Swiss Surveillance Laws headed for nationwide referendum!

Swiss surveillance referendum

We are happy to announce that, due to the efforts of our users and allies, the Swiss Surveillance Law will be put to a vote by the Swiss people!

In September last year, the Swiss parliament passed a new surveillance law known as the Nachrichtendienstgesetzt (NDG) or la Loi sur le renseignement (Lrens). The law would have severely curtained privacy rights in Switzerland. Due to our use of end-to-end encryption, the ProtonMail secure email service would not be negatively impacted by the new law. However, we strongly believe in protecting privacy rights, so together with other opposition groups, we decided to mount a challenge against the new law. Due to Switzerland’s unique system of direct democracy, any law can be challenged by collecting 50’000 signatures within a period of 3 months after the passage of the law.

Today, we are happy to announce that this effort has succeeded and this afternoon at 13:30h, the referendum will be officially presented to the Swiss government in Bern. This means at the next election, the Swiss surveillance law will be put to a public vote by the entire country, and for once, the people and not politicians will decide the future of privacy in Switzerland. We would like to use this historic occasion to thank the numerous Swiss ProtonMail users who assisted in this effort.

The signature campaign started in September and ran until the end of December. By the first week of December, the campaign only collected around 20’000 signatures and the outcome was very much in doubt. It was at this time that we decided to call upon our community for support and we sent an email to all Swiss ProtonMail users (identified by .ch email addresses). The Swiss ProtonMail community is small (we estimate 30’000 users), but quickly mobilized to help collect signatures.

The result is that over 70’000 signatures were mailed in (the collection center stopped counting after 70’000), of which 64’500 were processed, and by Tuesday evening, over 55’000 of those signatures had been certified, meeting the statutory threshold. We are thankful that so many of our community decided to support this effort and we appreciate the many emails of encouragement that we received.

Swiss surveillance referendum form
NDG Referendum Signature Form

 

This referendum effort is truly historic because many different aspects of Swiss society were able to unite behind the common cause of protecting the Swiss tradition of privacy. Also backing this referendum was a diverse coalition including rights organizations such as Amnesty International, Grundrechte.ch, political groups such as JUSO (Young Socialists Switzerland), GPS (Green Party), SP (Social Democratic Party) and the PPS (Pirate Party), along with business associations such as Digitalen Gesellschaft, and other groups such as CCC Schweiz. There were also ProtonMail users from all walks of life.

Together, we have demonstrated that privacy has a voice, and we will be heard. We are very grateful to the ProtonMail community in Switzerland for your efforts. We are not numerous, but still we managed to help force a public vote on an important issue that impacts all inhabitants of Switzerland. It is not often that small companies like ProtonMail can impact national laws, but thanks to you, we have formed a strong bloc that can no longer be ignored. Based on this result, we are confident that we will also be able to force a public vote on the upcoming BÜPF data retention law.

Swiss privacy referendum

Regardless of the outcome of the public vote in June, we have already accomplished our most important goal and civic duty, which is to bring privacy issues to the forefront of public debate. This way, we can avoid the unfortunate situation in the US where the CISA surveillance law was passed and approved in the shadows. If three years of working on email privacy has taught us anything, it is that winning the fight for privacy goes beyond writing code.

We must also constructively engage governments and the general public. On an individual level, this means going beyond simply switching from Gmail to ProtonMail. We must follow the example of the Swiss ProtonMail community and create awareness. We need to engage our local communities and help people understand that encrypted email services like ProtonMail don’t just provide secure email, but also protect democracy. It is only by winning the battle for public opinion that we will be able to permanently secure our privacy rights.

If you wish to get a free encrypted email account and join our community, it is possible to sign up here: https://protonmail.com/invite

Thank you for your support!
The ProtonMail Team

Update: The signatures have now been delivered to the Swiss government. Despite the heavy snow, many people turned out to fight for our privacy rights. (Photo credit: Parti Pirate Suisse)

Swiss privacy referendum signatures
Boxes of referendum signatures being delivered to the Swiss government in Bern.

