As a Swiss business with Swiss data centers only, we are subject to the surveillance framework 780.1 Bundesgesetz betreffend die Überwachung des Post- und Fernmeldeverkehrs (BÜPF) as part of Swiss telecommunications law. The purpose of this law is limited to criminal investigation, mutual assistance requests from other countries, and search and rescue for missing persons. All requests have to be part of an ongoing criminal investigation, with one important exception: If there is compelling reason and evidence to believe someone is immediate danger for their health or life. Civil law is never sufficient grounds for requesting information. Also the list of paragraphs of applicable criminal law is given, and not subject to a judge's discretion.
The law also tasks a dedicated governmental body with the oversight of this process that works with the police and judicial systems, but is separate from them. This body is responsible to receive requests from the police and forward them to the communication provider if they meet the formal requirements.
As to the requests themselves there are essentially three kinds of requests that should be differentiated:
These are also sometimes referred to as "telephone book requests." They cover administrative information about a user limited to name, address, profession, telephone number, IP address, and kind of account/service. These can be made to the provider directly by the police as part of a criminal investigation. This is the only kind of request that does not require a judge to approve such a request.
So what does this mean for Kolab Now? Criminal investigations are specific to crimes, which translate to paragraphs in criminal law. So a request to Kolab Now will always come with reference to the respective paragraph in criminal law. That allows for some understanding of the severity and also legitimation of the request, as the police will require evidence what kind of crime has been committed. And they could link that evidence to a user account. Now they want to find out who is the natural person behind the crime they are investigating.
In such cases we are generally obliged to help the police identify individuals who have committed a crime according to Swiss law. So if the request seems genuine and justified, we will cooperate. But obviously in these cases Kolab Now can only provide what Kolab Now users have provided voluntarily during sign-up. As a business-oriented service, we have substantial numbers of professional clients who want proper invoicing for their tax accounting. Therefore we of course have business records on a variety of our customers. But these would likely be easily identified without any such request being made, e.g. because the domain in question maps to a company.
What is also important to understand that this is far more limited than mechanisms in other countries, such as the "Bestandsdatenauskunft" in Germany, where providers have to provide a whole range of additional information, including passwords, without any oversight by the courts and where the mechanisms for these kinds of requests is increasingly automated. Unlike Switzerland, Germany also allows these kinds of requests for civil offenses and minor misdemeanors.
These are requests for retained data. Switzerland has a legal requirement for six months data retention by the provider. Data that is retained is communication metadata, so information about who communicated with whom from where and when but not the actual content of the communication. Metadata access requires the police to present their findings to a public prosecutor who needs to be convinced there is strong suspicion and concrete evidence. The prosecutor then needs to file for an access to retained data with a Swiss judge or court, who also needs to establish the request meets all the criteria to approve it. If all three institutions agree, the provider gets the notice via BÜPF (see above) and has a final opportunity to contest the order.
That the oversight and control is working is evidenced by the numbers: In all of Switzerland across all email providers there have been 32 such requests in 2013 (26 in 2012) granted.
All requests have to use this same mechanism and will appear in the statistics, there are no other legal means to gain access. Also, unlike other countries, Switzerland has banned its secret service from operating within the country. There is evidence to suggest it aims to circumvent this by collaborating with foreign services who gather the data they are not allowed to gather. In this Switzerland does not appear to be different from other countries. But there is one very important difference that follows from this: Any request from the secret service to a Swiss provider would be criminally illegal, unlike in the United States or Germany, where such requests are explicitly granted by law and providers are often compelled to cooperate in secrecy.
These are "wiretapping" requests where the police gets a near real-time copy of all communication going over a service.
The process is the same as it is for retroactive metadata. The police need to have strong and concrete evidence for a specific crime and have an investigation under the respective paragraph of the Swiss criminal code. This crime furthermore needs to be linked with the specific account and there needs to be strong reason to believe only by live interception can the case be prosecuted. The police needs to present this to a prosecutor and convince them a wiretapping order is in order. And it should be noted that Swiss prosecutors, unlike their US movie counterparts, are not de-facto part of the police. They will need to be convinced by the evidence presented in order to file with the court. After the judge has reviewed the evidence and found grounds for strong suspicion that a crime has been committed, and concluded that it is unlikely the crime could be prosecuted in any other way, the wiretapping order may be granted and transmitted to the provider via BÜPF. The provider then reviews and looks for errors or other grounds for refusal.
As for retained data, the numbers suggest this process is working and used rarely: In all of Switzerland across all providers there have been 21 such cases in 2013 (20 in 2012) for email. Given the number of accounts hosted in Switzerland this shows it's used extremely sparingly. Also, unlike in most other countries, there is no back-door for these requests, either.
Requirement to notify, more information
There are also some other provisions in Swiss law that makes it the most privacy centric in the world, such as the requirement to notify you in case you have been the target of any such request. But of course a brief introduction cannot cover all the details. So if you want to read a bit more about the overall framework, we suggest the article Reforming Surveillance Law: The Swiss Model by Susan Freiwald and Sylvain Métille for the Berkeley Technology Law Journal (Volume 28, 2013) for some background reading.
The above covers what Kolab Now has to take into account for requests to user data by the Swiss police and justice system, who are the only body legally entitled to these kinds of requests at all.
But of course that is not a complete picture of what is going on in Switzerland. Like most countries, Switzerland has begun experimenting with other, more aggressive technologies, such as governmental trojan horses to get targeted access to systems. Kolab Now could not legally be targeted by such measures, and we technically protect as best we can against these technologies regardless of where they originate. But Switzerland has a long culture of self defense and reliance. So as a side note it should be said that if you ever think of actively probing Swiss services, we would urge you to reconsider. The law in Switzerland gives substantial leeway in terms of self defense.
And it would also be rather one-sided to think of the police only as the people who try to get to your data. Because the police also have a mandate to protect you and everyone else from criminals who would want to violate your privacy or obtain your data - be it secret services abroad, corporate espionage, or plainly criminals. Such attempts to access your data are a crime in Switzerland, and the police is compelled to investigate on your behalf.
Unlike other companies we see our users as the center of our service, not the necessary raw material to be processed for the customers. Our users are our customers.
This is essential in aligning our interests with those of our customers, and we will do everything in our power to protect the ability to freely cooperate and communicate for all of our users. Businesses and individuals alike. That freedom we protect using all technical and legal means available to us. At times that may also require cooperating with the police because it is in the immediate interest of our users against whom a crime has been committed.
But if you are considering to use our services to conduct criminal activity, we strongly suggest you go elsewhere. As also clearly stated in our Terms of Service, we do not extend our protection to those who attempt to invade privacy and violate the rights of others. And if you use our services for that purpose, we will cooperate with the police as we are legally compelled to do.