 Ja, werte Zuseher, werte Publikum, wir sollten laut Fahrplan heute eine Person sein. Über Nacht sind es drei Eidgenossen geworden. So, according to the Fahrplan, we should be one person that became three overnight and we're going to hear them talk about net politics. So, we have Simon here from Digital Society Switzerland in the middle, Sabrina from CCC Switzerland and then Patrick from the Swiss Pirate Party. Last year we heard about two referendums on mass surveillance and today we're going to find out how these laws have been accepted or denied in the referendum and how, well, how direct democracy worked in this case or not in Switzerland. So please welcome Patrick. Welcome to our small update, as you said the second time we're here. I'm happy that this many people are interested. So we're going to have a quick look at how referendums work in Switzerland, so you don't get confused by the terminology. Then I'm going to talk about the Nachrichtendienstgesetz. We're going to talk about the BÜPF, the other law and then we're going to look at this one legal case about mass surveillance that we have running and briefly five currently interesting topics that are lost, that are now debated in the big chamber and small chamber of the Swiss Parliament. So in Switzerland there are three possibilities, how a law can come about. How it could come from the people, so national referendum. Then the ruling government can pass a law and in the parliament you can start a motion, which is going to be treated by the parliament. Then there are these different layers here and then there's the von Niemlossung, which is a public request for comments where anyone can basically comment on a law that's in debate in parliament currently. So, to the Nachrichtendienstgesetz. Last year we collected signatures to force a national referendum. Unfortunately we lost that referendum because we didn't have any money. Nobody wanted to invest into this political fight and it's just not a political climate to be against surveillance laws. So 50% of the people voted yes to this referendum, but one small highlight, the people below 40 voted no. So there's a chance in the upcoming years to do something about this. Little correction, it was 65% of people who voted yes. Welcome to the part about the surveillance law. Please excuse my raw voice. First I'll tell you about what happened until now. Then I will tell you about the demonstration in 2014 and the referendum in 2016 and then we will be talking about how things may continue. We won't make the surveillance state great again is certainly the big thing and that's because in our constitution we have the right to privacy guaranteed and unfortunately the law about mass surveillance named BÜFF will violate that. We've had a law until 2014 which allowed a certain extent of mass surveillance and preemptive data storage but that didn't go far enough. We had a previous presentation which you can look up online with more details about that. This revision of the BÜFF had included extending the preemptive data storage, permission for Trojans and many more and under the threat of terrorists and more the council, the parliament didn't think too hard about it and passed it very quickly. So we're not very surprised that there are quotes in the newspapers that it was more controversial in the parliament whether to pay service providers for what it costs them to provide this mass surveillance than whether or not a federal Trojan is appropriate. When we were talking about the electronic patient data we were invited but barely anybody considered what the actual consequences were. So there is also a question about where and how this data should be saved in the future. There are of course going to be multiple providers. Well, if I flat share and we share an internet connection then I have to collect data about my flat share mates and can I store that in Africa or so that's still not really quite regulated but it seems it works for them. So we said stop, we don't want this and originating from the pirate party we started this motion to vote no for the BÜFF referendum and also to educate the people in the parliament about the technical details of this law and we were able to bring a lot of other parties on board from left to right across the spectrum and we want to have serious debate about this law. So this here is what it looks like. So this is the chief of federal police who wants to bring us the govware. Here you see signs from the protest. We're in Switzerland so this is also what it looks like. So let me go back here. So 2014 when the parliament was in session the law should have been discussed. We managed to push the discussion back one year but that also meant, well we had this debate ongoing for an extra year and in the end when the parliament voted it was 160 to 120 for the motion and we had 100 days for the referendum to force a vote of the Swiss people to collect 50,000 valid signatures because the NDG law referendum wasn't that far back. A lot of people were exhausted but we couldn't just let this BÜFF law happen so we launched the referendum fight anyway. Thank God we managed to find a group that supported our referendum. We also wanted to thank the PEP Foundation who donated both time and money. Also, for example, this WECO who especially financed a large part of our efforts and of course thanks to all the individual activists who helped here. So we had a new big chamber in the parliament so we could hold the press conference in the media room of our parliaments. So thank you for helping us organize this. So that was