-
- Art. 5a FC
- Art. 6 FC
- Art. 10 FC
- Art. 16 FC
- Art. 17 FC
- Art. 20 FC
- Art. 22 FC
- Art. 29a FC
- Art. 30 FC
- Art. 32 FC
- Art. 42 FC
- Art. 43 FC
- Art. 43a FC
- Art. 55 FC
- Art. 56 FC
- Art. 60 FC
- Art. 68 FC
- Art. 75b FC
- Art. 77 FC
- Art. 96 para. 2 lit. a FC
- Art. 110 FC
- Art. 117a FC
- Art. 118 FC
- Art. 123b FC
- Art. 136 FC
- Art. 166 FC
-
- Art. 11 CO
- Art. 12 CO
- Art. 50 CO
- Art. 51 CO
- Art. 84 CO
- Art. 143 CO
- Art. 144 CO
- Art. 145 CO
- Art. 146 CO
- Art. 147 CO
- Art. 148 CO
- Art. 149 CO
- Art. 150 CO
- Art. 701 CO
- Art. 715 CO
- Art. 715a CO
- Art. 734f CO
- Art. 785 CO
- Art. 786 CO
- Art. 787 CO
- Art. 788 CO
- Transitional provisions to the revision of the Stock Corporation Act of June 19, 2020
- Art. 808c CO
-
- Art. 2 PRA
- Art. 3 PRA
- Art. 4 PRA
- Art. 6 PRA
- Art. 10 PRA
- Art. 10a PRA
- Art. 11 PRA
- Art. 12 PRA
- Art. 13 PRA
- Art. 14 PRA
- Art. 15 PRA
- Art. 16 PRA
- Art. 17 PRA
- Art. 19 PRA
- Art. 20 PRA
- Art. 21 PRA
- Art. 22 PRA
- Art. 23 PRA
- Art. 24 PRA
- Art. 25 PRA
- Art. 26 PRA
- Art. 27 PRA
- Art. 29 PRA
- Art. 30 PRA
- Art. 31 PRA
- Art. 32 PRA
- Art. 32a PRA
- Art. 33 PRA
- Art. 34 PRA
- Art. 35 PRA
- Art. 36 PRA
- Art. 37 PRA
- Art. 38 PRA
- Art. 39 PRA
- Art. 40 PRA
- Art. 41 PRA
- Art. 42 PRA
- Art. 43 PRA
- Art. 44 PRA
- Art. 45 PRA
- Art. 46 PRA
- Art. 47 PRA
- Art. 48 PRA
- Art. 49 PRA
- Art. 50 PRA
- Art. 51 PRA
- Art. 52 PRA
- Art. 53 PRA
- Art. 54 PRA
- Art. 55 PRA
- Art. 56 PRA
- Art. 57 PRA
- Art. 58 PRA
- Art. 59a PRA
- Art. 59b PRA
- Art. 59c PRA
- Art. 62 PRA
- Art. 63 PRA
- Art. 67 PRA
- Art. 67a PRA
- Art. 67b PRA
- Art. 75 PRA
- Art. 75a PRA
- Art. 76 PRA
- Art. 76a PRA
- Art. 90 PRA
-
- Vorb. zu Art. 1 FADP
- Art. 1 FADP
- Art. 2 FADP
- Art. 3 FADP
- Art. 5 lit. f und g FADP
- Art. 6 Abs. 6 and 7 FADP
- Art. 7 FADP
- Art. 10 FADP
- Art. 11 FADP
- Art. 12 FADP
- Art. 14 FADP
- Art. 15 FADP
- Art. 19 FADP
- Art. 20 FADP
- Art. 22 FADP
- Art. 23 FADP
- Art. 25 FADP
- Art. 26 FADP
- Art. 27 FADP
- Art. 31 para. 2 lit. e FADP
- Art. 33 FADP
- Art. 34 FADP
- Art. 35 FADP
- Art. 38 FADP
- Art. 39 FADP
- Art. 40 FADP
- Art. 41 FADP
- Art. 42 FADP
- Art. 43 FADP
- Art. 44 FADP
- Art. 44a FADP
- Art. 45 FADP
- Art. 46 FADP
- Art. 47 FADP
- Art. 47a FADP
- Art. 48 FADP
- Art. 49 FADP
- Art. 50 FADP
- Art. 51 FADP
- Art. 54 FADP
- Art. 57 FADP
- Art. 58 FADP
- Art. 60 FADP
- Art. 61 FADP
- Art. 62 FADP
- Art. 63 FADP
- Art. 64 FADP
- Art. 65 FADP
- Art. 66 FADP
- Art. 67 FADP
- Art. 69 FADP
- Art. 72 FADP
- Art. 72a FADP
-
- Art. 2 CCC (Convention on Cybercrime)
- Art. 3 CCC (Convention on Cybercrime)
- Art. 4 CCC (Convention on Cybercrime)
- Art. 5 CCC (Convention on Cybercrime)
- Art. 6 CCC (Convention on Cybercrime)
- Art. 7 CCC (Convention on Cybercrime)
- Art. 8 CCC (Convention on Cybercrime)
- Art. 9 CCC (Convention on Cybercrime)
- Art. 11 CCC (Convention on Cybercrime)
- Art. 12 CCC (Convention on Cybercrime)
- Art. 25 CCC (Convention on Cybercrime)
- Art. 29 CCC (Convention on Cybercrime)
- Art. 32 CCC (Convention on Cybercrime)
- Art. 33 CCC (Convention on Cybercrime)
- Art. 34 CCC (Convention on Cybercrime)
FEDERAL CONSTITUTION
CODE OF OBLIGATIONS
FEDERAL LAW ON PRIVATE INTERNATIONAL LAW
LUGANO CONVENTION
CODE OF CRIMINAL PROCEDURE
CIVIL PROCEDURE CODE
FEDERAL ACT ON POLITICAL RIGHTS
CIVIL CODE
FEDERAL ACT ON CARTELS AND OTHER RESTRAINTS OF COMPETITION
FEDERAL ACT ON INTERNATIONAL MUTUAL ASSISTANCE IN CRIMINAL MATTERS
DEBT ENFORCEMENT AND BANKRUPTCY ACT
FEDERAL ACT ON DATA PROTECTION
SWISS CRIMINAL CODE
CYBERCRIME CONVENTION
- I. General
- II. Legally protected property
- III. Basic building blocks
- IV. Reservations
- V. Comparison with Swiss law
- Bibliography
- Materials
I. General
1 The commission of the offences punishable under articles 2 to 5 CCC generally requires the use of computer tools. However, not all cybercriminals are capable of creating these tools themselves. They therefore seek to acquire them from third parties. Over time, this demand has led to the creation of a veritable black market, particularly on the dark net. Nowadays, almost anyone can acquire malware of any kind, rent bots-nets or even commission cybercriminals to carry out specific tasks. Given the risk that this black market represents for all IT systems and their legitimate users, the Parties have decided to penalize certain potentially dangerous acts upstream, before the commission of the offences referred to in art. 2 to 5 CCC. Art. 6 CCC is based on instruments adopted by the Council of Europe (European Convention on the Legal Protection of Services based on, or consisting of, Conditional Access - ETS No. 178) and the European Union (Directive 98/84/EC of the European Parliament and of the Council of 20 November 1998 on the legal protection of services based on, or consisting of, conditional access), as well as on provisions adopted in certain countries in this area.
