-
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123b FC
- Art. 136 FC
- Art. 166 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
- Art. 808c CO
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 5 lit. f und g FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 54 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
FEDERAL CONSTITUTION
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
- I. Introduction
- II. Condition of double criminality (Art. 29 para. 3 and 4 CCC), exclusion of political prosecution (Art. 29 para. 5 lit. a CCC) and violation of public policy (Art. 29 para. 5 lit. b CCC)
- III Securing and collecting data abroad
- IV. Execution of Preservation Requests by Swiss authorities
- Bibliography
- Materials
I. Introduction
A. Multinational and collaborative prosecution of cybercrime
1 Criminals use the Internet to commit crimes for two main reasons. On the one hand, to remain anonymous. On the other hand, to scale their criminal business model cost-effectively, i.e. to reach a large number of potential victims (especially cyber fraud). In addition, there are those computer crimes in the narrower sense that are inconceivable in the analog world (e.g. hacking, DDOS attacks, etc.).
2 In line with the nature of the Internet as a global communication network, cybercrime always takes place internationally. As a rule, organized criminal groups operate worldwide, or at least - from a Swiss perspective - Europe-wide, and in some cases only in specific language regions (e.g. German-speaking countries). This means that no state can fight cybercrime alone. Cyber investigations almost always have to be conducted internationally or have cross-border aspects. Large and complex investigations are referred to as international criminal prosecutions. The contrast to this in (Swiss) criminal prosecution could not be clearer. Due to the primary responsibility of the cantons for criminal prosecution, a great deal of resources are still lost in this country to clarify national jurisdiction. A national situational picture of cybercrime phenomena exists at best in rudimentary form.
3 Anyone investigating in the cyber area will generally not be able to avoid Art. 29 CCC (Preservation Request / immediate seizure of data).
B. Practical significance and related articles
4 Art. 29 CCC, together with Art. 32 lit. b CCC, is one of the most practically relevant provisions of the Cybercrime Convention, at least from the perspective of law enforcement authorities.
5 The Preservation Request is intended to solve the problem that electronic data is volatile and is often stored abroad, but legal assistance proceedings are regularly very lengthy. From the point of view of law enforcement, this is aggravated by the fact that many countries do not have a so-called "data retention policy", which can lead to data relevant to investigations being lost before a request for mutual legal assistance can even be made. Preservation requests are therefore intended to enable data relevant to criminal prosecution to be secured abroad quickly and easily so that the requesting state has time to make the data available through mutual legal assistance channels.
6 In contrast to the information request pursuant to Art. 32 lit. b CCC, which can be submitted at a low threshold and without disadvantages or costs for the requesting state, the requesting state, which invokes Art. 29 CCC, undertakes to actually request the data secured abroad later by means of a request for mutual legal assistance. A request for mutual legal assistance involves a certain amount of effort for the requesting public prosecutor's office, so that the public prosecutor's office will not make preservation requests lightly.
7 The question of the legal nature of a preservation request arises time and again. This is the case, for example, if it is still unclear after a criminal complaint has been filed whether there is sufficient initial suspicion to open criminal proceedings (Art. 309 para. 1 lit. a CrimPC). Only then are coercive measures by the public prosecutor possible and justified. If the preservation request were not a coercive measure, it would be possible for the police to submit a preservation request on their own initiative, which would be welcome in terms of the intention, because the faster a data preservation is carried out, the more successful it is likely to be. The question of the legal nature of the request is not answered by the Cybercrime Convention itself, but is governed by the law of the requested state (Art. 25 para. 4 CCC). The answer can therefore vary. For Switzerland, it is argued that the police may not, in principle, submit a preservation request without the consent of the public prosecutor's office, because the latter is then obliged to submit an international request for mutual legal assistance at a later date (which is only possible if criminal proceedings have been opened). The request for immediate data preservation also results in a temporary seizure of records, which would constitute a coercive measure in domestic proceedings. In fact, a preservation request must therefore be treated in the same way as a coercive measure in criminal proceedings. As a consequence, a preservation request must be ordered by the public prosecutor's office, whereby the execution can be delegated to the police. In domestic cases, however, a temporary seizure by the police is permitted as an exception if there is "imminent danger" and the public prosecutor's office cannot be informed in good time (not even verbally) (Art. 263 para. 3 CrimPC). In such exceptional cases, the police may also make requests autonomously in accordance with Art. 29 CCC.