our CCC club room called Rüschibach which was turned into an office basically for the BÜFF referendum and I want to thank Ari for organizing all the office work there. Also, these are helpers here who are sorting these signature documents that we have to file. Together with the Digital Gesellschaft we set up a platform where you could download these signature sheets and basically from the government you get nothing. There's a small note and nothing else. So we also developed a tool to help us keep track of the paperwork and we had to develop our own because even though this software exists from other parties they didn't want to give it to us in case it fell into the wrong hands. So now we have this self-written software which actually Patrick here developed and if you want to launch your own ever-random in Switzerland you're welcome to ask him for the software. So the Conservative parties fought or did very, very little until the end and that was quite a damper for us. We mobilized everything and invested a lot but together with the Digital Society and Amnesty International we created a video to explain to people what this referendum really is about. She's got so many tabs open, she'll find it. Do not fear, Miss Miller, we've got the perp. You've got him? Oh yeah, we find him, no worries, there. There's the bike, it's still there, it's still there. Are you filming all of this? What is that? Turn this off now. Yes, I'm not going to translate that. There we go, all right. It's not my laptop, see? So we were talking about the Conservative parties and to be fair, there was a core group and they did a lot but all together the Conservative parties which were helping out only reached a third of their quota of what they promised and that was a big problem and it would be a big part of why we failed to get enough signatures for the referendum. We didn't know that at the time and we talked about it and we got a tip to hire people who go collect signatures but that means gathering a lot, a lot of money and that was already recognised as being a crucial moment and we had to mobilise over 30,000 Swiss Franks in a short amount of time but we managed and then the next question was who would we hire and we found two organisations and a couple of students from various students but we still managed and it would be interesting to look at how in Switzerland you can organise such a referendum. So, having solved that, we are on the final stretch and we got more and more signatures and we had people working day and night to verify those signatures and I really want to thank every single one of those people that deserves a big, big, big thank you for all the work they put in verifying those signatures and we were working and it was raining and we gathered and gathered like crazy and then we get the news that something wasn't working out. Daily, we had to do a lot of work and it was a nightmare and everything was organised very broadly and agilely and suddenly it turned into a bureaucratic monster and there were people who wouldn't even acknowledge being connected and that took a lot of time and a lot of people so we tried to go figure out why our help was rejected and we went there and it was a nightmare. We had contracts guaranteeing a certain number of signatures and that was just wasn't there. Things weren't there. We tried to organise everything at short notice we're even such on the shock that we really just had to sit back and calm down and still we tried and we did everything to get everything verified in time. We had to go to every little last community somewhere to the local governments to get it verified and we had another bunch of signatures which we had to do on shortest notice just before the deadline and that was very consternating. That led to a big consternation and we didn't feel good about it. And we roughly had 55.000 signatures and we went and handed it in and unfortunately only 41.000 were verified and that didn't quite work out but we are going to be invited to the next consultation in Spring of 2017 and we're not going to give up. We have the option of a People's Initiative. We do think that even if mass surveillance weakens our democracy we can still work against it and please everyone do not surrender, do not give up, stay active, protect our personal freedom online as offline and keep working. Hello. I'm going to say something about our case against mass surveillance. So we've just heard about how we use the tools of our democracy to fight against mass surveillance but we also have a different approach by basically going the way of the courts. So this is a quick summary of what metadata in Switzerland are currently collected today. So the important comparison compared to Germany is, well, you're discussing about four or eight weeks. In Switzerland it's more like six months versus twelve years. Well, fortunately we will manage to get that bit thrown out. So we contacted the service that collects the metadata for the government and asked for the data about six individual people. This service from the government didn't follow through and so we came to the federal court and they discussed our case for a long time and extended the case to five judges. Our notion was declined but there's one good thing that happens. So this is actually the first legal case in Switzerland which actually says that mass surveillance is a serious offense against privacy. So this is what we received and now for a few weeks we went to the Supreme Court of Switzerland and well, we expect that these six individual people could be exempt from mass