton has its own police force. However, in the last few years there have been substantial efforts to build up a central "Federal Police" corps (Fedpol), based in Berne.1 Fedpol has mainly investigative duties. For this purpose, a Federal Criminal Police has been built up since 1994.2 Other duties include the "prevention" of crimes. Fedpol publishes an annual report on "national security."3 Most of the expansion of Fedpol has been done in order to "fight against organised crime and terrorism."

Although the cooperation has been extended in various fields, there have been some tensions between Fedpol and cantonal police forces, and also inside governmental agencies. Therefore, the Controlling Commission of the Swiss Parliament (Geschäftsprüfungsdelegation, GPDel) demanded more efficient coordination of the different intelligence agencies of the Swiss Army and the Federal Police.4 With Effect from 1 January 2010, the military and domestic intelligence services are both located in the military department. Fedpol is no longer responsible for this matter.

Legally, the activities of the Fedpol are mainly based on the Bundesgesetz über Massnahmen zur Wahrung der inneren Sicherheit (BWIS).5 This law was enacted on 1 July 1998 following a scandal in the autumn of 1989, when members of a parliamentary investigative commission (the Parlamentarische Untersuchungskommission, or PUK) discovered huge databases of citizens in the premises of the Federal Police (the political police) and the Federal Prosecutor (Bundesanwaltschaft).6

Wiretapping, access to, and interception of communications

Whereas until 2003 interception was possible in all investigations relating to crimes and offences (crimes for which a prison sentence can be issued), the Federal Law on the Surveillance of Mail and Telecommunications (BÃœPF)7 prohibits any preventive interception and provides, for the first time, for a catalogue of offences. In the case of investigations of crimes and offences described in the catalogue, the department of public prosecution, with permission from the Zwangsmassnahmerichter, can order providers to hand over the archived data.8 The same catalogue is relevant for real-time interception cases. In this case, a judge can compel a provider to install a direct connection of all telecommunications to a specialised agency Le Service des Tâches Spéciales the STS.9 In March 2003, the catalogue of criminal offences allowing interception was extended, introducing provisions against the "financing of terrorism."10

On 21 October 2003, the Federal Court decided in a unanimous vote that, in the case of wiretapping, the Federal Prosecutor has the duty to inform the persons observed after surveillance has been carried out, including information about the reasons of the monitoring.11

National security legislation

After 11 September 2001, the Bundesrat (Government) ordered a report on security deficits in Switzerland.12 Following this report, the Justice Department has been assigned to prepare a revision of BWIS by the Bundesrat on 20 October 2004.

In July 2005, an internal consultation procedure was held with a first draft. One of the addressees was the Federal Data Protection and Information Commissioner.13 The first draft has been rejected after the internal consultation procedure. A second draft was published on 31 January 2006, and a public consultation procedure was held.14 The result of the public consultation procedure was very negative.

In April 2007, at the end of a year-long consultation process, the Bundesrat announced its intention to move ahead with a proposal to allow the Swiss secret services to be able to carry out communications surveillance -- correspondence, telephone, and email -- and observe private areas such as hotel rooms, if necessary by installing bugging devices. Proponents stated that the interception amendment would only concern cases that dealt with terrorism, weapons of mass destruction and spying. They would only be taken as a last resort and their legality checked beforehand. Critics from both the left and the right parties voiced concerns with the proposal, and the Data Protection Commissioner stated that the proposed changes are "dangerous because eavesdropping on citizens within their private sphere could take place without any criminal allegations."15 The revision will allow to spy inside private apartments or to tap telecommunications, even without the specific suspicion of a crime. Further, the discussed revision should include the possibility to operate secret "undercover agents" (verdeckte Ermittler), even for the means of "prevention," that is, in cases where no specific crime is under investigation.16 The majority of the Parliament accepted the governmental proposal, arguing that this would have been "a necessary tool against organised crime," like terrorism and money laundering.