 

Swiss privacy referendum, Canton signatures
Signatures came from every canton of Switzerland, labelled by their canton flags.

 

Swiss privacy referendum demonstration
The line of citizens bringing signatures looped around the Swiss Federal building.

About the Author

Admin

We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. Ensuring online privacy and security are core values for the ProtonMail team, and we strive daily to protect your rights online.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

109 comments on “Swiss Surveillance Laws headed for nationwide referendum!

  • You Swiss have the best democratic system I know of. It is something you should be terribly proud off, and defend at all costs.

    Reply
  • This is really something more countries should enforce.
    People should be able to have a say even if a small one.

    A tiny piece in a huge battle taken. Next one is coming!

    Keep it up Protonmail and Switzerland.

    Reply
  • Thank you Protonmail!

    If you are working for any entity that is unethically trying to restrict privacy for the public, please, please, remember to safely leak this information to Wikileaks, etc. Thank you!!

    Reply
  • I wish we had a real democracy here in the US. It’s all a big facade here in the US! We elect people to vote for us. It’s not direct and it’s starting to show massive corruption issues.

    If English was a primary language in Switzerland, I bet more American’s would try and flee there! I know it’d be on my list if language wasn’t a massive barrier.

    Reply
    • You are right, English is not a primary language in Switzerland. But in the area where german is spoken, it is a more common language than the other two primary languages italian and french. But however, our government is no more what it was some years ago…

      Reply
    • Yeah, if every single human spoke english everything would be easier for americans. But you see, people have the “bad” habit to speak their mother languages, and it turns out that the US haven’t still colonized the entire world completely so children learn english before, and better, than their native languages. So if you want to live somewhere abroad, do learn its damn language and respect the world’s damn diversity.
      And if you love democracy that much, begin to throw those neo-colonialist ideas away from your mind; democracy implies also the others, not only your country.

      Although, said all that, in fact we, europeans, are the real culprits, of the typical american arrogance for not having reached an agreement for a real european lingua franca in a continent where nobody but british speaks english natively. So here we are, writing in the language of the US, and our governments spending milliards in teaching their language in our public schiools when serious proposals have been made for using esperanto, modernized latin, even interlingua; but none politicians or citizens haven’t had the will.
      Thus, after all, it’s understandable that people like the former poster think of the world as a sort of colony where everybody is somehow obliged to speak the tonge of “The empire”.

      Reply
      • You’re totally off-topic.

        Being French, I don’t think I would feel offended if someone would tell me my country has such freedoms they would gladly come here if we spoke English. This would obviously show something wrong, but that’s not what they meant here.

        Also, there are three languages in Switzerland : French, German, and Italian. I don’t see what would be wrong in saying “I’d like it if there was a portion of Switzerland were English would be the primary language, because your country’s politics are saner than mine and I’d like to become Swiss for this reason”.

        Reply
        • Excuse for objection: There are even four national languages 🙂 French, German, Italian AND Rhaeto-Romance (very seldom).

          Reply
      • “Nobody but the British speaks English natively” We Irish speak English natively, having had English imposed on us. We subsequently improved it through the efforts of George Bernard Shaw, James Joyce, Oscar Wilde, Samuel Beckett, Jonathan Swift and Bram Stoker among others.

        Reply
      • Edgar

        Leave it American lack of global history. I amm not being offensive not your fault but the education system. An American who went to India with me on busines marvelled to the Indian executives how India spoke so much English and
        America’s influence only to be corrected. It was UK early imperialism that brought English to the world and not Coca-Coal

        Reply
      • As an earthman-russian, I should to note, that in a century of transcendence of biological, archaism of national identity should be forgotten finally. Flag pattern does not matter much. Today mankind and other species are facing challenges which unite us, while most of humans still romp in the shit of national or even religious identification.
        As bees and ants uses chemicals to build large societies, we are using a lies. Mass deception is evolutionary strategy of our species, however it still irritates my rebellious mind… Sorry.

