 We will now get a situation report from Kira, Ganti and Pake from Switzerland about these from these Swiss net politics scene and they more as deal with the same issues that we've had in German net politics as well and that we keep having to deal with in an infinite loop and We will now hear from these three about the our neighboring country and what the newest insights are Please welcome them with me Welcome to our translation of this talk on Swiss net politics. You're going to listen to Sebelis Desco and YT Hashtag C3T Twitter account C3 lingo Now we're very happy to be back for the 36 6th Kira's Communication Congress and take you on a journey on Swiss net politics from Lake Constance to the Matterhorn and Our travel guide in the next hour will be a travel guide We'll package daily ganti and Kira and we're from digital a gesellschaft digital society We are a non-profit organization in Switzerland and we deal with the issues that come from digitalization and networking in Society and we do that from a civil society perspective and we are mostly a an alliance of various organizations in Switzerland That deal with net politic issues net politics issues So let's dive right in on our journey and I'm now going to hand over to pucky Yes, thanks a lot and we'll begin our journey All the way through Switzerland from Lake Constance to Matterhorn in the eighth largest city not of our country, but of Canada the largest city And that's Vancouver. The issue is e-voting Or some call it cyber voting and we had to report last year. Unfortunately that one of two accepted Permitted systems for e-voting will not be continued for cost reasons. It seemed Who would have thought that But there are new requirements such as the Digital capabilities for e-voting systems of the next generation and One of the systems called skippel that was a Spanish software company and the Switzerland is operating the system from from skittle They do everything that the hacker would like from e-voting and Research of Republic a Swiss new paper newspaper Uncovered that The some of these urns are somewhere in the jungle their paper weights more or less which had to be counted in Spain Which And this thing took place in Ecuador and they kept a few managers of skittle in Ecuador as tourists, of course now the pressure was high On skittle that it should work in Switzerland And they said we will try to prove that our systems are safe that was the idea and Will and we thought that we would run a public intrusion test the source code had to be disclosed that is actually legislated and As little as a hundred and fifty thousand Swiss francs were invested a very small amount I assume that the Oral system would be would cost hundreds hundreds of times of that so The source code was disclosed in form of a dump really no commits and there was an NDA That had to be signed and that said vulnerable vulnerabilities cannot be published Of course that is responsible disclosure So if the post office would sign in every 45 days, then these vulnerabilities will not be discovered There is no security institute. No reputable researcher would Get themselves involved for such a small amount And information of course has a tendency to want to break free and so so what happens? There were leaks And of course the post office reads Twitter too and they responded that information is already public cannot be leaked Which was clear at the time the leak that this reply was written But it had been leaked beforehand the only way to reach that code had was via the NDA the nondisclosed nondisclosure agreement and and then they pointed to the copyright issue and The result was that the Clone repositories had to be taken down, but it wasn't quick enough Because through the leak that was the only way possible that reputable researchers could actually look at the issue such as the Open Privacy Research Society They are from Vancouver and Representing them is Jamie Lewis the the editor there the the director And that was that every single zero-knowledge proof implementation had security issues Critical issues so the backbone of the whole solution was broken Because zero-knowledge proofs are about ensuring that Only every person can only vote once and that their vote is being counted and that votes are tallyed up correctly So the result in the end was well burn it with fire My impression when I looked at the system as a cryptographic lay person, I don't know much about cryptography But I understand that when you load cryptographic keys and then cannot load them and Result to some kind of fallback and then write something that That's not quite the way a system like that can work And I thought When I read that tweet, I was thinking of this image that was what how Sarah must have felt and Well post really the post office really do read quitter because a few days later They it turns out well, it wasn't that bad all the errors are corrected. Let's cover it all up And the problem of course and I know that as a software developer I write a line of code to fix something then I have two new bugs At least that's how I experienced it Well and the core problem was that this whole system would have gone live if we hadn't exerted massive pressure on the post office skittle and and the electoral office the parliamentarians that we were in weekly contact with System would have gone live in this way without any of these vulnerabilities having become known Or maybe people would have known about them, but use them