Switzerland’s Privacy and Encryption Under Attack: Proposed Surveillance Laws Threaten Fundamental Rights and Cripples Encryption
Zurich, May 6, 2025 – A sweeping revision of he Ordinance on the Surveillance of Postal and Telecommunications Traffic (VÜPF/OSCPT) and the ordinance of the Federal Department of Justice and Police (VD-ÜPF/OME-SCPT) , concludes its public consultation today [1].
But the proposed changes pose a grave threat to the fundamental right to privacy and the security of encryption, essential safeguards for all individuals, businesses and democracy itself. VPNs and other encrypted communication services are especially in the crosshairs, threatening to severely erode digital freedom and security.
A Direct Assault on Privacy
The revised VÜPF/OSCPT will expand monitoring obligations for providers of telecommunications services (FDA/FST) and derived communication services (AAKD/FSCD) – encompassing a wide range of online communication platforms. This includes extended requirements for user identification and mandatory data retention.
This includes extended obligations to identify users and retain their data, measures that deeply encroach on the privacy of individuals. Consequently, this also undermines sensitive areas, such as medical confidentiality and the protection of journalistic sources, crucial pillars of a democratic society.
Unnecessary Data Storage Increases the Risk of Abuse
The mandatory six-month retention of metadata – seemingly innocuous information about communications – can in fact reveal highly sensitive details about individuals, including their communication partners, locations, and daily routines, painting detailed portraits of people’s private and professional lives.
Storing this data not only facilitates mass surveillance but also invites abuse. Hackers, criminals, and even insiders could gain unlawful access to this treasure trove of information, opening the door to blackmail, fraud, identity theft, and other serious harms.
Encryption Compromised: Backdoors Are Dangerous by Design
The most alarming aspect of the proposed revisions is the obligation to undermine encryption, a move that fundamentally compromises the security of all digital communication. Providers could be forced to build backdoors or deploy other methods that deliberately weaken encryption, making previously secure communications vulnerable.
Forcing providers to compromise encryption doesn’t just affect authorities’ access; it creates systemic vulnerabilities that can be exploited by anyone, from cybercriminals to hostile states.
We’ve seen this scenario unfold elsewhere. The UK government’s recent attempt to implement similar regulations faced strong opposition from tech companies like Apple, who chose to withdraw encrypted services rather than compromise their security [2].
“A backdoor drives encryption ad absurdum. Once such a method exists, it’s only a matter of time before it’s exploited,” Apple and security experts warn. “End-to-end encryption ensures that only users — not even providers — can access their data. Backdoors always introduce major security flaws.”
🇨🇭 Swiss Privacy Champions in the Crosshairs
This regulation particularly threatens Switzerland’s thriving ecosystem of privacy-focused services like Proton, NymVPN, PVY.swiss, and Threema. Proton’s announced potential departure underscores the damaging impact this legislation could have on Switzerland’s reputation and its digital economy [3].
This isn’t just a business issue. It would undermine Switzerland’s global standing as a defender of privacy and secure communications.
📢 Privacy Is Not Negotiable
This isn’t just about technology or business; it strikes at the heart of our democratic rights, civil liberties, and the very foundation of trust in public institutions. Mass surveillance and compromised encryption are a detriment to everyone. We must firmly reject laws that would undermine our collective safety and dismantle our right to private communication.
References
[Translated partially by Deepl.]
Co-edited by Berna Alp