        Reply
        • Think Again,
          Everybody is religious and the only ones who are offended at distinctive beliefs of individuals are the ones who want everybody to believe the same. The worst offenders in this kind of intolerance are the globalists – not those who firmly believe a particular creed while recognizing the rights of others to do the same. You are religious. Your reference to evolution shows you accept an unproven and unprovable dogma as an oracle that plays a fundamental role in your worldview. Your opposition to nationhood is naive at the best. Do you see the UN and other such supranational bodies evidencing greater integrity, and respect for democracy and individuals? The farther they go beyond the traditional Western regard for national sovereignty the more corrupt they become. Would anybody seriously oppose that statement? The fact is, the biggest shared problems the world has today are the ones that exist within their globalist agenda. Protonmail is doing a real service by fighting for privacy rights in a world where government is eagerly reaching for the status of god by claiming the right to know everything.

          Reply
      • As an earthman-russian, I should to note, that in a century of transcendence of biological, archaism of national identity should be forgotten finally. Flag pattern does not matter much. Today mankind and other species are facing challenges which unite us, while most of humans still romp in the shit of national or even religious identification.
        As bees and ants uses chemicals to build large societies, we are using a lies. Mass deception is evolutionary strategy of our species, however it still irritates my rebellious mind… Sorry.

        Reply
      • Hopefully, Esperanto will save all of our mothertongs !

        …. am I the only one to speak esperanto ?…
        … mi malgxojas, mi estas sola 🙁

        Reply
    • In Genvea, you can pretty easily live without knowing a word of French. There are so many international organizations and companies, there are local English speaking radios, …

      Reply
      • Monsieur,

        Le minimum d’efforts qu’un étranger doit faire pour s’intégrer est d’être capable de parler une des langues nationales. L’anglais n’est pas langue officielle en Suisse. Beaucoup d’anglophones croient être en Grande-Bretagne ou aux Etats-Unis. Désolé, vous ne l’êtes pas.

        Reply
  • Here here cheers to the Swiss for requiring their government to list to their citizens. Here is a question though, how do you keep from terrorists using your service? We know they use secure encrypted communications. And I am just curious what protonmail is doing to prevent their use of the service while protecting the rights of innocent people all over the world?

    Reply
      • Very well said. Giving up up our freedom to enjoy our security in privacy rights in order to have thoretical security ‘freedoms’ in a national security state is equivalent to becoming vegan in order to enjoy eating meat. Congratulations on this campaign, citizens are born free. We are not children, fodder or ‘subjects’ to be ruled over. There are some whack jobs who believe mass murder is the means to an end – unfortunately many of them historically and present, are heads of state. Legislate publishing their communications (thanks Wikileaks) and we might see a change of heart in these and similar tyrannical proposals – which would have a greater impact at reducing terrorism. In the mean time, we have protonmail. Thank you.

        Reply
    • As Proton’s admin has linked, ban Potonmail’s security won’d discourage terrorists to use other ways of encryption. A long as technology exists, the bad guys will make use of it.
      The real question is what are the USA and the EU going to do to keep mulims away from becoming terrorists. Why countries like Libya or Irak where stable regions before but now are an inexhaustible source of terrorists; why DAESH is always well financed, and why nobody has invaded Saudi Arabia and other dictatorships in the region that finance islamist terrorist.
      Well, the questions are many, an none of them pints to secure email. So may be the way to reduce terrorism is reducing the motives why millions of persons want to see us dead; and I’m sure that secure and private communications are not a motive.

      Reply
      • In fact, it seems they’re using Telegram.

        I strongly discourage my friends to do so for several reasons, such as Telegram people paid to edit Wikipédia articles and make posts on anonymous websites such as 4chan, or the fact that they store default messages in plain text on their servers.