On 28 April 2009, the revision of BWIS, formally presented to the Parliament on 15 June 2007, was rejected by the Parliament.17 However, the Bundesrat had already announced a further attempt at the revision. Officially, the events of 11 September 2001 was the reason for the BWIS revision, but the directors of the Federal Police and Intelligence forces demanded more power much earlier than this.

On the legal basis of the BWIS, the government decreed a regulation which compels all institutions "executing an official duty" to report any suspicion of "terrorist activity" to the federal police.18 These institutions include universities, hospitals, and train carriers. The regulation was first released on 1 November 2001, in the aftermath of the attacks of 11 September 2001, to sunset after one year. It was extended for another year, and in November 2003 was extended for two more years.19 The regulation is now valid until 31 December 2011.20

Since 1 January 2005, the police have been allowed to operate as undercover special agents. The law dealing with undercover agents passed Parliament on 20 June 2003 and has been in force since 1 January 2005.21 All investigations under this law require advance approval from a judge. Approval is only granted, if specific suspicion of a crime is proven by police. Undercover investigation is only applicable to severe crimes.22 From 1 January 2011, the judge for approval of undercover investigation (as well as post-telephone-Internet surveillance and investigative custody) will be the Zwangsmassnahmerichter in all cantons due to the new Criminal Procedure Code.23

In preparation for the European Football Championship (TM) of 2008 in Switzerland and Austria, the new anti-hooliganism law came into force on 1 January 2007. With a sunset at the end of 2009, it introduced stadium bans, a national hooligan database, travel restrictions for known troublemakers, and increased police powers.24 However, critics feared that the term "hooliganism" would not be restricted to football fans, since the law covers all kinds of "large public events", including political demonstrations. The National Swiss Security Strategy for EURO 2008 discussed a number of "risk situations" associated with the event, from terrorism to human trafficking and forced prostitution.25 On 1 January 2010, the Konkordat über Massnahmen gegen Gewalt anlässlich von Sportveranstaltungen (Agreement on Measures against Violence linked to Sport Events) came into force. The law carries over the prior regulations against hooliganism.26

Data retention

Swiss telecom providers have to keep a log for six months of all communications traffic data to comply with the Federal Law on the Surveillance of Mail and Telecommunications (BÃœPF).27 This law requires that the respective telephone companies constantly track phones and store the data collected.28

In a March 2004 revision of the Penal Code (Strafgesetzbuch), commercial companies are allowed to keep logs of phone conversations with their clients, even without their consent, for the purpose of securing evidence. However, they are not allowed to analyse this data for marketing purposes, or to give this data to third parties.29

On 19 May 2010 the Bundesrat started a consultation procedure for a revision of the BÃœPF.30 Telephone and Internet data must be stored for 12 instead of six months, Internet hosting providers must keep logs for 12 months, and police will be allowed to install Trojan horses and worms on private computers to gain passwords and monitor encrypted traffic like PGP (email encryption) or Skype (Internet telephony). Furthermore, Internet service providers must be able to assign every transaction to a specific person and the provider of an Internet cafe or a hotel must be able to distinguish between different guests. The consultation ends on 18 August 2010, but there is already significant opposition. As seen in the BWIS case, the Bundesrat will forward this revision to the Parliament anyway, but on current indications most probably the bill will not pass.

National databases for law enforcement and security purposes

The former Federal Police, now called the Service for Analysis and Prevention, is part of the Federal Office for Police Matters, which also includes the Federal Criminal Police. It hosts two databanks, ISIS, the Information System for Internal Security, which replaced the old paper files of the federal police, and JANUS.31 In April 2004, ISIS contained files on 60,477 persons who are considered terrorists, violent extremists or possible spies.32 Files are opened on "preventive" grounds, which means that no criminal investigation is required. However, data resulting from criminal investigations, and thus also from telephone surveillance, can be maintained for preventive purposes, even if the person is acquitted before a court.