8 Mention should also be made of Art. 16 CCC, which requires member states to create the necessary legislative and organizational conditions so that preservation requests from foreign states can be complied with in accordance with Art. 29 CCC. In the course of implementing the Convention, Switzerland decided not to enact any new criminal procedure law in this regard (see below, n. 32).
II. Condition of double criminality (Art. 29 para. 3 and 4 CCC), exclusion of political prosecution (Art. 29 para. 5 lit. a CCC) and violation of public policy (Art. 29 para. 5 lit. b CCC)
9 The Cybercrime Convention strives to promote international cooperation in the prosecution of cybercrime as much as possible. For this reason, the Convention itself does not contain a requirement of dual criminality, but leaves it up to the contracting states to provide assistance if only the requesting state criminalizes a corresponding offence (Art. 29 para. 3 CCC). States parties are free to make a reservation at the time of ratification that double criminality is a prerequisite. In this case, the requested state may refuse a preservation request if it is already clear at this point that the data requested for preservation cannot be released by way of mutual legal assistance (Art. 29 para. 4 CCC). Of the 70 states that have ratified the Convention, 23 have made a corresponding reservation, including Switzerland and the United States of America. Because the USA and its federal states do not have a criminal offense analogous to our defamation offenses, legal assistance in this regard is always excluded and consequently no preservation request is accepted.
10 Irrespective of the question of double criminality, the Cybercrime Convention excludes the Preservation Request for politically motivated prosecution (persecution) (Art. 29 para. 5 lit. a CCC), which should be self-evident from a Swiss perspective. The same applies if the requested contracting party is of the opinion that the execution of the request is likely to prejudice its sovereignty, security, public order or other essential interests (Art. 29 para. 5 lit. b CCC).
III Securing and collecting data abroad
11 From a Swiss perspective, Art. 29 CCC is particularly relevant for the collection of computer data abroad (see below, n. 12 et seq.). However, the article also applies to requests from foreign states to Switzerland (see below, n. 31 et seq.).
A. Making a preservation request
12 The Convention text itself provides quite detailed instructions on how to formulate a preservation request. The following requirements are explicitly stated:
1. the requesting authority (lit. a.)
13 In practice, this will usually be a public prosecutor's office (see also n. 7 above). From the Convention's point of view, however, there is nothing to prevent the police from submitting a preservation request in close consultation with the public prosecutor's office (which must later submit the request for mutual legal assistance). Since the aim is to secure volatile data in good time, this may even make sense. The implementation of the preservation request or its legal qualification depends on the national law of the requested state (Art. 25 para. 4 CCC). In many requested states, the implementation of the preservation request (seizure of data at the storage location) will be qualified as a coercive measure, so that a request - or at least a (co-)signature - from a public prosecutor is often required. Overall, the handling is very inconsistent.
2. The offense that is the subject of the criminal investigation or proceedings and a nutshell statement of the facts (lit. b.)
14 The point here is for the requested state to be able to recognize whether double criminality is fulfilled (see above, n. 9) and whether the request, which may well involve considerable effort, is proportionate (purpose/means relationship). In the case of common phenomena, however, a description of two or three sentences is sufficient to meet the requirement.
3. The stored computer data to be secured and the connection between them and the offense (lit. c.)
15 It must be substantiated which specific data is to be secured (e.g. registration data, log files/edge data or even content data, if possible and reasonable also stating the file formats). In particular, however, reasons should be given as to why this data actually has a connection to the facts giving rise to the suspicion. This criterion is similar to the so-called potential relevance of evidence in the context of a domestic search pursuant to Art. 246 CrimPC (according to which "it is to be assumed" that the records in question contain information that can be seized); here, the data only has to be "potentially relevant" or not appear "obviously unsuitable". Fishing expeditions are frowned upon. The criterion is taken very seriously and careful justification is required. It should be borne in mind that in other countries the authority to seize and/or hand over data does not lie with the public prosecutor's office, but must be ordered by a compulsory measures court. For example, in practice-relevant dealings with the USA, the Department of Justice must apply to a court in order to order the surrender of data from a service provider by means of a search warrant. This requires a substantiated and (depending on the circumstances) substantiated presentation of the offense connection with the essential documents (in English). The level of substantiation required here goes well beyond what Swiss public prosecutors are used to under national criminal procedure law. In practice, the US authorities at least consult with the requesting authority if the level of substantiation of the request is not yet sufficient and provide the opportunity to substantiate the preservation request in more detail.
4. All available information to identify the custodian of the stored computer data or the location of the computer system (lit. d.)