        Maybe it’s not the encryption that’s the problem with Telegram but the libertarian ideology of the two business angels providing it financial ressources.

        Reply
    • You have to understand that virtually all acts of so called “terrorism” are State Sponsored. Almost always by the very State in which they occur. (often referred to as false flag attacks).
      Their objective is to scare the public into surrendering their rights and freedoms, thus handing over more power and control to the State .

      Encryption and privacy have no bearing on terrorism, as the States have no interest in preventing it since they are the ones who are sponsoring it.

      This might come as a shock to many but unfortunately it is nonetheless true.

      The only way to stop terrorism is to stop our Governments from sponsoring and arranging it.

      Reply
    • What are we/you/they doing to prevent terrorists from mailing a letter through the old traditional post? Just because you don’t want them to mail a letter, doesn’t mean they are not going to …. the same applies for the internet. ITs best to keep a clear perspective on things. There is both good and bad in the world. You can’t manage and do away with all the bad. We fight it with the means and abilities before us, and within the letter of the law. But you certainly don’t want to infringe on the rights of the good to justify capturing some of the bad. The fiber of society would decay if that were to happen. We fight the bad at every turn – legally of course. Justice will prevail, in due course.

      Reply
  • As we are now entering THE INFORMATION AGE these security and privacy services may be as important for the Swiss future as banking used to be.

    If you have the strenght to hold to privacy, it may mean a long and prosperous future for the all Switzerland.

    Reply
    • Not only do we have very good privacy laws, we also have one of the best copyright laws. Downloading any media content is legal and using it for education is mostly free.
      Fortunately our government has resisted the enormous pressure put on it by the US government in the name of industry monopolists.
      And should the government give in one day, the people will correct that mistake.
      That’s not to say that our system is flawless, but to quote Churchill:”Democracy is the worst form of Government except for all those other forms that have been tried”. And for me the US are one of those other forms.

      Reply
  • Democracy has been ignored for too long and decisions have been taken to facilitate those with wealth and power. I can feel a wind in my hair, it’s the wind of change and it feels good!

    Keep up the good work Protonmail!

    Reply
  • Thank you for your efforts. You should have asked every subscriber. There are a lot more of us Swiss who don’t have an email address ending in .ch. Even if we don’t live in Switzerland, we are still eligible to participate in referendums and vote.

    Reply
  • Excellent!! Excellent Swiss democracy and excellent people who care and handle! And Protonmail as a part of it. THANKS to everybody!

    Reply
  • If you want a little more “democracy”, like they have in Switzerland, then:
    – be a small, unique country
    – with a well educated and informed population
    – have your politicians by the “balls” (cojones-)
    – keep the borders controlled

    Reply
  • Please put pressure on the UK to adopt your democratic system as, at the time of writing this post, our Investigatory Powers Bill is likely to just be voted in with no real thought to privacy. Well done for winning your battle, you are an inspiration to us all.

    Reply
  • I wish we had such democratic rights in India. In India, government may charge me with sedition if if utters some slogan whom government don’t like. It’s the 21st century’s biggest scam that India has marketed itself as the biggest democracy in the world. Here we have no power except voting, we are nowhere in due process of election, not in selecting candidate, not making agenda for election and after election our opinion nowhere considered in making policies and laws. There are no representation from the poor in parliament. All most all MP’s are millionaires. In India, a poor can never win a election. Election is nothing but pouring money in media propaganda, buying vote by money, distributing wine.

    Reply
  • Thank you for this wonderful service. It is a great comfort knowing my communications are truly private. People of the world should have the right to private communication as a fundamental human right. What you have done with this goes far beyond email, it’s a public service of the greatest importance. Best wishes!

    Reply
  • Government was established to help their citizens, not to spy on them. Swiss democratic model seems to be very different from the traditional Western democracy. We should congratulate Swiss citizens with a victory and be very proud of them for taking a stand and defending their freedoms.

    Reply
  • I support ProtonMail financially, and I’m glad I do. It’s not only an email service, but a privacy advocacy group. Without privacy there can be no freedom: no democracy, not even a republic. Thank you, ProtonMail. Sadly, in the US the total loss of privacy is joked about, as if it doesn’t matter. “Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.” William Pitt the younger in the House of Commons, 1783

    Reply
    • Thank you Protonmail. As a Swiss citizen, I can confirm that I will vote for enforcing our privacy laws. Privacy is a basic human right that everyone deserves, regardless of the country they live in, regardless of the culture and the religion they have.

      Reply
  • This is an outstanding performance, that we need to see as an motivating inspiration for the rest of the world, and follow up on by making similar demands to our “politicians”

    Denmark

    Reply
  • The Greek people have been informed about the situation, its history and the services. Acts similar to these, remind us to not forget, that there is always a way. Well done gentlemen, well played.

    Reply
  • Danke sehr viele….Protonmail has made the first step in changing the safety of worldwide communication. Your efforts will be rewarded 10-fold.

    Reply
  • Very glad to have found this email service with such high priority on user privacy. This is not the first time I have heard of the Swiss being so great as a people. Glad to see there are others in this world trying to live with dignity. Thank You

    Reply
  • Is this channel secure? I’d like to post something that is somewhat controversial so I’d first like to know if it’s safe to do so.

    Reply
  • As an early supporter of ProtonMail, I am constantly pleased and impressed by the integrity and commitment to privacy and security of the ProtonMail team and supporting community. Please know that there is a large international community that truly values your services and who are committed to supporting your efforts.

    Reply
  • Early initiative with good support from community & people will definitely bring a change. Changes that respect human dignity & privacy. Well done & keep up the good work.

    Reply
  • How lucky the Swiss are to be one of the last democracy in western Europe and the western world.

    Unlike the downtrodden nations who have made the mistake to join the “European” union where no referendums, no democratic processes, no consultation is allowed anymore (and denied like the last Dutch referendum totally ignored by the maffia of the “European” commission)) by the dictatorship in Brussels.

    Be very careful to keep your rights, your way of functioning as a democracy and to make sure that your politicians don’t collude too much with the unelected, unaccountable oligarchs in Brussels and their accomplices Berlin or Paris who want to impose their masters agenda on the European people (TTIP, forced illegal migration, and of course the violation of our rights and privacy).

    Vote well, because those who live in the EU soviet union envy your freedom and democracy.

    Reply
  • I lived 10 years in Switzerland, spoke English and my native tounge when i went there to do my schooling, got German, French and Italian for free…..
    Ref American politics..its speaks for itself, I am more concerned about our own politics…soon Chinese, Japanese, Americans and South Americans will fly to Europe too see how people used to live….sad!

    Reply
  • That is a really big step into privacy rights! I am really glad that on the other hand of what we see in every day use of internet there are people and companies that believes in human rights and not only the use of increasing data to marketing, promotion and sales.

    Congratulations Switzerland and ProtonMail for all fights you have to protect people’s rights.

    Reply
  • This is the sort of people power that would scare Brussels sh**less. Good for you Switzerland. Not afraid of public opinion outside of the country and proud to stand up for what you believe in. In these times of terrorism the governments will push through any and all laws whilst failing to stop the main problem – Islam in Europe.

    Reply
  • Good job done. The battle is always going to be between those especially in the government who believe quite rightly at times that the security of the state is paramount and those of us who believe in tyhe fundamental right to privacy. I do not know how this will be or can be solved but I suppose that with the advent (whenever that happens) of the quantum computer ; maybe there will be some sort of understanding on both sides of the debate.
    However congratulations to the team at \proton mail.

    Reply
  • Apparently the ProtonMail system does not want to create a Free account when you do not provide an email recovery option (remember Google?).