After the disclosure of the registration with ISIS of some local parliament members in Basel, as well as reporters and a newspaper, the Committee for Inspection of Special Affaires (Geschäftsprüfungsdelegation or GPDel) started an investigation of ISIS in 2008. In its report released on 21 June 2010, the GPDel stated that 200,000 records are stored in ISIS. Many of the records do not comply with legal rules for storage.33

The other databank, JANUS,34 contained files of 62,500 persons in July 2001 and 83,700 in March 2004. Most of them were registered for alleged drug trafficking, since registration of consumers is not allowed. Files in JANUS can be created on the grounds of simple suspicion. In July 2001, the records on the 62,500 suspected target persons (Stammpersonen) also contained 116,500 references to third persons who are not suspected.35 More recent statistics are not publicly available.

The database GEWA of the Fedpol section on money laundering (Meldestelle Geldwäscherei) contained 10,884 persons and 4,170 companies in February 2004.36 The database for "searched people and objects" (Fahndungsdatenbank) RIPOL contained 142,625 entries for persons in January 2004, most of them being searched for minor offences.37 In February 2004, the main Fedpol register IPAS (Personen- und Aktennachweissystem or People and File Identification System) contained entries on 641,446 persons.38 IPAS is organised as an index to other databases, including the database of fingerprints AFIS and of genetic profiles EDNA (see below).39

On 31 December 2009 32,343 sets of two fingerprints and 726,347 sets of ten fingerprints as well as 52,069 unidentified samples from crime locations were stored in AFIS.40 At the same time 115,000 DNA-profiles were stored.

A draft for a new law on federal information systems for police was published in 2009.41 The different data bases for police matters should be linked to a new "police index". The Parliament will discuss this bill in late 2010 or early 2011. There is substantial opposition to the new law.

Finally, the police forces also demanded access to ONYX, the Swiss military satellite telecom interception system similar to ECHELON (see above).

National and international data disclosure agreements

There are several bilateral agreements on police cooperation between Switzerland and many other nations in Europe, which expand the types of collaboration among law enforcement authorities. The Swiss Federal Police is, in this regard, exchanging information and data with other countries.42 Concrete collaboration has been tested in the case of international political and economic meetings, like the G8 meeting in Geneva in June 2003 and the World Economic Forum meeting in Davos in January 2004. In January 2005, the Swiss government published an agreement on the collaboration with Europol, signed in September 2004. The agreement allows both parties to establish "exchange officers".43

Thousands of French and German police supported Swiss police during EURO '08 in June 2008.

Banking records are protected by the Swiss Federal Banking Act of 1934. This act was passed to guarantee strong protections for the privacy and confidentiality of bank customers. However, Switzerland has come under increasing pressure from the European Union and the Organisation for Economic Cooperation and Development (OECD) to weaken these laws and provide greater access to bank records for the purposes of tax collection. In reality, banking data have been transmitted illegally to the US in at least one case described at the end of this section.

On 17 June 2010, the Swiss Parliament approved a US-Swiss Government Agreement, which allows the Swiss Tax Administration to hand over data relating to approximately 4,450 accounts to the US Internal Revenue Service (IRS). This agreement followed a lawsuit concerning Swiss-based cross-border banking services for US private clients by UBS.44 On 15 July 2010, the Court for Federal Administration (Bundesverwaltungsgericht) rejected a complaint of a private person against a handover of data to the US IRS.45

Switzerland is not a member of the EU, but has some special agreements with the EU. Some of these bilateral agreements were signed in 2000 and 2001. In May 2004, the government decided to sign another set of agreements ("Bilaterale II").46 These contracts were approved by referenda, and Switzerland ratified the Schengen and Dublin Conventions on 5 June 2005.47 Further, some EU regulations must be implemented "automatically" in the Swiss legal order, like the regulation for passports described below.

