On 9 Apr 2018, at 08:44, Jean-Pierre Schwickerath swinog@hilotec.net wrote:
Dear colleagues
I'd like to ask if anyone can confirm that the information published on https://www.digitale-gesellschaft.ch/publicwlan/ is accurate in regards to being subject to "Überwachungspflichten gemäss BÜPF".
We have been asked by a customer to sell him a Wifi-Installation for his café. We are going to sell him the hardware and do the one time installation. Afterwards the customer is running the infrastructure himself, he might ask us for help for firmware upgrades and similar tasks but we are not going to run that Wifi as a service or do any monitoring.
If I understand the information on the above page correctly, he doesn't need to identify his users, so he won't (and won't store any logs) and as a consequence he will not have any information to be stored for 6 months for the büpf. Is that so?
The other question that comes to my mind: if the customer provides a captive portal to have users acknowledge a "Hausordnung" / code of conduct, then the APs will "store" which MAC address has checked the box. Does that make his subject to the Büpf?
To my knowledge the information presented represents the current status quo. The BÜPF's rule is to assist the police in criminal investigations. Assuming a user has used the Wifi-installation and further assume that user has committed a serious crime the police has to investigate, then the Cafe owner could be asked to assist by providing information. However the simple MAC address would not help here because it would only mean that _someone_ has signed up to the Café, not that this person has committed the crime or has anything to do with it. For that the MAC to IP address matching would have to be stored. Furthermore if you don't store any data on the user itself, it wont lead anywhere.
If the Cafe owner is considered a telecommunications operator, then he could be forced to tolerate wiretapping in such a case (assuming the criminal comes to that Café regularly to commit his crime) but I have my severe doubts that this might ever be relevant. Firstly because the wiretapping could occur one level up by the Café's ISP, secondly, because a Café owner is not really a telecommunications provider etc. The people from the BÜPF are not stupid neither. They know the real world out there and they know the limitations. So they don't go for impossible solutions just because the law could imagine them.
So for the Café owner I think its much more relevant to take care of the Datenschutzgesetz properly by _NOT_ storing anything. Then he should be on the safe side. The likelyhood he ever will hear from the BÜPF again is very very low.
Thank you very much for your input on this topic.
Best Regards
Jean-Pierre
-- HILOTEC Engineering + Consulting AG - Langnau im Emmental IT für KMUs: Netzwerke, Server, PCs, Linux, Telefonanlagen, VOIP, Hosting, Datenbanken, Entwicklung, WLAN, Cloud, Firewalls Tel: +41 34 408 01 00 - https://www.hilotec.com/
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog