No direct lawful interception of data
In Summer 2014 a number of anti-Semitic statements were posted on Facebook, several of which were posted under a pseudonym. As these statements violated the anti-racism provisions of the Criminal Code, the prosecutor commenced proceedings. In order to identify the person or persons behind the pseudonym, the prosecutor requested Facebook to provide the registration data and IP history of the concerned Facebook profiles for the past six months. The prosecutor based her decision on Article 273 of the Criminal Procedure Code and Article 32 lit(b) of the Convention of Cybercrime of the Council of Europe, which the United States ratified as a non-member. The wording of the convention is as follows:
"Article 32 – Trans-border access to stored computer data with consent or where publicly available
A Party may, without the authorisation of another Party:
b access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system."
The prosecutor requested that the Zurich Court of Appeal approve the surveillance order, as required under Article 273 of the code. The court refused and the prosecutor challenged the refusal before the Federal Supreme Court.
The question to be decided was whether Article 32 of the Convention of Cybercrime allows direct access to data stored with a provider abroad (in this case, Facebook in the United States) or whether the prosecutor was required to request the data through mutual assistance in criminal matters (ie, in application of the Mutual Legal Assistance Treaty of May 25 1973).
The Federal Supreme Court found that, according to Article 32 lit(b) of the convention, the Swiss prosecutor was entitled to request and receive data, but only with the provider's consent. Thus, Facebook could have consented to provide the data requested; but as it did not, the court held that the prosecutor must request the data through the procedures of mutual legal assistance in criminal matters.
Materially, the decision is correct, since the Swiss prosecutor had no enforcement means against Facebook in the United States without the support of the US authorities. However, the decision highlights the difficulties of preventing the spread of racial, discriminatory or other illegal content online.
A Facebook user posted a threat on his account stating that he would exterminate everybody. The post ended with the words "POW!!!! POW!!!! POW!!!!" and could be viewed by his 290 Facebook 'friends'.
The prosecutor found the user guilty of causing fear and alarm among the population according to Article 258 of the Criminal Code and issued a penalty order.
The user opposed the penalty order and the Criminal Court and the Zurich Court of Appeal confirmed the condemnation according to Article 258. However, the Federal Supreme Court reversed the decision, as it found that Facebook 'friends' cannot be considered as the 'population' (ie, the inhabitants of a certain region), in the sense of Article 258 of the Criminal Code.
As a new communication model, Facebook obliges the courts to interpret existing legal dispositions from a new angle. However, the biggest challenge remains the Internet's international dimension, which must be governed by national regulations. The enforceability of cybercrime and cyberactivity is thus limited and depends on the legal framework and willingness of prosecutors in different jurisdictions to cooperate.
For further information on this topic please contact David F Känzig or Katia Favre at Thouvenin Rechtsanwälte by telephone (+41 44 421 45 45) or email (firstname.lastname@example.org email@example.com). The Thouvenin Rechtsanwälte website can be accessed at www.thouvenin.com.
This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.