The Schengen Convention establishes close cooperation among police forces, in order to combat international "criminal tourism" (Kriminaltourismus). The core subject of this agreement is the Schengen Information System (SIS), a pan-European database that records personal information on people who have been arrested, migrants, and missing objects48 (Fahndungsdatenbank) by the national police forces. In the summer of 2007, SIS consisted of 17 million entries. On 1 January 2010, SIS contained 31,618,951 records.49

A second generation database, SIS II has been established in 2006/2007 but it is still not operational.50 The SIS database is not only a tool against crime, but also a tool for enforcement of immigration conditions. By joining the Schengen acquis, Swiss police officers have full online access to the SIS database. The Swiss Department of Justice and Police (EJPD) calls the SIS "a revolutionary step for police work". Other parts of the Schengen Convention cover cross-border observation by national police forces and the exchange of police officers.

Data of wanted persons are transferred to SIS by the Swiss "Sirene" bureau. In 2009, Swiss police performed 183,000 queries daily in SIS, resulting in 24 hits a day. The reason for the enormous number of queries in SIS is a link from RIPOL to SIS. Every query to RIPOL is automatically passed to SIS.51

The Dublin Convention, created in 1990, establishes a European cooperation agreement to process applications from asylum seekers. Switzerland is now allowed to access "Eurodac," the pan-European database of fingerprints of asylum seekers and migrants.52 According to the Dublin Convention, asylum requests are checked only by one EU member state whose decision becomes binding for all other member states.

Cybercrime

In order to "fight cybercrime" a specific task force was established in 2003, the Coordination Unit for Cybercrime Control (CYCOS).53 CYCOS was a cooperating project between the Confederation and most of the Swiss Cantons. In 2005, the Canton of Zurich decided to participate as well. According to a newspaper report, CYCOS received about 6,500 hints from the public, most of them regarding child pornography and child abuse. During 2005, CYCOS forwarded 272 cases to the competent cantonal attorneys.54 CYCOS has been terminated, and Fedpol is now responsible for cybercrime.55

In December 2004, the Swiss government opened the consultation process on a revision of the Penal Code (Strafgesetzbuch, StGB),56 which consists mainly of regulating the criminal liability of Internet providers, stating: content providers should be fully liable for documents which are prohibited by law; hosting providers should not be liable at all; while access providers should be liable only if they participate actively in offering such documents. A second consultation process has been opened on a bill aiming at centralising the investigation of cybercrime cases at the Federal Police.57

On 1 July 2008, some minor changes in the Federal law on Copyright and Related Rights came in force.58 Private download of music and movie files is still allowed. A revision of the Penal Code concerning hacking of computers is currently under way. The handover of data gained from telephone and Internet surveillance to foreign authorities should become possible in a very early stage of investigation with the same revision.59

Critical infrastructure

No specific information has been provided under this section.

Territorial privacy

Video surveillance

More and more public transport companies are introducing CCTV in their vehicles. After a pilot test in 2002 and 2003, the Swiss Federal Railway company (SBB, now a private company, but still owned by the state) announced a large project to install surveillance cameras in trains.60 Until 2003, such surveillance was not allowed by law, neither was the operation of CCTV systems in train stations. In December 2003, a regulation was subsequently introduced, allowing the SBB to operate CCTV systems in train stations and inside trains.61

The city police of Zurich bought a new mobile camera system with capabilities for automatic car plate recognition(AFNES) to be operated in Zurich. It will be able to identify car plates and compare the results with the national database RIPOL. Since 12 December 2008, all queries to RIPOL trigger a query in the European database SIS automatically. With effect from 1 October 2008, the guidelines for speed measurement by police have been extended to allow average speed measuring (Abschnittsgeschwindigkeitskontrolle).62 A system with a set of two cameras installed along a fixed route records all front number plates using automatic number plate recognition and calculates the average speed of each vehicle. A first test system will start operation in September 2010; a second will follow later in the year.63 This pilot project is supervised by the Data Protection Authority, and no data may be used for any other purpose than speed measurement and fining of speeding drivers.