for their own purposes So I went back thinking about this image when the smaller chamber in our Parliament the National Council Sorry, that is a larger chamber when they resolved That the voting should be abandoned Well, that is no reason for rejoicing because the other chamber the smaller chamber Will surely reject this motion and therefore it's extremely important that you Sign the initiative for a moratorium on e-voting which calls for E-voting to be suspended for the next few years and the state of art should be looked at to find whether a secure e-voting is possible So that it should be evaluated so evaluated so support this initiatives will continue with Simon on our journey to the seat of government in burn I'll take you to burn. We'll shortly talk about the EID and As a location in burn we have this door Politically after people will know this door It is part of the parliamentary building This is the place where if you hand in an initiative or a referendum of which are quite a lot in Switzerland We hand them in now regarding the EID that was quite a struggle. It still is the problem is in The fact that the government would like to offer an EID, but it is Distributed how this EID should be shaped and which functionality it should have Regarding the government the idea is that a log in should be required Which you could use for e-commerce. There is one application that they have in mind Of course the EID is not about that. It's not a log in. It's about Conducting certain kinds of business where an ID is required such as legal contracts When signatures are collected you could do that in the digital arena as well You would save a lot of paper that way and save a lot of trees Our position is that The EID should be used For political participation and not as a log in for certain commercial products the history The story of the EID is a few years old now The government worked out various concepts studies were conducted two keywords in that keep coming up in these documents an Electronic identity has to be secure and trustable just worthy one concept that was looked at similar to Germany with their new ID card, but that was rejected in Switzerland And the conclusion was that the best solution for an electronic identity would be To hand this over to private providers such as identity they are called identity providers The government a few years ago had An event and a project called the Swiss ID Not written in the way it is here, but Swiss in the French way spelled in the French way this failed the new edition of that is Carried by a consortium the Swiss sign group which includes the post office the railway banks insurances and others and these are to take over that governmental task of letting us identify ourselves in the digital sphere While the process in parliament has finished I was running digital a gazelle shaft and public better and We collect and others ran a representative survey with the question. Well who Should offer such a kind of electronic identity and as you can see this blue areas quite large and if we then resolve this 87% of those ask want an EID that is provided by the state and 2% wanted to be provided by private companies although Another question in this survey was Is the EID a requirement? It's a need and 43% said yes, we would like to have an electronic idea in the next three years And this survey although we had commissioned it is quite interesting Because we were talking about security and trustworthiness earlier and the verdict of the people is clear The trust in electronic voting is placed at the state and not at private corporations And whenever there's an emergency then we try to take to Take an influence and when there's a particular emergency then a nerd will then Borrow a suit because they don't own one and we then Went to the Commission that was debating this ahead of the vote in Parliament and tried to make our voice heard as a short insert a Commission in Switzerland is a parliamentary committee in Germany, so Issues are first debated in a smaller group and then the plenary will receive Suggestions so the equivalent in Germany would be the parliamentary committee in Germany or in other countries And we had a few supporters. These are parliamentarians Who took up our issue? That we wanted a state and non-private ID But the support wasn't it was very short term and Parliament said we don't care We want a Privately run Private relationship with the Swiss consortium and that's how it came so it came You've got to where you had to get to if you don't like a certain issue you go to a referendum And that's what we did One of other of you will know the we collect platform That collects votes of voices electronically you can have the signature form in a printable way there and That would be generated with the right address in it We had a start boost through this a lot of mobilization And the information campaign Really was effective We had a lot of signatures initially, but then as always We had to go the conventional way and went out onto the streets in snow and rain and We talked to individual citizens and asked them to support our cause and With referendums what you have to do is within a hundred and days within 100 days You have to collect 50,000 signatures. That's tough work And at this point thanks a lot to everyone that contributed by signing or that Handed out handed around the the signature form in in their social circles and when these forms come back They have to be sorted. They