by Jenna McLaughlin, The Intercept:
A small email provider and its customers have almost single-handedly forced the Swiss government to put its new invasive surveillance law up for a public vote in a national referendum in June.
“This law was approved in September, and after the Paris attacks, we assumed privacy was dead at that point,” said Andy Yen, co-founder of ProtonMail, when I spoke with him on the phone. He was referring to the Nachrichtendienstgesetz (NDG), a mouthful of a name for a bill that gave Swiss intelligence authorities more clout to spy on private communications, hack into citizens’ computers, and sweep up their cellphone information.
The climate of fear and terrorism, he said, felt too overwhelming to get people to care about constitutional rights when people first started organizing to fight the NDG law.
Governments around the world, not to mention cable news networks, have taken advantage of tragedy to expand their reach under the guise of protecting people, even in classically neutral Switzerland — without much transparency or public debate on whether or not increased surveillance would help solve the problem.
But thanks to the way Swiss law works — if you get together 50,000 signatures within three months of the law passing — you can force a nationwide referendum where every citizen gets a say.
“In Switzerland, and overseas, no one really thought to ask the people,” Yen said. “The public opinion, especially from the young people, has shifted to pro-privacy.”
By gathering its users and teaming up with political groups including the Green and Pirate parties, as well as technological and privacy advocates including Chaos Computer Club Switzerland and Digitale Gesellschaft Switzerland, ProtonMail was able to collect over 70,000 signatures before the deadline.
The new law is the first of two surveillance laws that have been circulating through the Swiss Parliament. The NDG law was fully passed in September, but can’t take full effect until after the referendum vote in June. The NDG would “create a mini NSA in Switzerland,” Yen wrote — allowing Swiss intelligence to spy without getting court approval. It would authorize increased use of “Trojans,” or remote hacking tactics to investigate suspects’ computers, including remotely turning on Webcams and taking photos, as well as hacking abroad to protect Swiss infrastructure. It would legalize IMSI catchers, or Stingrays, which sweep up data about cellphones in the area.
The second law, known as the “BÜPF,” might come up for a vote in the Parliament’s spring session, but may be revised or delayed. The BÜPF would expand the government’s ability to retain data for longer, including communications and metadata, as well as deputize private companies to help spy on their users, or face a fine. “What I have heard from insiders is that they will reduce its scope now that they know we have the numbers to also force a vote on that law,” Yen wrote in an email to The Intercept.
ProtonMail, created by scientists and engineers with know-how in particle physics, software, cryptology, and civil liberties, provides unbreakable end-to-end encryption by default to its users for free — making it easy for ordinary people to protect their communications and preserve their anonymity.
With end-to-end encryption, only the person who sends the message and the person who receives it can access the content; not even the company can see what was written. Encryption protects transactions on the internet, so that criminals can’t read messages, steal credit card information, or impersonate others.
The Swiss surveillance bill does not compel ProtonMail to decrypt its users’ communications, so if the Swiss intelligence service forces it to hand over data, all the intelligence service will get is gobbledygook. But ProtonMail still feels the measure threatens Swiss privacy — something the company hopes to defend, regardless of its bottom line.
There are some strong political currents in Europe, as in the United States, beating strongly against encryption and privacy — which law enforcement says prevents them from accessing evidence with a warrant. Lawmakers, government officials, and law enforcement agencies alike have been pushing for a way to gain access into uncrackable end-to-end encryption. Scientists collectively agree this is a bad idea, and would threaten the security of the internet without actually helping anyone catch bad guys.
Please follow SGT Report on Twitter & help share the message.