- Page 1
- Page 2
- Page 3
- Page 4
- Page 5
- Page 6
- Page 7
- Page 8
- Page 9
- Page 10
- Page 11
- Page 12
- Page 13
- Page 14
- Page 15
- Page 16
- Page 17
- Page 18
- Page 19
- Page 20
- Page 21
- Page 22
- Page 23
- Page 24
- Page 25
- Page 26
- Page 27
- Page 28
- Page 29
- Page 30
- Page 31
- Page 32
- Page 33
- Page 34
- Page 35
- Page 36
- Page 37
- Page 38
- Page 39
- Page 40
- Page 41
- Page 42
- Page 43
- Page 44
- Page 45
- Page 46
- Page 47
- Page 48
- Page 49
- Page 50
- Page 51
- Page 52
- Page 53
- Page 54
- Page 55
- Page 56
- Page 57
- Page 58
- Page 59
- Page 60
- Page 61
- Page 62
- Page 63
- Page 64
- Page 65
- Page 66
- Page 67
- Page 68

- Flash version

© UniFlip.com
background image
W I N T E R 2 0 1 4
43
How is the situation in Switzerland?
Does the U.S. Patriot Act apply in
Switzerland?
The title of the Patriot Act is actually
a ten-letter acronym (USA PATRIOT) that
stands for Uniting (and) Strengthening
America (by) Providing Appropriate Tools
Required (to) Intercept (and) Obstruct
Terrorism Act of 2001. The act allows
federal officers, who acquire information
through electronic surveillance or
physical searches, to consult with federal
law enforcement officers, to coordinate
efforts to investigate or to protect against
potential or actual attacks, sabotage or
international terrorism or clandestine
intelligence activities by an intelligence
service or network of a foreign country.
8
In the U.S., investigators may easily apply
for an order requiring sensitive data. An
FBI officer may have direct access to
the data if he sends a National Security
Letter ("NSL") to the concerned person or
legal entity. U.S. investigators may obtain
a so-called "gag order," which prevents
providers from informing any concerned
person that his/her information is required
by U.S. investigators.
In Switzerland, no Patriot Act or
PRISM program
9
, or the like is in force.
The access of (Swiss) authorities to
private data is very limited both by law
and in fact. In general, any unauthorized
obtaining of data or accessing to a data
processing system is a violation of the
Swiss Criminal Code.
10
Furthermore,
any activities on behalf of a foreign state
on Swiss territory are illegal
11
such as
gathering evidence in Switzerland without
a prior request for judicial aid.
The Patriot Act may not be applied
on Swiss territory. Thus, neither foreign
authorities nor civil parties have any
direct access to personal or business data
located on Swiss territory. In general,
without a Swiss state order, no access is
permitted.
12
Restrictive Judicial Aid
Switzerland is a privacy fortress, but no
fortress is unconquerable. Different ways
of cooperation between Switzerland and
foreign countries are permitted, such as
in criminal matters there is police,
13
ad-
ministrative cooperation and also mutual
assistance.
14
Foreign countries may apply for
judicial aid to access data stored within
Switzerland's borders.
Swiss authorities grant international
mutual assistance only if a formal request
is substantiated and specified. Foreign
authorities must explain in detail who
is concerned, what is the subject of the
proceeding, and, in particular, why the
requested information is sought and
relevant to the foreign proceedings. The
Swiss authorities are restrictive; no foreign
fishing expeditions are accepted.
In practice, judicial aid is difficult
for practical reasons. According to the
vice-director of the Federal Office of
Justice, Ms. Susanne Kuster, it is almost
impossible to find out where exactly
the data is stored within a data center
without the cooperation of the concerned
owner of the data. Therefore, in Switzer-
land, such taking of evidence is done
only in rare cases.
15
U.S. Affiliates in Switzerland
It must be noted that the Patriot Act
applies also to U.S. affiliates settled in
Switzerland.
16
U.S. affiliates located in Switzerland
might get into difficult situations because
they must comply not only with the local
Swiss law but also with (extraterritorial)
U.S. law.
If a U.S. affiliate, based in Switzerland,
receives a National Security Letter, it
would be against Swiss law to follow a
U.S. request without approval from the
competent Swiss authority.
Trends After PRISM ­
Recommendation
We have received many questions from
worried clients, in particular related to
outsourcing and cloud services.
Basically, our advice is the following:
·
Make sure that your data is stored
in data centers physically located in
Switzerland.
·
Make sure that your data does not
leave Switzerland.
·
Check, whether your provider is a
U.S. affiliate.
·
Check your contracts with the data
center provider.
·
For critical data such as essential
technical know-how of your company or
health data, negotiate special clauses
with your data center provider, such as
information duties of the data center
for any access to the servers, anony-
mization of servers, physical access to
servers only by the customer, etc.
·
Check encryption solutions.
Data center capacities in Switzerland
are being massively increased.
Outsourcing, email, and cloud services
are successfully marketed with a Swiss
approach. New techniques, called
homomorphic cryptography, are evolving,
and enable the processing to occur while
the data remains encrypted.
1 Switzerland ranks in 10th place in the Data Centre Risk
Index 2012; Hurleypalmerflatt/Cushman&Wakefield;
Data Centre Risk Index 2012; Informing global invest-
ment decisions, p. 7.
2 Cf. Asut/economiesuisse; Datentresor: So bleibt die
Schweiz ein Topstandort für Data Center, dossierpolitik,
19. November 2012, Nummer 22, p. 3 et seq.
3 Switzerland belongs to the leaders of ICT infrastructure
(rank 3 worldwide in ITU top broadband economies;
Broadband Commission, The State of Bradband 2012,
September 2012, Annex 3).
4 The Swiss price per kWh ranked 4th after Rus-
sia, Iceland and Finland; Hurleypalmerflatt/
Cushman&Wakefield; Data Centre Risk Index 2012;
Informing global investment decisions, p. 7.
5 Art. 13 of the Federal Constitution of the Swiss Confed-
eration of 18 April 1999 (SR Nr. 101).
6 Federal Act on Data Protection [DPA] of 19 June 1992
(SR Nr. 235.1).
7 Cf. Asut/economiesuisse; Datentresor: So bleibt die
Schweiz ein Topstandort für Data Center, dossierpolitik,
19. November 2012, Nummer 22, p. 3 et seq.
8 Cf. Section 215 of the USA Patriot Act.
9 So far, there is no PRISM or similar program known in
Switzerland.
10 Art. 143 et seq. of the Swiss Criminal Code of 21 Decem-
ber 1937 (SR Nr. 311.0).
11 Art. 271 of the Swiss Criminal Code.
12 See section III of this article for more details on Swiss
Mutual Assistance.
13 Art. 75a of the Federal Act of International Mutual As-
sistance in Criminal Matters (IMAC); Police cooperation
covers measures that can be undertaken without the use
of compulsory procedures. The communications between
police authorities generally happens via their national In-
terpol bureaus. Especially the Schengen Agreement has
affected the rules for police cooperation within the EU;
Guidelines of the Federal Office of Justice, International
Mutual Assistance in Criminal Matters, 9th edition 2009,
p. 6.
14 The distinction between police cooperation and mutual
assistance varies from international conventions and
countries concerned, Guidelines of the Federal Office
of Justice, International Mutual Assistance in Criminal
Matters, 9th edition 2009, p. 6.
15 NZZ, Datengeheimnis wird zum neuen Schweizer Stan-
dortvorteil, 14th June 2013.
16 Such as it is the case with stored data by Microsoft,
Google or Amazon.