The growth of video surveillance in Switzerland is helped by the cameras getting smaller, cheaper and more sophisticated. This is especially true for the systems operated by private entities, such as shopkeepers or house owners. Also, more sport stadiums are installing CCTV cameras. However, opposition to camera surveillance is growing as well. The committee of the Swiss "Big Brother Awards" has organised several "excursions" on the subject of surveillance cameras in Zurich and released a map with camera locations in a city district of Zurich, as well as in the Zurich Main Train Station.64 The Federal Data Protection Commissioner published a leaflet explaining the legal conditions for private individuals to operate video surveillance cameras.65

The Swiss Air Force started operating Unmanned Aerial Vehicles (Drohnen, UAV) of the type "ADS 95 Ranger." They are produced in Switzerland by the company RUAG in Emmen (Lucerne), in collaboration with Israeli companies. On 6 January 2004, on a test flight, a military UAV observed a civilian car driving into a forest near Lucerne. The operators informed the local police patrol, who apprehended the car's passengers for smoking marijuana.66 According to a media report, the Swiss Air Force is operating one to four UAV test flights every day. The images of the cameras are recorded and stored for up to six months. During the 2008 European Football Championship, drones were used for traffic and crowd control. No attempts at face or car plate recognition were made.67 In total, 37 operations over 100 hours were performed in Basel, Bern, and Zürich. There were some complaints due to noise.68

In honour of this privacy invasion, the Air Force received one of four Swiss "Big Brother Awards 2004".69 On Easter Holiday 2005, the Army offered their UAVs to cantonal police forces in order to observe north-south traffic on the Gotthard route. For the celebration of International Worker's Day on 1 May 2004, the Zurich police asked the Air Force about using UAVs to observe the rally in Zurich from the air. These examples show strengthened collaboration between military and police forces.

For many years there has been no formal legal basis governing the use of army reconnaissance drones by the border police. At the request of the Commissioner, the Federal Council finally agreed to remedy this legal shortcoming and to also regulate the use of surveillance equipment for civilian purposes. The Commissioner has pointed out that the legal rules covering military information instruments need to be highly specific, and should cover not just the actual surveillance devices, but also the type and purpose of the surveillance.70 Since 1 January 2010 the Federal Law on Military Information Systems (Bundesgesetz über die militärischen Informationssysteme ar MIG) is in force. Its article 180 is the legal basis for drones.71

Location privacy (GPS, mobile phones, location based services, etc.)

No specific information has been provided under this section.

Travel privacy (travel identification documents, biometrics, etc.) and border surveillance

The identity card is machine-readable, as is the new passport, which became effective on 1 January 2003. On 15 September 2004, the Swiss government decided that the next edition of Swiss passports should include a chip with biometric data. The decision was based on a feasibility study by the Federal Police "Fedpol," commissioned in September 2003. This should allow Swiss citizens to fulfil the requests introduced by the US government after 11 September 2001 requiring that every visitor without a visa be able to present a passport with a biometric identity tag.72 In April 2005, the Swiss government declared that such a passport would not be available until September 2006 or later, due to the coordination of similar efforts of the European Union (EU).73 In September 2006 Switzerland issued its first biometric passports as part of a five-year pilot project. However, during the pilot phase, facial images were the only biometric data stored on the passports.74 The FDPIC reviewed and commented on draft revisions to the identity documents law and decree and was very critical of the plan to store biometric data in a central database.

