It has recently become fashionable among “privacy” companies based outside of Switzerland to attack the notion of “Swiss privacy”. Such assertions usually take the line of “Switzerland is not special because it also has X, Y, Z”, and then draw a false equivalence between X, Y, Z and what is happening in the countries these “privacy” companies are based in, (which are often 5-eyes or 14-eyes countries(new window) like the United States or Germany).
Fair competition vs. honesty
Competition is part of the natural course of business, but dishonestly isn’t. And here’s where the problem lies. Claims such as “Switzerland also has warrantless surveillance”, are simply false and ignore the huge problems in other countries’ privacy laws. For example, the US Congress recently re-approved FISA Section 702, which enables the FBI to conduct 3.4 million warrantless searches per year.
A recent article(new window) on the Tuta blog claimed that Switzerland is no better for privacy than Germany because Swiss law enforcement agencies may assist police from other countries. No one has ever claimed that Swiss privacy is exceptional because Switzerland isolates itself from the rest of the world. What is exceptional are the rules of engagement that Switzerland sets.
For example, Article 271 of the Swiss Criminal Code(new window) forbids any Swiss-based provider from directly interacting with foreign law enforcement under criminal penalty.
This isn’t to say that the Swiss intelligence agency never cooperates with international organizations. However, the Club de Berne(new window) intelligence-sharing forum that Switzerland is part of has no binding obligations and plays a purely advisory role. It is therefore wrong to compare it to Germany’s binding obligations under the 14-eyes agreement(new window), NATO intelligence programs(new window), and the European Intelligence and Situation Centre(new window) (EU INTCEN). To falsely equate the two is simply deceptive.
There’s also a big difference between police cooperation via Interpol or Europol and the large-scale intelligence collection performed by the NATO intelligence programs.
Tuta makes the completely unsubstantiated claim that “if you are connecting to a Swiss-based service like Proton from outside of Switzerland your data is being actively collected and shared with other intelligence agencies around the world”. Not only is this completely speculative, but there is also no basis to claim that this is an issue specific to Switzerland.
Finally, competitors often mention the fact that Swiss banking secrecy was finally weakened in 2018 as an example of how Switzerland is no longer a good place for privacy. But there’s a huge difference between financial data and personal data. If anything, the fact that it took until 2018 and threats to cut Switzerland off from the global financial system to weaken banking secrecy shows how deeply privacy is ingrained into Swiss culture.
In the final analysis, it seems the only reason non-Swiss companies are attacking Swiss privacy is because Swiss privacy is actually better.