surveillance but of course that's not what we want. If we don't get what we want in front of the Supreme Court we're going to the European Human Rights Court in Strasbourg and of course our goal is to free all the Swiss people from mass surveillance and if we get this case in front of Strasbourg then there's two possibilities for the Swiss government. So they could remove just these six people from the surveillance which would be technically possible but unlikely or the other way would be to throw out the law all together. Of course if you remove all those six people from mass surveillance why wouldn't you remove any others from mass surveillance? It stays exciting but it's going to take some more time. We only moved towards the Supreme Court a few days ago so everything of this is going to take some more time and I think that's it for me and I'm going to hand it over back to Patrick again. In the past few months or years actually the magic firewalls have been keeping us busy because for politicians they are a tool to keep us all safe and in reality they look more like the image we just saw. In reality we've also reached the gambling laws and the goal of these laws is to protect gamblers from themselves. All the gambling wins should be treated the same. Currently casinos are not taxed and online gambling should be permitted and the same as has been done to offline casinos should be kept. Our main criticism of this law is in fact that currently they are trying to block non-licensed online games and that requires firewall infrastructure. The cantons also benefit from this gambling from lotteries in 2012 earned almost 600.000.000 casinos paid another 320.000.000 Swiss francs to funds into the national pension fund. So, as said, it's supposed to protect the gamblers from themselves. If I have such a license then I must be able to block certain people from playing. It's supposed to be kept lucrative, well for the state that is. Ever fewer people are playing the lottery because there's not an instant feedback. You buy your lottery ticket and that takes some time. But since we want to keep that, the goal is to prohibit newer models of games. The fact that this is a problem in the first place is that the entire Internet branch of industry has led this slide and basically not realized that the gambling laws would affect them at all. Then there was a consultation about the telecommunications law. There's a partial revision. They want to change certain parts of the law, not the entire law. Even here they want to include firewalls and blockages. The goal was to strengthen the rights of consumers and to deregulate the usage of the bandwidth and to lessen the burden of administration to service providers. The consultation is over. Again our main criticism is blocks of firewalls. The fact that net neutrality is not part of the law and no protection against metadata collection. We do have some blocks already in place in Switzerland since 2007. We have a blockage list. There is a self declaration by the community of all providers so that they stick with this block list. Parliament is thinking that this blacklist is not good enough and that the voluntary aspect is not good enough and that they should be forced. This list should be updated every three months so that the internet is way too slow. Of course there is the darknet. These DNS blocks are very easy to circumvent. In fact, I answered the consultation by putting a guide to circumvention into our answer. It means it is now officially archived in the Federal Archive. So they plan to force that it has to be declared when things are serrated or they are under other rated data streams but we don't want discrimination of data streams. In the consultation for this law, the big providers published a code of conduct where they say, well, we do net neutrality but in fact nothing changed at all. Basically they do the same thing they do now. The last point is, well, we've previously discussed this last year's session. Balthasar gladly entered a motion into the Parliament to basically put net neutrality into law but it was thrown out because supposedly it wasn't necessary. Then our changes to what metadata is saved and also who can have information from the stored metadata. Well, we want basically that only billing metadata relevant to billing can be saved at all. And we also want that the customer controls what data is stored and only the customer can access it so that the provider can't give the data to anyone else. Also, well, this provision is also bullshit. And then there's the problem with the copyright law which is being revised. So the idea was to have a more modern version of the copyright law and fight piracy more effectively. They put three strikes in there. And then they wanted to promote the use of digital services. So just a few bits from this law. So it's currently in a really bad shape. Many people commented in the consultation. There were over 1,000 entities that entered their comments. In all in all, the report in the end that was published was 8,000 pages long. Well, the paper day had to sit through. They were astoundingly fast. The main point of criticism touched on this already because internet filtering is part of this law. So take down and stay down notices. This is going to be formalized. So this means if you receive a take down notice you have to ensure that this bit of information can be published again. So their idea is there to criminalize the customers und then there are kind of access rights. So, for example, if a user has been warned three times then a judge can