This project has been terminated due to the new passport 2010. However, passports issued during the duration of this project remain valid.75

Since 1 March 2010, all new Swiss passports contain two fingerprints of the holder on their chips. This change was made in accordance with the Council Regulation (EC) No. 2252/2004 of 13 December 2004 on Standards for Security Features and Biometrics in Passports and Travel Documents issued by Member States. Additionally, fingerprints are stored in a central database located at the federal police (Fedpol) office in Bern. The whole electronic data transfer must be encrypted. Data of fingerprints are available for federal and cantonal police for identification of persons only. However, no biometric data are transferred from the database. A Boolean number (true or false) is sent after a query with passport number and fingerprints has been performed.76

Documents for foreigners with residency in Switzerland (Ausländerausweis) will contain data chips with fingerprints from 1 January 2011.77

The Schengen Agreement78 aims at creating a pan-European Security Zone, thus shifting the borders between European nations to the external borders of Europe. Inside Europe, people would be able to travel without the traditional border police control, while travellers from and to Europe would face strengthened border controls. However, the national police forces will be allowed to execute "mobile controls" in the 30km range along the borders, as well as in train stations, inside of trains, and at airports. The Schengen Agreement came in force on 12 December 2008. Even if the federal border police (Grenzwachtkorps) are allowed to perform "mobile controls", Swiss citizens are not obliged to carry a ID card.79

National ID and smart cards

In May 2004, the National Council began to debate the revision of the Law on Foreigners.80 The larger chamber of the Federal Parliament decided to include biometric data in foreigners' identity documents. The law would also provide a definite legal basis for the Central Register of Foreigners, which now holds data on about 4.5 million persons. In order to avoid so-called "faked marriages" (Scheinehen), the law provides that marriage officers (Zivilstandsbeamte) would be allowed to investigate the "honesty" of bi-national marriages. In June 2004, the National Council passed the law, despite strong opposition in the parliamentary commission concerned. The second chamber (Ständerat) discussed the bill in March 2005 and introduced even more severe restrictions for foreigners.81 The bill now goes back to the National Council. On 24 September 2006, the new law passed a referendum; it has been in force since 1 January 2008.82

According to a vote of the National Council in 2008, Switzerland's national identity card will be similar to biometric passports and introduced by 2010; the ID cards will include an electronically encoded photo and fingerprints on a chip. They will be in the "credit card" format already used for Swiss ID documents. They are to be provided at "family-friendly" prices.83

Sports facilities in Switzerland have begun using biometric access control systems. The FDPIC has conducted inspections of the systems and asked that biometric data, in this case digital fingerprints, be stored on the individual membership cards and not in a central database. At the Commissioner's request, the sports facilities inspected agreed to provide customers who refuse the registration of their biometric data with alternative solutions at the same price.84

RFID tags

No specific information has been provided under this section.

Bodily privacy

At the Zurich "Unique" airport, the cantonal Police of Zurich tested a pilot system for automatic face recognition between February and June 2003. Officially, the Face Recognition system (Farec) mainly aims at recognising people trying to immigrate without identity documents. This is the first test worldwide of face recognition in the context of boarder controls. During the test phase, 1,003 passengers from 277 flights were registered by Farec. In 81 cases, a search in the database followed, with ten hits and 17 misses. In December 2004, the Zurich Cantonal Government (Regierungsrat) provided a legal regulation (decree, Verordnung), extending the test phase until the end of 2006.85 Although quite sceptical about the usefulness of the system, the data protection officer of the canton Zurich accepted the decree.86

In November 2005, a pilot project using facial recognition for security during sport events started in Berne. One hundred season ticket holders at the local ice-hockey club were registered with a photograph on a voluntary basis. Cameras at the entrance and in the stadium were tested. The company responsible dubbed this pilot project a success, but there were no further projects.87

On 27 August 2008, the "round table against violence in sport" (Runder Tisch zur Gewaltbekämpfung im Sport) proposed to use facial recognition in train stations and stadiums. A project with one dedicated system was planned for 2009. Tests with biometric cameras were expected in all football stadiums of the highest league. However, there have been no tests so far. The new regulation for measures and data systems of Fedpol, in force since 1 January 2010, allows the handover of photographs from the hooligan database HOOGAN to the private security forces of sport events for their use in automatic face recognition.88

Footnotes