16 As a rule, this should simply refer to the company to which the specific addressing element is assigned. For example, Google for @gmail email addresses, Meta (for Facebook, Instagram and WhatsApp) etc.
5. The necessity of the preservation (lit. e.) and the intention of the contracting party to submit a request for mutual legal assistance (lit. f.)
17 The request must explicitly state that the request is necessary (in terms of subsidiarity and proportionality) and it must be confirmed that the requesting authority is willing to follow up on the preservation request by means of a request for mutual legal assistance.
B. Forwarding and processing of the preservation request
18 Irrespective of the wording of the Cybercrime Convention, in practice there are two ways in which a preservation request can or must be submitted. The typical route is via the 24/7 network in accordance with the Convention text (Art. 35 CCC). Each signatory state has undertaken to operate a contact point that is ready to receive preservation requests around the clock, seven days a week. In Switzerland, this role is assumed by the Federal Office of Justice together with the Federal Office of Police (fedpol).
19 For reasons of efficiency (avoidance of media disruptions, automation), however, many large providers of internet-based communication services have started to operate their own Law Enforcement Request Systems (LERS), which the law enforcement authorities can use to record their requests directly in a standardized manner and track progress without having to involve other state authorities (e.g. Federal Office of Justice / Department of Justice). It makes sense, and has been implemented in some cantons, for a central office at the police or public prosecutor's office to manage access to all available LERS portals, and to submit and administer preservation and information requests on behalf of the case managers. In this way, experience in dealing with the various service providers can be collected and evaluated centrally and case managers have competent contacts to discuss the prospects of success of the corresponding requests in advance.
20 Alternatively, law enforcement authorities have the option of sending their requests to the Federal Office of Police (fedpol) by e-mail (encrypted and authenticated). The requests are checked there, supplemented by queries if necessary, translated and forwarded to the competent authority abroad. English is generally recommended as the language for preservation requests worldwide. The fedpol coordination office can also be asked whether other Swiss law enforcement authorities have already submitted the same Preservation Request, which can provide valuable information with regard to the coordination of ongoing investigations (or the possibility of submitting a request for jurisdiction to the other canton).
C. Distinction from the Information Request
21 What is the difference between a preservation request and an information request pursuant to Art. 32 lit. b CCC? In this regard, reference should first be made to the commentary on Art. 32 CCC. In a nutshell, the information request involves the voluntary disclosure of data to a CCC partner state directly by the service provider. In practice, "voluntariness" refers to the service provider and only indirectly to the user/customer of the service. Users will regularly stipulate in their terms of use that data may be forwarded to law enforcement authorities; in specific cases, the customers concerned are no longer asked. Voluntariness on the part of users is relative in that many services simply cannot be used without consent to the terms of use (and thus to the forwarding of data to law enforcement).
22 Although the Cybercrime Convention does not recognize this restriction, according to the national law of the relevant partner states, an information request can generally only include registration data (also: "subscriber information") in accordance with Art. 18 para. 3 lit. b CCC (e.g. name, date of birth, address, user name, billing address, e-mail addresses, IP address at registration) and marginal data ("traffic data", e.g. the IP history), but generally no content data. The term "content data" refers to the content of a communication, e.g. a message, a post, media files, etc. Registration data is by far the most frequently clarified. Information and preservation requests are often made at the same time, as it is uncertain which data the service provider will provide voluntarily.
23 In practice, information requests are made at a much lower threshold because this does not oblige the public prosecutor's office to issue a request for mutual legal assistance. Such a request is also not necessary because the disclosure of the data is voluntary and is answered directly by the service provider. The willingness of service providers to cooperate depends heavily on the type of offense. The services are regularly particularly willing to cooperate in the case of sexual offenses, especially those involving children. Offenses against property are more problematic. At the lower end of the scale are defamation offenses, where cooperation regularly fails due to the requirement of double criminality (see above, n. 9 and n. 14).
D. Prosecution by means of letters rogatory
24 As already mentioned several times and also explicitly stated in the Convention text, the public prosecutor's office undertakes with the Preservation Request to request the seized data by means of mutual legal assistance. There are certainly cases where it turns out in retrospect that data that was initially secured has since become obsolete. There are also no direct consequences of not requesting mutual legal assistance (e.g. there are no cost implications). However, it is generally expected that public prosecutors' offices comply with this obligation under Convention law in order not to jeopardize good cooperation between Convention states.