access the metadata from this user. So this bit of the backstory, 2012, from pressure from the music industry from the US. A working group was started. I mean, that's the general approach when you actually don't want to do anything. So there were regular meetings from this working group. The protocols are public online by the way. From Swiss internet politics barely anyone was invited. Maybe one or two of the big ones but not really any relevant representation. So they met over and over again until November 2015 where the public consultation was started. With the public consultation everybody has three months time to study the law and enter a comment. And well, if you're a big party you can also ask for an extension if you missed this three month deadline. So the Swiss democratic party did that, for example. Usually when a consultation is open or completed then the results are analyzed internally and then there's a summary report. And here there was however a meeting of this Agur 12 group and through Freedom of Information Act request we were able to access the meeting minutes and we found out that they had access to the report that was supposed to be public but they had access to it earlier, which is not okay. So a lot of individuals, also libraries and commented that it's stupid that there's a fee that libraries have to pay now in this proposed law, for example. There's the Institute for Geistiges Eigentum part of the federal government of the administration and they said, well, basically reform is good, they said. But of course everyone has different opinions about how this reform should be made. So officially there's still time until the summer for this working group to decide how to move forward with this law. So as I've said, all the data on the public proceedings you can find under this link. So I've made a summary of what we want. So we don't want any netbands. We want to keep downloads not being illegal as it currently is. So, I mean, the revision won't explicitly criminalize the downloads but you have to kind of balance it out in the other direction. So we really want to have that in there explicitly. Then we want the right to have information. We want to remove the rights of Verwertungsgesellschaften to access records on normal people. Then if take-down notices will remain in the law, we want to have penalties for abusing the sending of take-down notices. Then the administration of the Verwertungsgesellschaften is way too big. We want to lower that down to 10% and you shouldn't have to pay fees explicitly to the Verwertungsgesellschaften. So you have musicians should be able to basically sell their own music directly without delegating the rights to the Verwertungsgesellschaften. There is a very big problem with unclear copyright situation on works where the author can't be found or has died. Of course, we are also considering things like movies as well which we've talked about three strikes. Works that are made by public offices or the administration should not be covered under copyright and you should be protected from responsibility so that free Wi-Fi access points are possible too. Well, data protection, it might not be sexy, but it's damn necessary. So, what's it about specifically? Since several decades we've had a data protection law in Switzerland and we've been thinking about modernizing that. There is an official who is in charge of data protection and public law and he can tell companies that do not care about data protection, that they are being bad companies because of a fairly weak data protection law despite everybody praising the data protection laws in Switzerland. In the pinch it really doesn't go that far. How should I put this? There is a certain set of data which the administration can work on and I should be able to keep my rights about this data and I should be able to ask for that data from company or administration and these companies and administration should not be able to sell that data to someone unlike here in Germany where poor communities can sell data to earn some extra money. The last one lasted for 23 years so we're assuming that the new data protection law will last for quite a while and the consultation is now running since a few days ago and we expect that it will ask for more power for law enforcement and the administration and we expect that it will orient itself in the EU data protection law so they expect to use the market located principle so that when a Swiss company sells something in Germany the German law also applies and so our law would also apply to companies selling in Switzerland. I should be able to take my data with me and give it to another company if I want to be in control. There is also the European Council Convention and the central element there is the consent to data manipulation and if a company does not conform to data protection laws then there should be automatic notification and appropriate laws and that still runs until April and we will make sure to fight for our stance in that and we'll see what comes from that and for the end I just want to quickly talk about e-voting. At this time there are two systems in Switzerland which are being evaluated, used as an evaluation and basically the federal government has argued for using e-voting to make it easier for Switzerland who live abroad to vote in Swiss votes and currently it's limited to a certain percentage of voters and these two systems could not be more different. Currently there is a closed source Spanish system which is being offered by the Swiss Post Office, the mail and then there is an open