are sent to the individual municipalities and They would then have to certify that this person is residing in that municipality then they are sent back and counted There's a lot of administrative work involved a state EID would surely be a practical solution here But unfortunately we haven't gone come that far yet. I can report good results here the the referendum deadline is the 16th of January and The fairy dust has started. We won't have just 50,000 but actually around 70,000 signatures we Had one or two referendums that we took part in the surveillance laws were involved. This was Fundamental issues we knew from the start that It will be hard to win When we came to the country, but here we quite clearly saw that the population wants a state-run EID and we're quite confident that we will win the campaign and Therefore compel parliament to Reissue this law with the respective changes Everyone that wants to come 16th of January Quarter to two in Bern and the square in front of the parliamentary building There'll be a ceremony and the signatures will be handed over and Probably in May or September The Swiss population will be able to vote on the issue. So now Paki is going to take you to a very special place We are now in somewhere in cyberspace in the swathe that's going about a network blockage there was this Law regarding Regarding her money Each and every year we have a special picture to illustrate the problem These blockings are Going to be implemented in July This is a specification There was a couple of block problems and if you have a closer look You know it had to come at some time There's a nice website where you can go and see this Stop sign and your block from as accessing the the money The gambling This list of forbidden sites there too the the one is from the gambling Companies themselves you see in the left part The domain names and When the ban has been issued there was a legal Publication and there's a deadline for for For publishing you can see these are sorted by date and not by By name and not by date this is the other one You see the newer updates Praying I've had a look at these sites As when they were published a couple of days later I've clicked through all these List are containing 39 posts 32 different companies some companies have several websites with URL 1 to 17 and Twice in this in this list the list from combo was more complete with At the time when I tested these two of these were blocked As a Swiss citizens when I went to to go there that means I either got the stop page That I couldn't use this But I or I could not choose Swiss as a country of origin and now you can see this stop page and The alternative page Telling this is not available. So I couldn't use these offerings and in the in the law the law says you can't Be prohibited from accessing but it comes even worse This specialist of Sanitational things that might be that is probably a Error, but if you come from Switzerland and view this site You you can see this the blocking is not accurate and there's blood they're actually blocking too much If you go to a search engine and Type in this you can see the list how we how you can access either what otherwise blocked sites We also publish a transparency report And now we take the S-Bahn so the train to Glarus The next topic is a net neutrality This means that all data packages should be have the same Transmission rights this is one of the essential aspects of the internet where I Should not be in the position to ask anyone for approval to offer a service on the internet This is a an example from Portugal Where with the so-called zero rating Certain Services are included, but others have to be paid additionally We do not want that this is possible also in Switzerland We do not want that not included services in such packages have worse Quality and transmission so over Several years This discussion is already on Godding. It started in 2013 where we were invited in a discussion group How to to discuss how to regulate net neutrality in Switzerland a Lot of meetings over an entire year With heavy and difficult discussions A lot where we were the ones in the lead of setting the topics The result was very disempointing. It was a Rather weak report Reporting on the different arguments of the of the members of this discussion group And in 2016 subsequently a law A draft law was published and in this draft It was only talked about transparency But not net neutrality as such So it would have been a way back a turn back from the quality principle and we would have had a Much worse situation than now without this draft law about net neutrality In November 2017 so a year later we were invited To Describe our position in the parliamentary group and we used this Opportunity to propose our own draft law how net neutrality should be best put into law and then some movement ensued actually and the Commission answered on our Proposal and changed their draft law Which has been approved by the large? parliamentary group and Then it moved over to the small chamber Where the so-called special services were introduced This is a similar discussion that also happened in So the the purpose of the law would have been actually changed by introducing these special services and And this has been this This information was submitted to parliament and and the example There was a certain perseverance a week. We know that was certain perseverance things can be achieved and We have these We had call from from