25 The data is frozen for at least 60 days (see Art. 29 para. 7 CCC). The specific duration is specified in the written confirmation of the preservation request and is usually longer. The requesting authority can usually also request an extension of the deadline. The request for legal assistance must be formally submitted within the deadline.
E. Best practices for letters rogatory to the USA
26 Due to their great practical importance, the best practices for letters rogatory to the USA are discussed below. The following explanations are based on the "Practical Guide for Requesting Electronic Evidence Across Borders", published by UNODC, CTED and IAP, as well as on our own experience.
27 Requests for mutual legal assistance addressed to foreign authorities in cybercrime cases must contain the following information:
Language of the request: requests for mutual legal assistance should ideally be entered directly in English, otherwise they should be translated;
Facts of the case: must be described briefly but in a nutshell, stating the place of the crime (or the place where it was committed), the exact time of the crime and the manner in which it was committed;
Any modus operandi: must be described in detail;
Legal description of the offense, including the wording of the applicable articles of law;
Reasons for the request, in particular showing the connection between the proceedings being conducted and the requested measures;
The evidence sought or actions requested must be specified in detail (e.g. handing over the account statements relating to account X for the period A to B, obtaining documents from provider Y from which the registration data and log files for the remote ID 12345678 for the period between A and B can be seen, etc.);
Explanations regarding any preservation request already submitted, whereby all reference numbers communicated following the preservation request must be listed in the request (CCIPS and reference numbers of fedpol, the requested foreign police authority and the requested foreign public prosecutor's office).
28 In order to obtain content data from US service providers, the Department of Justice must obtain a search warrant under US law from a court. The standard of proof is "probable cause". This means that the court must be convinced that the user account in question probably still contains evidence relevant to the offense (unless the data has already been provisionally seized on the basis of a preservation request). There must also be a solid foundation of evidence for the assumption that an offense has been or will be committed and that the evidence of the offense will be found in the requested user account. The sources of the submitted evidence must be trustworthy (e.g. police reports, trustworthy private sources). Central evidence should be provided. If circumstantial evidence is provided, it must be translated into English. In summary, it must be explained why the account holder is a target of the investigation, why it is assumed that the user account in question belongs to this person, and what evidence is expected to be obtained from this user account.
29 The request for mutual legal assistance must be sent either through diplomatic channels via the Federal Office of Justice or - if agreed and provided for - directly to the public prosecutor's office abroad. The legal assistance guide of the Federal Office of Justice contains more detailed information on the specific transmission channels.
30 Note:
For requests for mutual legal assistance in cybercrime cases, the CCC must also be entered as the legal basis (provided the target country has ratified the Convention).
The presentation of the facts, the subsumption of the facts under the elements of the offense and the reasons for the request are the be-all and end-all of a request for international legal assistance.
Detailed information on mutual legal assistance can be found in the Federal Office of Justice's Guide to Mutual Legal Assistance, with templates in various languages and a country index.
A request for mutual legal assistance following a preservation request must be made as soon as possible, at the latest within the deadline for the sequencing of requests (Art. 29 para. 7 CCC).
IV. Execution of Preservation Requests by Swiss authorities
A. Procedure and responsibilities
31 All states that have ratified the Cybercrime Convention have indicated which of their authorities acts as the central point of contact for requesting states ("24/7 network", Art. 35 CCC). According to Switzerland's declaration, this is primarily the Federal Office of Justice. However, the Federal Criminal Police (fedpol) is responsible for matters relating to the Cybercrime Convention, in particular for preservation requests (the Federal Office of Justice forwards such requests to fedpol). Fedpol receives around 200 requests per year from abroad, which it in turn forwards to the cantonal police forces for processing.
B. Implementation under Swiss law
32 The process by which a foreign preservation request is processed in Switzerland is not regulated by law. It is remarkable how little the dispatch on the implementation of the Cybercrime Convention deals with procedural and practical issues. It merely mentions that the contracting states are not obliged to create further legal instruments in addition to seizure and disclosure.
33 Swiss criminal procedure law does not recognize "Preservation Orders" in the sense of the Cybercrime Convention. A preservation order would be an official order to a service provider to keep data available for a certain period of time (typically in the sense of a back-up). As this instrument is not provided for in the Criminal Procedure Code, the long-term availability of the data must be ensured in another way, which can only be done by means of an edition (Art. 265 CrimPC). As the cantonal police forces have no authority to edit data, they must forward the corresponding requests they receive from fedpol to the competent public prosecutor's office, which then issues an editing order. While the Code of Criminal Procedure has no basis for preservation orders, the legally prescribed retention of data in the telecommunications sector has been implemented in a similar way. It is the telecommunications service providers themselves who must retain their customers' registration and communications edge data for the prosecution authorities for a period of 6 months (Art. 21 para. 2, Art. 22 para. 2 and Art. 26 para. 5 BÜPF).