sourced version which the canton of Geneva is developing. Unfortunately universal verifiability is not given in either of the systems and the goal is to have e-voting established in two thirds of all cantons in 2019 but keep in mind that in 2005 somebody wrote that we should have it by 2010 and then they said in 2013 and then they said 2017 so it'll take some time. My political views, how I vote, who I elect is part of my privacy and that's difficult in e-voting. We have to be sure that my vote was counted and not just that it was counted but that it was counted the way I wanted it to and we can say the devil is in the details with e-voting and it's difficult if not impossible to create a data protection compliant e-voting system. There is individual verifiability. I as a citizen should be able to verify that the system was counted and entered into the system appropriately. If I vote on paper I can not go through the ballot box and confirm which one that mine was counted but of course I can just go to my community and join and help with the counting and observe and I can see that the process is working fine and that's good enough because if the process is working my vote was counted appropriately and it would be nice if that was the case with e-voting too. As I said, there's three points. Was my vote cost as intended, was it recorded as cost and was it counted as it was recorded. In America a few weeks ago there was a recount of the election and in the regions where e-voting computers have been used of course there's a difference. E-voting is about I vote from home and with election computers I go to the office and use the machine. There is a difference. I vote from home and I go to the office and use the machine there but there's no paper and I cannot actually do a recount. I can verify my database, I can rebuild my database but that requires a paper trail to actually verify the vote. There are some inherent problems. E-voting is very complex. It's not understandable to the average user. I can't explain that to my grandmother how it works. If you don't know cryptography and know it well you're not going to have a chance to understand it. And of course then there's bring your own device. All devices can be at different patch levels. They can have various malware infect them and this is always going to be a problem with e-voting. It's not necessarily a problem of e-voting as such but it's a problem of the computers which will be used to do e-voting. And of course even a perfectly designed system can still be implemented incorrectly. And of course that means the code and generally the code would have to be open sourced and audited by an independent instance. And the Canton of Geneva is being progressive here and there is a Spanish solution but the Canton of Geneva is working on an open source solution which can be found at this GitHub repo. So further components will be added to the system. It's generally very good that the Canton of Geneva developing this thing and also helps other cantons develop this system to their needs. So that was it. Thank you for taking the time and thanks for all the Swiss people being here especially. So there are two things on the chaos side and the other thing is from the Digital Society Switzerland we write a newsletter once a month to sum up what has happened in Switzerland so I really want to recommend you to sign up to this newsletter to know what's going on. So you can contact us at the Congress if you want to talk to us, you can see here and of course I'm here to answer some questions if you have any. But right after this, after Hall 1 if you go back to Hall 1 that's below the food court we got a room and we can have a chat about Nitzpolitik in Switzerland and we'd be really glad if you show up there. But of course right after this talk you'll have another very interesting session in this room and of course, but I would like the Swiss people to please come to workshop and everyone else please follow the talk about Nitzpolitik in Austria. So question from the audience. So, to Sabrina, you said something about that referendum before you said there was some sabotage with the part of the signatures so what's up with that? Were those sabotages or were those just people trying to make a quick buck? Well, this is a question we've asked ourselves there are some very emotional responsible the correct response I can give you is these are people who made a contract with us and they told us that they had these numbers and in fact maybe they were simply just overwhelmed by the talks and we can't really say anything as to their motives. I would like to ask about the data protection law. I'm surprised, actually very surprised because I have a little bit to do with that and been dealing with this for quite some time that Switzerland seems to be having this highly backwards law up to now and how did that happen? How come Switzerland is behind on that part of law? Well, generally you can say that Switzerland works, but it works slowly direct democracy is exhausting and it takes a lot of time that's one part of the answer, of course and the other is we've realized after 23 years that yes, actually we can extend data protection I don't know where you were 23 years ago but internet used to be a lot slower back then and I do think it's actually kind of nice that now we've decided to strengthen our data protection and also our main data protector and I mean, I've said his competence is basically recommendations and giving him the right to actually punish people that's a good thing and data protection needs to