representative of one of the cantons and the law Was then enacted or resolved it as part of the telecommunications law the Regulation or net neutrality is included there. There are exceptions for special services, but these are now put in a way that They can only refer to a provider's own services such as TV or internet telephony the law overall is a big success for the net politics community in Switzerland and quite surely It will be enacted in this coming to force in the second half of next year Now to the next Station on our journey we go to Zurich Switzerland's largest city and We will look at copyright the copyright law in Switzerland in Switzerland a Revision project was started this year and before we get into the technical details and a pre remark If a law is before a law enters parliament You can Give your own opinion as a member of the population certain institutions are being written to and asked for the opinion but Citizens can hand their opinions in as well and 1200s replies received at the respective department, so that is almost a distributed denial of service attack on them and One of the key issues in the planned new copyright law was the ancillary copyright Which the Swiss media companies pushed through into the project and this is an obligation to pay for Links to journalist content, which you could call it a link tax So if you link to a page with journalist content, you are supposed to pay a fee as You know it from using audio recordings for example now the fact that that is not a good idea can be quite Is quite visible in the European space some examples here is France This is a French example Where an ancillary copyright law was introduced and Google says well, we're not going to pay We will just exclude that content from our Google news search results and the second example in Germany Well an ancillary ancillary copyright law was introduced as well And when this was introduced the first action was to say well Google will gain an exception we've Just enacted a law and immediately we will just Take the bite of the law in Spain There was an ancillary ancillary copyright law without exception and As a result the traffic on news sites went down by 10 to 15 percent in Switzerland When the new copyright law Process was started an alliance was formed for a fair copyright law an alliance for a fair copyright law and you might know one or other of these logos and We are now in Late March last year and something else happened all over Europe at the time You may remember the debate on article 13 the upload filter debate in in the EU these are not really related but In a short amount of time about five million signatures against the upload filters were collected Now in Switzerland we have to fight with copyright law, but also at in on the European level There was some movement here and this movement Was manifested itself in a European strike day and we used this opportunity and had a demonstration against our new planned copyright law and That's why we have come to Zurich now because more than a thousand people took part in that demonstration to Protest against the new copyright law Few days after that we were invited into the Responsible Commission in the smaller chamber and we asked to have the ancillary copyright law Be taken out have it taken out and I'm not going to show you a video from The session in the small chamber This is the president of the Responsible Commission and he is now going to explain to the plenary that the ancillary Copyright law should be deleted the answer we copyright law we had we run a A Consultation process and journalists on the one side and the representatives of the digital societies and Google on the other side and Of course, you can always be of a divided opinion Whether a single company should be invited to a consultation or not, but because the ancillary copyright law firstly Would affect Google would be a lex Google. We Explicitly said to involve them in the consultation. I can report to you that the setting of the hearing The introduction of the reports from the administration the two experts with their knowledge and the debate with the representatives of both sides was again gleaned many insights and I would like to say very clearly that the that The application to reject this really improved the quality of the law and it's not easy to say this as a president of the Commission dear colleagues Well, the new copyright law was then passed in Parliament the ancillary copyright was taken out And there would have been some other items that we didn't like in the new law But at least we were able to Take a small part out So a partial success very nice in Borat style. Oh Sorry, we are now moving on Into depth of the canton of Argo We are going to oboe will ya now That's a That's a place you can Drive around like this It's going to be a Data protection law the now Current law has been passed 1993. It's quite out now There has been a couple of years debating the law The law is for the time being being totally rid written The two chambers of Parliament are passing it back and forth the new law is going to Be Compliant with the European law So so we also in the future can be regarded as being part of the Europe Europe and data can be passed over the border with no problems Compared to today it is In danger of being less protective than it is today the Target is to modernize this the parliamentarian from this place to this man at the law is a Huge collection of nonsense and Superfluous