34 This Swiss formulation of the preservation request in accordance with Art. 29 CCC is relatively far removed from the spirit of the Convention, which intended a quick, uncomplicated measure with the least possible restrictions for all parties involved. The process outlined above involves at least three authorities and the company addressed, i.e. numerous interfaces, which leads to delays and inevitably increases the susceptibility to errors. A disclosure order, combined with the physical or digital delivery and storage of - possibly very substantial - volumes of data, also means a considerable amount of work for service providers and the authorities responsible for data storage. There is an international debate as to whether countries that have not introduced preservation orders within the meaning of the Convention and instead make do with disclosure orders (such as Switzerland) fulfill the requirements of the Convention at all. Although the majority of respondents seem to agree with this, there are still points of criticism, namely with regard to higher legal hurdles (not in Switzerland), longer proceedings and the possible increased risk that the persons concerned will find out about the measure, which can frustrate the purpose of the investigation.
35 The execution of foreign preservation requests in Switzerland is not yet part of formal mutual legal assistance proceedings and is also not a precautionary measure under the IMAC (or other principles of mutual legal assistance law). It is upstream of any mutual assistance proceedings. In fact, not every preservation request is likely to be followed by a formal request for mutual assistance. The Preservation Request is based on the Cybercrime Convention itself (which is directly applicable in Switzerland's monistic system, provided it is sufficiently specific). The implementation of the Preservation Request here is not sufficiently specific, which is why - as mentioned above - recourse must be made to the legal institutions of national criminal procedure law, i.e. the Code of Criminal Procedure (e.g. Art. 265 CrimPC, Edition) as well as the BÜPF and its ordinances (e.g. Art. 38 VÜPF, IR_8_IP (NAT): Holders of IP addresses). This is always with the aim of living up to the spirit of the Cybercrime Convention (rapid, uncomplicated, effective prevention of the loss of evidence) as much as possible. This also means that disclosure orders issued to execute a preservation request must be accompanied by a prohibition on disclosure to the disclosure addressee so as not to jeopardize the success of the investigation (Art. 29 para. 6 CCC; Art. 73 para. 2 CrimPC in conjunction with Art. 292 SCC; cf. Art. 292 SCC; cf. analogously also Art. 11b para. 2 lit. c IMAC and Art. 80b para. 2 lit. a IMAC). The consequence of this is that the persons concerned cannot yet appeal against the execution itself at the time of execution due to a lack of knowledge. As soon as (if) formal legal assistance proceedings are opened, the data owners (the affected customers of the service) must be informed of their right to seal (Art. 9 IMAC in conjunction with Art. 248 para. 2 CrimPC). However, if no request for mutual legal assistance is received within 60 days in accordance with Art. 29 para. 7 CCC and any reminder/extension of the deadline, the data must be irrevocably deleted due to the lack of a legal basis for longer storage.
36 According to the current legal situation, the service provider itself has its own right to seal the data as the holder of custody of the data (see Art. 248 para. 1 CrimPC). However, sealing by the service provider could lead to pointless expense, namely if a time-consuming unsealing procedure has to be carried out and the requesting state subsequently waives the legal assistance procedure. In addition, the service provider's own confidentiality interests are often not affected by the disclosure. However, this would be a prerequisite for a valid sealing request, as sealing cannot be requested on behalf of a third party (such as the account holder). On the other hand, if data is collected from service providers who, due to the nature of their service, can regularly be expected to have data protected by secrecy, the question arises as to whether the public prosecutor's office, which executes the preservation request (issues the disclosure order), would not already have to seal the data ex officio at the time of disclosure. In both cases, however, the public prosecutor's office would have to submit a request for unsealing within 20 days in order to execute the preservation request (Art. 248 para. 3 CrimPC), at a time when the data owner should not yet be aware of the preservation request and should therefore not be included in the unsealing procedure (quite apart from the fact that he will regularly not have a domicile for service in Switzerland).
37 In order not to jeopardize the success of the investigation and to avoid unnecessary idle time, the only consistent approach in the context of the Cybercrime Convention would therefore be for sealing/unsealing to be applied only in the context of formal mutual legal assistance proceedings. In any case, sealing can only be possible once the data collection as such has been completed. For example, data collection that is based on a single preservation request but requires several consecutive steps in Germany, e.g. several requests for information to the PTSS (1st determination of addressing element based on IP address, 2nd determination of subscriber based on addressing element).
38 The question arises as to whether it would be permissible under Swiss law to oblige service providers to merely retain certain data, even outside the scope of application of the BÜPF, instead of handing it over. This would alleviate many of the previously discussed problems with the edition and would therefore be a good thing. However, a real increase in efficiency could be achieved above all if the enforcement of foreign preservation requests were centralized at federal level (fedpol), for which there is currently no basis in the Criminal Procedure Code (cf. Art. 22 et seq. CrimPC e contrario). However, a comparable legal basis can already be found today in Art. 18 para. 2 IMAC, according to which the Federal Office of Justice can itself order precautionary protective measures if there is imminent danger.
Bibliography
Bommer Felix/Goldschmid Peter, Kommentierung zu Art. 265 StPO, in: Niggli Heer/Wiprächtiger (Hrsg.), Schweizerische Strafprozessordnung, Strafprozessrecht I + II, 3. Aufl., Basel 2023.
Graf Damian K., Praxishandbuch zur Siegelung, StPO inkl. revidierter Bestimmungen – VStrR – IRSG – MStP, Bern 2022.
Thormann Oliver/Brechbühl Beat, Kommentierung zu Art. 248 StPO, in: Niggli Heer/Wiprächtiger (Hrsg.), Schweizerische Strafprozessordnung, Strafprozessrecht I + II, 3. Aufl., Basel 2023.
Materials
Botschaft über die Genehmigung und die Umsetzung des Übereinkommens des Europarates über die Cyberkriminalität vom 18.6.2010, BBl 2010 4697 ff., abrufbar unter https://www.fedlex.admin.ch/eli/fga/2010/813/de, besucht am 24.1.2024.
Council of Europe, The 24/7 Network established under the Convention on Cybercrime (known as the Budapest Convention), What is the 24/7 Network?, abrufbar unter: https://www.coe.int/en/web/cybercrime/24/7-network-new-, zuletzt besucht am 24.1.2024 (zit. CoE 24/7).
Cybercrime Convention Committee (T-CY), Assessment report, Implementation of the preservation provisions of the Budapest Convention on Cybercrime, Supplementary report, 15/16.06.2015, abrufbar unter: https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=090000168044be2b, zuletzt besucht am 24.1.2024 (zit. T-CY, Preservation Assessment).
Europarat, Cybercrime Convention Committee (T-CY), T-CY assessment report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime, Strassburg, 3.12.2014, abrufbar unter: https://rm.coe.int/16802e726c, besucht am 17.10.2023 (zit. T-CY, Assessment Report).
Europarat, Cybercrime Convention Committee (T-CY), T-CY Cloud Evidence Group, Criminal justice access to electronic evidence in the cloud: Recommendations for consideration by the T-CY, Final report, Strassburg, 16.9.2016, abrufbar unter: https://rm.coe.int/16806a495e, besucht am 17.10.2023 (zit. T-CY, Cloud).
Europarat, Cybercrime Convention Committee (T-CY), The Budapest Convention on Cybercrime: benefits and impact in practice, Strassburg, 13.7.2020, abrufbar unter: https://rm.coe.int/t-cy-2020-16-bc-benefits-rep-provisional/16809ef6ac, besucht am 17.10.2023 (zit. T-CY, Benefits).
Opinion of the T-CY on the competent authority for issuing a preservation request under Articles 29 and 35 Budapest Convention, 28.11.2017, abrufbar unter: https://rm.coe.int/t-cy-2017-18-opinion-article29-/168076cf95, zuletzt besucht am: 19.1.2024 (zit. T-CY, Competent Authority).
Reservations and Declarations for Treaty No.185 - Convention on Cybercrime (ETS No. 185), Status as of 09/03/2024, abrufbar unter: https://www.coe.int/en/web/conventions/full-list?module=declarations-by-treaty&numSte=185&codeNature=0, besucht am 9.3.2024 (zit. Reservations and Declarations).
United Nations Office on Drugs an Crime (UNDOC), Sharing Electronic Resources and Laws on Crime (SHERLOC), The Practical Guide for Requesting Electronic Evidence across Borders, für Strafbehörden abrufbar unter: https://sherloc.unodc.org/cld/en/st/evidence/practical-guide.html, besucht am 27.09.2023, zuletzt besucht am 24.01.2024 (zit. Practical Guide for Requesting Evidence).