    I tried exactly that, using PaleMoon Web Browser (no DOM storage, poison data enabled) under Mageia 5 Linux from eastern USA. After having done some 20 captcha screens for “verification”, I realized the intent: no account unless existing email (access to my history/contacts in existing email) or SMS message (access to my cellphone identification) or credit card payment (full identification of me). I could have used TOR… no divulging IP address either!

    So, why bother about all the signature collection and trumpeting privacy? It is violating the basics by denying access in the first place. Or is it for Swiss folks only?

    If someone is not so critical about data privacy, Yandex provides a much smoother account creation. Now that I would be divulging my existing email account in order to post this message, I would not create a Protonmail account for that same reason of double standard.
    I am also considering requesting Wikipedia so that they remove it from their list of free web-mail providers.

    Reply
  • Congratulations and my kindest support to all of You on the achievement of “Swiss Surveillance Laws headed for nationwide referendum!” process that helps to the Swiss community in their right decision about privacy and it will be an excellent model to follow for most of the communities around the world !

    Reply
  • Bonjour,

    D’après ma compréhension de la loi voté le 25 septembre, le SRC peut vous forcer de modifier le design de vos protocoles pour récupérer les login et clef pour l’encryption de nos données que vous protégez. De plus vous serez dans l’impossibilité de nous prévenir le cas échéant comme le souligne l’article 19 (voir plus bas)

    Pourriez-vous m’indiquer comment vous interprétez cet article?

    Merci et bonne soirée

    Romain

    Section 3
    Obligation de fournir et de communiquer des renseignements
    Art. 19
    Obligation de fournir des renseignements en cas de menace concrète
    1
    Les autorités fédérales et cantonales et les organisations auxquelles la Confédéra-
    tion ou les cantons ont confié des tâches publiques sont tenues de communiquer au
    SRC, sur demande motivée portant sur un cas particulier, tout renseignement néces-
    saire pour déceler ou écarter une menace concrète pour la sûreté intérieure ou exté-
    rieure ou pour sauvegarder d’autres intérêts nationaux importants au sens de l’art. 3.

    Reply
    • Je m’excuse mais mon précédent message est incomplet


      Les autorités et les organisations visées à l’al. 1 ont l’interdiction de divulguer à
      des tiers les demandes du SRC et les informations communiquées. Elles sont autori-
      sées à les divulguer aux unités auxquelles elles sont subordonnées et aux organes de
      surveillance.

      et l’article 3 auquel l’article 19 se réfère est le suivant:


      Art. 3
      Sauvegarde d’autres intérêts nationaux importants
      En cas de menace grave et imminente, le Conseil fédéral peut confier au SRC des
      missions allant au-delà de la sauvegarde des intérêts nationaux mentionnés à l’art. 2
      dans le but de:
      a. protéger l’ordre constitutionnel;
      b.soutenir la politique extérieure;
      c. protéger la place industrielle, économique et financière

      Par conséquent si je suis journaliste et que je travaille sur un dossier qui concerne une entreprise qui ne paie pas ses impôts par de l’évasion fiscale. Je suis susceptible d’être une cible car je peux porter atteinte à la place industrielle ou financière par mes révélations.

      Pourriez vous nous expliquer votre interprétation de la loi?

      Merci
      Romain

      Reply
    • This does not apply to us because the encryption is done on the front end, on the users’ computer. Thus, the user is doing the encryption and not ProtonMail.

      Reply
  • Hi,

    I think two points should be mentioned:

    A- Many articles of the LRens define why the SRC could require an access of our data.
    ————————————————————————————-

    B- others articles about the means SRC could use to get an access of our data
    —————————————————————————–

    A First it depends on what SRC suspects about you and your informations:
    ————————————————————————

    If you work could have consequence on the protection of “protéger la
    place industrielle, économique et financière. ” you are in. For an
    example if you are a journalist working on bank secret or fiscal issue,
    you are in.

