-----Original Message----- From: _ISC-EJPD-UPF-ProviderMgmt Sent: Freitag, 20. April 2018 17:18 To: Jean-Pierre Schwickerath swinog@hilotec.net Cc: swinog@lists.swinog.ch Subject: Public Wifi and BÜPF
Dear Mr Schwickerath,
Your post from 9 April to the Swinog mailing-list [1] was brought to our attention. We would like to provide you with some information about the new surveillance act (BÜPF) and answer your questions about the obligations of providers of public WLAN hotspots. We are copying the list because we believe this information might be of general interest.
[1] http://lists.swinog.ch/public/swinog/2018-April/006975.html (visited 20 April 2018)
The new BÜPF and its ordinances came into force on 1st March 2018. The ordinance VÜPF contains specific obligations for Telecommunications Service Providers concerning professionally operated public WLAN accesses (Art. 19 para. 2 VÜPF). In your post, you refer to information published by Digitale Gesellschaft about Public WLAN [2]. The information given in „Merkblatt Public-WLAN”, dated 16th October 2017, is outdated.
[2] https://www.digitale-gesellschaft.ch/publicwlan/ (visited 20 April 2018)
For information about the new law and its ordinances, please visit our website https://www.li.admin.ch/de/themen/das-neue-buepf which is available in German, French and Italian. Some information is also available in Romansh or English. There you can find the complete legal basis together with the explanatory reports.
On our website we also provide a memo about professionally operated public WLAN accesses “Merkblatt WLAN”: in German: https://www.li.admin.ch/sites/default/files/2018-02/Merkblatt%20WLAN.pdf in French: https://www.li.admin.ch/sites/default/files/2018-04/Notice%20%C2%ABWLAN%C2%B... in Italian: https://www.li.admin.ch/sites/default/files/2018-04/Promemoria%20%C2%ABWLAN%...
To respond to your questions:
If I understand the information on the above page correctly, he doesn't need to identify his users, so he won't (and won't store any logs) and as a consequence he will not have any information to be stored for 6 months for the büpf. Is that so?
The obligation to identify the end users of professionally operated public WLAN accesses with appropriate means lies with the Telecommunications Service Provider (TSP). According to your short description, the company operating the access point does not seem to qualify as Telecommunications Service Provider. However, if you would like a thorough assessment, we invite you to contact us. Please note that the obligation to identify WLAN end users is not automatically associated with data retention of all secondary data for 6 months, which is another obligation that only lies with TSP that have full surveillance obligations.
The other question that comes to my mind: if the customer provides a captive portal to have users acknowledge a "Hausordnung" / code of conduct, then the APs will "store" which MAC address has checked the box. Does that make his subject to the Büpf?
According to your description, your customer operates the wireless access point and shares his Internet access with the public. This activity falls within the BÜPF category „persons who make their access to a public telecommunications network available to third parties“ (Article 2 letter e BÜPF), no matter if a captive portal is provided or not. This category of persons only has passive obligations under the BÜPF, does not need to prepare anything and does not need to store data based on the BÜPF.
Do not hesitate to contact us for further information.
Best regards,
Post and Telecommunications Surveillance Service Provider Management Team
Fellerstrasse 15, 3003 Bern Tel. +41 58 463 34 29 _ISC-EJPD-UPF-Provid@isc-ejpd.admin.ch www.li.admin.ch