laws As pay Green Party and Liberal Party are not considering this law to be Going far enough and the The argument is that there has to be Taken some consideration that the a Current discussion point is tracking and profiling This is one of the big debates that is currently taking place in the parliamentary rates When personal data is automatically processed to Depict behaviors Currently with the current data protection law it is required to give consent for such a profiling Based on a proper Information because only like this is can be assured that such a consent can be Properly given without Being hidden within the terms and conditions at the large This is a This is an example with such a profiling Cambridge Analytica Where psychological profiles of millions of people Has have been created by a Facebook app which have then been used in the US Voting campaign for micro targeting But also in Switzerland's more and more Activities have been launched to Create tracking on a Swiss Paper internet sites The goal is personalization Advertisement but also personalized content And this is what it is the current debate is on so personalized profiling The goal is to agree on a risk-based approach Which means that there will be a profiling with high risk or low or middle risk to be differentiated To then decide whether an explicit concept is required or not For this as a as an input criteria it is To be decided or to be differentiated based on the source of the data Which is a bad decision Because one if you look at the Cambridge Analytica case one source can have very high risk information already So if you then combine sources of different areas of life the risk would even increase But here it is currently unclear what really is meant with this risk-based approach And it is unclear Whether the parliamentary chambers will agree on this What it also means that a An opt-out would be missing actually in this case. So what we are requiring What we are requesting is that there should be a simple and easy opt-out approach or possibility for all for everyone So that everyone can actually use a service but can Say that they don't want to be profiled So Such such an opt-out approach would also be good for this website. So now we continue our travel Data richness You can make a lot of data money with the data The so-called data rechthum There's this This man has sent 22 unsolicited emails and has not answered to request for for And now here there's this bill for for Unsolicited mail he's got a fine on 220 Funk But curiously a couple of days after this event at info brother ward big brother award is Comes has received spam mails again Some data you haven't access to Can be leaked as well has Swiss come experienced They product my cloud This is a drop drop box kind of thing with with precision and has been deleted by an accident and 2% Where the who didn't lose all their data? Did lose 2% of the data and then they got Voucher for buying something more at this same company In the next case where they Were three and a half thousand CS people have gotten data from their colleagues and This considers Metadata about connections Pretty Swiss, so thank you It reminds me of Copa that there was 10,000 of receipts There was leaked and if you live in a small community goodbye be quite interesting There was this with the USB pen stick Woman who was working as USB was moving to Germany and On her USB stick I didn't get that That was well the data was then obtained by attacks authorities who handed it on to France and that's how it worked that the bank secrecy was actually violated and This came to court We don't quite know why the court case was rejected, but this Person had to pay extra tax costs and and legal costs as well The next case is a curious one If you move in the net you need to talk what you should not do Is go to the Apple store and lock in there or use the Wi-Fi? Because there is video surveillance there And Police then obtained the IP address and took some screenshots from the video camera and printed them out and Included them in the file as you do with modern police work and the problem was that the images work kind of poor and The police in the canton of Zurich has 3d measuring technology for photographs they have laser scanners they do to make sketches produce sketches and with these the accused was then measured they attached points to their joints and biometrically measured those And in the end the result was For the investigating authorities that they had ensured the identity of the accused now if you do Nonsense somewhere don't do it at the Apple store and now to the last part of the journey and again. We're coming back to Zurich For to conclude I would like to point to some events and meetings We have This February We had a winter Congress in February 2019 Which will also take place in 2020 in February we will then go to the Rote Fabric the red factory With the new edition the third one of the winter Congress and that will take place on Saturday the 27th 72nd of February 2020 there will be 28 talks and workshops And that The winter Congress will also mainly be for exchange and the detailed program and tickets are available from now on and in April we will Have a data travel office in Zurich we will open that in April we will move together with other NGOs into a shared Hacker NGO Flat we will have various Institutions coming together here in this space near the heart broker in Zurich and then In 2020 we will have various meet-ups In particularly in particular I would like to point to the net politics meet-up on the 9th of May in Bremgarten that is our Semi-annual Meetup where the more active members and organizations within digital Gesellschaft will Spend a few days talking about the issues that they will Consider relevant in the in the remainder of the year And Also at Congress here we will continue Next to this talk, which is so at half past three we will meet in the lecture room M2 where we will talk about the issues coming up next year and We'll seek an exchange The lecture room M2 is reachable by going through the glass hall Going to the other Hall and turning right before you enter The other hall really and we would love to have as many people as possible from from you and meet you over there but we will be present around over the four days of the Congress and Our location is just below this this hall e here This is I think it's the about freedom cluster the translator adds so we have a few minutes for questions and We are available for those Okay, thanks to the three of you for this information and the talk and You know how it works if you want to ask questions There are microphones in the room and there's already someone at microphone one Hi all Thank you very much. I have a question regarding UoD and this is How are you planning to win this? the lobby of industry is quite important and are quite important in referendums as well And they've got a very strong argument regarding Commission the parliamentarian who was convinced by Google And And they're putting forward the argument that these People are in fact working in favor of Google And the main argument is that the The one who's really got hurt is Facebook and Google and the second argument is Then they will say that the state is Having a big role in this Not in Running the system but in verifying The actual identity how your strategy for convincing the public I'm afraid that the problem is that the 87% who wants the state to run this might have this opinion, but they're not active and I'm afraid that The people who don't care Will make up a big problem Yeah, well the question of the EID this is the main issue is in my opinion Is what it's going to be used for and And from our point of view, it's quite clear that it is about the transition of the conventional ID documents into the digital world and We see the need for an electronic identification an electronic ID Everywhere Where you have to identify yourself Which means that whenever I Have a mobile phone subscription want to open a bank account or Want to conduct a government processes. It's not about having a general overall log in and least of all a central log in with an EID and That is a different objective to that that Swiss sign wants to Pursue or Google we do not want to enter into competition with a Google log in or a Facebook log in with the EID And we cannot do that anyway with a Swiss law That is the wrong approach Maybe through international standards we could do this but not through a legislation in Switzerland companies outside of Switzerland would not Follow a Swiss law They would not accept a Swiss EID for logging into foreign services So it it's about the services that really require a Swiss ID Question to the signal engines do we have questions from the internet? No question from the internet That has least been one listening from Susanne How nice I wonder if any non-german speaking is with people who are listening to the translation Thank you very much. I've got one question for the AID this Public vote has been described as this we're going to win this one I'm a teacher And if I look at the people are supporting this and there's a couple of names who is Quite interesting and these all kind of pensioners How can we engage young people well probably there are two or three groups that Have a critical view of the ID in the way it has been passed so far And these are one those that are in favor of any ID, but think that the current Profile of it is wrong The way it's shaped and then there are others many others which I would probably assume the pensioner associations to be Who regard the whole project critically and therefore have a more Rejecting position on it Second question microphone not one The concept of decentralized IDs as proposed to be Integrated in IID the state will act as a provider for the actual identity Well Decentralized that is something we would like to see but our approach would rather be one similar to that taken in Germany where you have Verified identities that will be stored in the ID documents for example on a small on a smart card and the issuing of such an EID would then Come together with the issuing of the conventional document you wouldn't need to Set up a separate infrastructure or a central database that is currently envisaged so in places where identity cards are produced the Conventional ones the smart card with the extra identification Properties could be produced and and the Necessary information for the electronic signature could be added there as well in the currently passed law This option has been taken out and Is not included and these infrastructures for by the identity providers Would then not be needed with such an approach and we would like to have that Neither by the state or private providers, so it will No more be like in the Israel ID Isle Iceland what was mentioned I? See no further questions, so I'm now going to close and Thank you to all speakers Kirill