    ### how these informations could be relevant for Swiss interests.

    If you read article 5: SRC could use any mean some of them requires
    authorization other does not.

    ### Which threats ?

    Chapter 2 Section 1 article 6 defines which situations SRC could act
    against. It is quite broad:

    > Le SRC recherche et traite des informations dans les buts suivants:

    > a déceler à temps et prévenir les menaces que représentent pour la
    > sûreté intérieure ou extérieure:

    > 1\. le terrorisme,

    > 2\. l’espionnage,

    > 3\. la dissémination d’armes nucléaires, biologiques ou chimiques, y com-

    > pris leurs vecteurs et tous les biens et technologies à des fins
    > civiles ou

    > militaires qui sont nécessaires à leur fabrication (prolifération NBC)
    > ou

    > le commerce illégal de substances radioactives, de matériel de guerre
    > et

    > d’autres biens d’armement,

    > 4\. les attaques visant des infrastructures d’information, de
    > communication,

    > d’énergie, de transport et autres qui sont indispensables au
    > fonctionne-

    > ment de la société civile, de l’économie

    > et de l’Etat (infrastructures cri-

    > tiques),

    > 5\. l’extrémisme violent;

    > b\. détecter, observer et évaluer des événements importants en matière de
    > politique de sécurité se produisant à l’étranger;

    > c\. **assurer la capacité d’action de la Suisse**;

    point c is quite broad

    ### Could ProtonMail be affected by LRens ?

    SRC could force you to provide informations they want : see Art.20 line
    i :

    > les autorités exploitant des systèmes informatiques;

    ProtonMail is in.

    B the means:The question is how they could technically do it.
    ————————————————————-

    The interesting point that the law does not define precisely means that SRC handles to ensure the success of their claims. I understant that all mean could be use as soon as it respects the law.

    You mention that design and protocol currently set on your servers protect users. That’s why we use your service. But how ProtonMail could resist to a request from SRC to modify design and protocol to weaken protocols.

    Could you explain how ProtonMail could refuse a request from SRC to downgrade or change part of handshake ssl protocol to facilitate decryption of informations when I log to ProtonMail ?

    Thanks

    Reply
    • ProtonMail protects against that as well. In the event that SSL is broken, only ciphertext can be intercepted. In any case, under this law, the SRC cannot force tech companies to weaken SSL, this is not enforceable and would be subject to legal challenge.

      Reply
      • Thank you for your answer.

        I am not familiar with other swiss law.
        In the LRens it is clear that organization could not refuse to let an access to information SRC wants to get.
        But this law does not define the possible means to get informations.

        Could you precise me which law protects ProtonMail against a possible request from SRC to modify or downgrade your protocol?
        You mention “legal challenge” but it is quite fuzzy.
        Do you know which other laws (beyond LRens) would be used in this “legal challenge”?

        Thanks again for your answer.

        Reply
        • The SRC cannot request that we downgrade the protocol because the encryption is done on the client side by the user, and not by us. By law, companies are always required to turn over data in the event of a court approved order for customer data. This is the case in all countries. However, in ProtonMail’s case, due to the end-to-end encryption that we utilize, we can only turn over encrypted data without decryption keys.

          Reply
          • I am quite surprised about your terse answer:
            >”The SRC cannot request that we downgrade the protocol because the encryption is done on the client side by the user, and not by us.”

            Seriously, I’d probably misunderstood what you mean. Would you expect that I believe that all security leak could only be from client side. Who would beleive that modification of implementation of the server encryption side has no consequences on strength of communication?

            That’s a particular way to simplify the issue. I’d expect a more clear and didactic answer for us and I am sure I misunderstood your purpose.

            The relevant question is simple:
            Has SRC the possibility to force you to change parameters (any codes, cyphers, implementations …) on the server side based on this new law?
            You have previously give a laconic answer that “he SRC cannot force tech companies to weaken SSL, this is not enforceable and would be subject to legal challenge.”
            Which legal bases could you help you to resist against such requirements because as I mentioned before you have to keep secret any demands from SRC according to LRens law if SRC compels you.