have a real bite. So, a note here. We've heard some complaints about e-voting and I do research on this topic. So yeah, there are definitely a few problems and I can personally find out which code which program was installed there and that it really only does what I want but there are a few things that actually are problems that have been solved. So, for example, the end-to-end encryption thing there is such a thing as end-to-end verification. So, there are some risks but in other societies they have decided to accept some risk for technical development and I want to invite you all to an assembly tomorrow at 4.15 p.m. and I'm going to explain some of the issues that have been solved with e-voting. Where is this assembly? It's in Hall G, if it's not changed. So, there are going to be a number of talks about decentralized networking and we'll also cover e-voting. I'm more interested in the revision of copyright law. Is there the intention to work together with artists? Because I'm pretty sure I know a couple of people who will be against that revision and probably quite a few more artists who will be against copyright law if they understood it. And are there efforts in that direction? And I think that's a voice where you couldn't argue for protecting the artists if the artists were against it. What I can tell you is that we have worked together with an artist for the communiqués of the pirate party but we will gladly get back to you. But the problem is that a lot of these groups are organized in groups and these groups are really close to industry even if the artists themselves aren't. I have another question. What's your position on Trojans? Not computers but implants. Pacemakers, Insulin pumps, hearing aids. Why do you think there's a difference in this one negative aspect? Well, if I have a Bluetooth deactivatable pacemaker somebody dies, if I deny a computer well, a computer is off unless that computer controls something. Well, thank you for answering that question. What's your position on that? I don't know if that's going to make a lot of sense but here goes. It's a question I haven't thought about a lot. At its most basic hearing aid I can remove, pacemaker I can't, pacemakers are as far as I know so you can calibrate them over radio but you have to be really close. At the same time we know that in RFID distances are a relative thing. I think really first one or two people are probably going to have to die before a debate gets going on that. At its most basic everybody has to decide if they want to be a cyborg and yes, looking at it this way a pacemaker is being part machine assisted. Definitely an interesting question but I think first we have to have a few incidents before we get any sort of debate on that but it's a really interesting question. So, thanks. Okay, last question from me. So I have diabetes and I had an insulin point at some point. So Switzerland has a lot of pharma industry so sure they have a lot of good solutions to this problem and I can also look at my blood sugar on my phone and in the cloud. So, I would like to update how these pharma companies protect your data. We mentioned this before, we were invited by the National Health Service to consult on the law about the digital patient dossier and file. So find information about this on the CCC page In einem früheren Gespräch über die Verwaltung der Raunters auf den Kunden. Es wurde gesagt, dass, wenn du es möchtest, du die Alternativen präsentierst, über Online-Gambeln. Wir sind gegen die DNS-Blocks, aber du hast eine Alternativen, um die Menschen zu protecten und um die Taxi-Returnen zu ermöglichen, denn beide von ihnen sind gewohnt, oder? Also, wie soll man das sagen? Währenddessen sollst du ein license bekommen, das ist ein guter Schritt, weil das schon bedeutet, dass du einen bestimmten Job hast. Und die illegalen Offerungen, die werden immer da sein, und es gibt nichts, was zu tun, nicht sogar mit DNS-Blocken. Und es gibt mehrere Dinge, die wir gedacht haben. Außer von klassischen Netblockern, man kann sie von den Such-Engines belisten, aber die größte Sache ist, um die Flüte des Geldes zu stoppen, nicht zu senden. Aber das ist nicht über illegalen Spiels, sondern über non-Swiss-Kompanien. Der Punkt ist, um die Profit in Deutschland zu halten und die Sensorung des Net-Blocken ist definitiv der falsche Weg, um das zu tun. Und wir haben sie in verschiedenen Richtungen zu verhindern, aber am Anfang des Jahres werden wir sehen, wie erfolgreich wir waren. Eine letzte Frage, please, ob möglich. Okay, ich werde es versuchen. In Net-Politik, alles wird jetzt schiessen. Und du sagst, du willst etwas mit den letzten Inputs ändern, aber realistisch, wahrscheinlich wird nichts passieren. Also die Frage ist, ob wir wirklich die Möglichkeit wieder von Null anzufangen? Und ob wir die Möglichkeit starten wieder von zero? Also wir haben eigentlich ein neues Publikum gesprochen. Wir haben nur noch darüber gesprochen. Und also, wir haben jetzt noch ein paar, jetzt sind wir viele. Und wir haben starten, um technische Details zu erinnern mit den Mitgliedern des Parlaments. Und das ist auch etwas, das ist ein Bewegungs- das ist noch aufgeräumt. Wir müssen erst die Zeit investieren, bis wir ein paar Veränderungen sehen. Aber ich denke, jeder, der wirklich möchte, in dieser Zeit wirklich zu tun, und bitte kommen vor und sprechen zu uns. Eigentlich, da gibt es einen Referentum, der auf dem Tisch ist. Und, well, erst, ich denke, wir müssen unsere Brüste holen, bevor wir wirklich vorgehen, oder etwas so groß. Also danke, Patrick Sabrina und Simon, für Ihren Gespräch.