Introduction
Incumbent providers
Interception of internet services data
Interception of telephone services data
Missing clarification between telephony and internet services
Catch-all cause
Territorial scope of application
Technical, organisational and administrative requirements
Costs Ordinance
Further changes
The Lawful Interception Ordinance has been revised and entered into force on January 1 2012. Internet service providers (ISPs) now have a 12-month transition period in which to implement lawful interception. The need for this revision was undisputed. The revision was accelerated by two recent Federal Administrative Court decisions, which found the imposition of the lawful interception obligation on broadband and mobile devices to lack a sufficient legal basis. The major focus of the recent revision concerns the interception of data transmitted over the Internet.
According to the first draft of the ordinance, all ISPs – including providers of chat, blog and social media services, as well as operators of private networks – would have been subject to the lawful interception obligation. However, due to the strong criticism from ISPs during the consultation process, the application has been narrowed to include only internet access service providers.
Internet access service providers must either intercept the data themselves or contractually delegate the interception to a third party. Therefore, providers must not necessarily buy the equipment or implement measures to intercept data themselves, provided that the interception obligation is assured through third-party service providers.
Interception of internet services data
The ordinance also clarifies which data must be intercepted by defining 'internet access', 'applications' and 'data subject to interception'.
'Internet access' has been broadly defined to include:
- dial-up access to a network access server;
- broadband access;
- access through mobile packet data technologies (eg, General Packet Radio System or Long-Term Evolution);
- wireless access (eg, WiFi, Worldwide Interoperability for Microwave Access or the wireless local loop); and
- other access through Open Systems Interconnection Reference Model(1) Layers 2 or 3.
Similarly, nearly all applications fall under the scope of the ordinance, as it encompasses in a generic way synchronic and asynchronic mail services (eg, instant messaging and email), as well as telecommunication services based on digital media (including Voice over Internet Protocol (VoIP), audio and video).
The kind of data to be intercepted is described in a similar way as that which had to be intercepted under the previous ordinance.
Interception of telephone services data
Under the revised ordinance, providers of mobile telephony services must provide the Surveillance Authority with location data (eg, the cell ID and location identification regarding the antennae), even where no communication was established.
Missing clarification between telephony and internet services
Unfortunately, the ordinance does not clarify which services must be classified as telephony services and which as internet services. Clearly, the Surveillance Authority bases the distinction on customer perception, according to which VoIP services through a regular telephone fall under telephony services, whereas VoIP services through a computer are classified as internet services. With convergence, however, this distinction will become more and more opaque.
The ordinance contains a catch-all clause, according to which the Surveillance Authority may request all relevant interfaces from the telecommunications service providers; this will permit the authority to have access to data even if the particular interception case has not been explicitly specified in the ordinance. This catch-all clause is a response to the two recent Federal Administrative Court decisions, which found there was insufficient legal basis for the interception ordered by the competent authority. However, it is uncertain whether the catch-all clause will suffice for such purposes.
Territorial scope of application
The revised ordinance has further clarified the territorial scope of application. All mobile devices transmitting data through a Swiss telecommunications service provider – irrespective of the location of the device, the country code or the network – are subject to lawful interception. During the consultation procedure, ISPs indicated that it might not be possible for them to intercept data originating from services provided abroad or from services installed by customers themselves.
Technical, organisational and administrative requirements
The two court decisions regarding the lack of sufficient legal basis have also led the Surveillance Authority to be more transparent and to publish its technical, organisational and administrative requirements, which can be found at https://www.li.admin.ch/en/index.html.
Together with the Lawful Interception Ordinance, the Costs Ordinance has been revised to clarify which services will be compensated and the amount of the compensation.
The revision of the ordinance can be understood as a temporary solution. Until the current revision of the Lawful Interception Act is passed by the Parliament, it is expected that the ordinance will have to be revised again once that has occurred.
For further information on this topic please contact David F Känzig or Katia Favre at Thouvenin Rechtsanwälte by telephone (+41 44 421 45 45), fax (+41 44 421 45 00) or email ([email protected] or [email protected]).
Endnotes