          • The legal opinion of several experts is that if the SRC makes demands that would weaken security, such demands could be challenged on the grounds of posing a public safety risk. For ProtonMail, this has minimal impact to begin with because our crypto is client side.

  • Thank you again for your answer :
    >The legal opinion of several experts is that if the SRC makes demands that would weaken security, such demands could be challenged on the grounds of posing a public safety risk. For ProtonMail, this has minimal impact to begin with because our crypto is client side.

    Let’s go for an example which protects public safety risk and targets only SRC wants to attack.

    SRC asks you to install an interception proxy + your Certification Authority + with sslstrip2. You could easily target client based on IP address so no public safety risk. Do you think the crypto client side would be efficient to this kind of attack. ?

    Another example simpler : according to the IP address SRC may ask you to inject malicious code in JavaScript. It may not be a public safety issue because It is a targeted attack.

    The issue is not technical, but legal.

    Reply
    • This would be taking an excessively broad interpretation of the law and that would be subject to court challenge from many tech companies that operate in Switzerland, not just ProtonMail. The law does allow the SRC to request encryption be removed, but the interpretation is not that they can force service providers to assist in compromising server/client connections, but that if a service provider holds encrypted data, and also the key, a service provider can be asked to decrypt that data. In ProtonMail’s case, we don’t hold an usable key, so under this interpretation the law does not apply to us.

      Reply
      • First of all, the encryption removal is only mentioned once in the text. It’is about article 43 applied to communication and network cable companies not services company as ProtonMail. Of course the interpretation of this label of “Obligations des exploitants de réseaux câblés et des opérateurs de télécommunications” may be discuss.

        Secondly your last argument is little tricky :

        Because you do not hold the key, SRC could ask you to inject malicious code for a specific target. Of course this technical mean is not defined in this law; as you may note that no mean are technically defined in this law to let much more possibility to the SRC to act.

        Finally:

        I would be happy to hear you why is an excessively broad interpretation of the law? From my point of view, what is interesting in this law that legislator does not define the means in this text. It avoids to have technical issue about possible means used do get required information. That’s a common strategy in legal field.
        Yes, many tech companies in Switzerland are above the same potential threat but actually user takes a different risk than you. Because if SRC targets an user … he may face difficulties. On the other hand ProtonMail, as other tech companies, may face other difficulties to adapt business model according to this legal context.

        Thanks again for your answer

        Reply
  • Thank you so much from California, USA! I was waiting for someone like you to come along. Of course it would be the Swiss! Obviously, our world class politicians haven’t caught on to your level of technical savvy. They are still enraptured by texting photos of their genitals, tweeting personal insults at celebrities from the toilet a 3 am, and using personal basement servers to handle classified email. Like, DUH! Is Switzerland accepting horrified American refugees if Dump manages to snatch the White House? We’re not ALL Neanderthals. Just most of us. I want to join the Pirate Party. That sounds fun. I’ll get a paid account ASAP. As a person who has been recently doxed at a national security level, I appreciate the spirit and care you put into your product. Thanks again.

    Reply
  • The discoverer and founder of Christian Science, states: “Like our nation, Christian Science has its Declaration of Independence. God has endowed man with inalienable rights, among which are self-government, reason and conscience.” (Science and Health with Key to the Scriptures, by Mary Baker Eddy)

    Reply
  • Great idea and well done for putting this into motion but real privacy have no place in real world any more.
    https://www.theguardian.com/world/2016/sep/25/switzerland-votes-in-favour-of-greater-surveillance
    Some would argue it’s necessary security measure in today’s world but I am affraid it’s just a first step on a path to global mass surveilance program.
    Welcome to the year of 1984. Sadly there will be time soon enough when privacy not only will not be possible but also will not be allowed at all.

    Reply