Background information
USA passes Take It Down Act: why banning deepfake porn is controversial
by Florian Bodoky
SPTO revision: Federal Council looking to expand surveillance through an ordinance
7.5.2025
Translation: Veronica Bielawski
The Federal Council is looking to revise the SPTO as well as to oblige small communications services to cooperate and offer up data. It aims to do so by means of an ordinance. This approach has caused outraged.
On 6 May, the consultation period ended for the partial revision of the Ordinances on the Surveillance of Postal and Telecommunications Traffic (SPTO and VD-ÜPF). With that, the Federal Council’s controversial reform project has entered the next phase. The aim is to revise the monitoring obligations for providers of digital communication services – from traditional telecommunications companies to messenger services and e-mail providers.
What does the Federal Council want – and why?
As the Federal Council itself has stated, it aims to achieve three key points with the revision: first, a clearer classification of which providers have which obligations; second, the introduction of new types of monitoring and information; third, the potential removal of certain forms of encryption – notably, not end-to-end encryption. It’s «merely» Transport Layer Security (TLS) encryption that may bite the dust.
The threshold for obliging providers to cooperate is also to be lowered. Certain obligations for identification and the storage of data will apply from 5,000 users, while the most comprehensive requirements will come into force from one million users. This newly targets providers such as Threema and Proton.
In the Federal Council’s view, this revision is long overdue (link in German); digital forms of communication have changed massively in recent years and it’s therefore imperative that existing regulations be adapted to the new reality. According to the Federal Department of Justice and Police (FDJP), the distinction between providers with minimal, reduced and full obligations is supposed to ensure greater fairness and transparency. Further, the FDJP sees the revision not as an intervention in the law, but an «appropriate adaptation» of provisions within the framework of the existing Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTA).
What do critics of the ordinance say?
Critics see things differently. Organisations such as Digitale Gesellschaft (Digiges, English: digital society) have accused the Federal Council of undermining key fundamental rights, such as the right to privacy, even further. The fact this is to be done via ordinance makes matters worse.
Source: Presserat.ch
He views the revision of as a means of tacitly expanding the surveillance state – effectively avoiding democratic legitimisation. He has further criticised the threshold of 5,000 users as «absurdly low». Other opponents have stated that this regulation can be seen as an attempt to circumvent Federal Supreme Court rulings.In April 2021, the Federal Supreme Court ruled that so-called providers of derived communications services (DTSP) do not have to provide data to the Post and Telecommunications Surveillance Service (PTSS), as they do not provide a line and radio infrastructure, but merely feed information into existing ones.
Proton CEO Andy Yen announced in an interview with Watson (article in German) that he would oppose the new regulations – by moving abroad, if necessary. Threema isn’t pleased either and is even considering launching a federal popular initiative.
Source: Wikimedia
Resulting legal and economic problems
For the aforementioned companies, this revision means more than just additional administrative work. The technical and personnel requirements for fulfilling the new monitoring obligations are high, including, for example, having an on-call service 24/7. This would presumably result in costs in the millions. For smaller providers, this isn’t feasible and would leave the market open to big players from abroad, whose data protection standards may not be as high as those of Proton or Threema.
But the criticism goes beyond economic aspects. For Digiges, the question arises as to whether such revisions are even admissible without a parliamentary decision. In addition, some points of the revision contradict the current Federal Act on Data Protection (FADP). For instance, the provisions for data retention – which have been illegal in the EU for years.
Alternative: the «quick freeze»
The so-called quick freeze (data preservation) has been proposed as an alternative to the measures. It allows relevant authorities to access data that’s already stored on suspects if there’s a specific reason to do so, e.g. suspicion that a serious crime has been committed or justified indications that such a crime could be imminent.
The FDJP will now examine the comments and submit the revised draft to the Federal Council. It will ultimately decide whether and in what form the ordinance comes into force, which will be in 2026 at the earliest. Whether it actually will come into force remains uncertain. If the revision is adopted in its current form, political and legal countermeasures can be expected.
Header image: Florian Bodoky
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.
Security
Follow topics and stay updated on your areas of interest
64 comments
later