II. Legally protected property
2 By punishing all forms of trade in or possession of material intended for the commission of any of the offences punishable under articles 2 to 5 CCC, the Parties make punishable the acts preparatory to the commission of these offences. The aim is therefore to strengthen the protection of the legal assets protected by articles 2 to 5 CCC, namely the inviolability and proper functioning of computer systems, as well as the integrity, availability and confidentiality of data.
III. Basic building blocks
A. Unlawful object
1. A device enabling the commission of an offence mentioned in articles 2 to 5 CCC
3 The concept of a device is not defined either in the text of the convention or in its explanatory report. In our opinion, a device within the meaning of art. 6 CCC is a set of parts, elements or data designed to perform one or more specific functions. This is evidenced by the fact that the Parties expressly cite the computer program as an example of a device. As is clear from the addition of the words "including", the notion is intended to be much broader than computer programs alone. In addition to viruses, worms, Trojan horses, logic bombs and other malware, which are indisputably among the programs covered by this provision, there are also hardware devices such as microphones, cameras and robots.
4 However, the scope of the standard is limited to devices designed or adapted to commit one of the offences punishable under articles 2 to 5 CCC. These are devices or programs designed, for example, to alter or even destroy data, or to interfere with the operation of systems, such as virus programs, or programs designed or adapted to access computer systems. Devices which do not enable such acts to be performed are not covered by art. 6 § 1 let. a ch. 1 CCC. The same applies to devices which enable the commission of another offence, notably one of those punishable under art. 7 to 10 CCC.
5 During the drafting of the Convention, there was extensive discussion as to whether the devices covered should be those designed exclusively or specifically to enable the commission of offences, thus excluding dual-use devices, or whether the latter should also be included. The Parties finally concluded that criminal prosecution should not be limited to devices designed exclusively to commit offences, as this would have considerably reduced the number of cases to which the standard could be applied. However, the Parties also ruled out the possibility of extending the standard to all devices, including licit ones, which could in some way enable the commission of offences, as the commission of the offence would then be based solely on the perpetrator's intention. An intermediate solution has therefore been adopted.
6 Art. 6 § 1 let. a ch. 1 CCC thus covers devices primarily designed or adapted to enable the commission of one of the offences punishable under arts. 2 to 5 CCC. This wording excludes dual-use devices, unless the main purpose is to commit an offence.
2. Data enabling access to a computer system for the purpose of committing one of the offences mentioned in art. 2 to 5 CCC.
7 In order to cover all the means used by cybercriminals to commit one of the offences punishable under articles 2 to 5 CCC, the Parties have also made punishable acts aimed at making available passwords, access codes and similar computer data enabling access to all or part of a computer system (article 6 § 1 let. a ch. 2 CCC). The aim is to eliminate any loopholes. This approach is perfectly justified in view of the large number of passwords and other access data that have been stolen and are offered for sale on the dark net.
B. Punishable conduct
8 The Parties intended to punish all forms of making illicit objects available, as well as their possession. On the other hand, the mere provision of instructions - in the form of texts or videos, for example - on how to manufacture illicit objects is not punishable.
1. Production, sale, obtaining for use, import, dissemination or other forms of making available
9 Art. 6 § 1 let. a CCC lists a number of punishable acts relating to trade. This list is exhaustive. In order not to omit any conduct, it nevertheless ends with a general clause ("Auffangtatbestand").
10 "Production" is the manufacture of illicit material with a view to its use in the commission of one of the offences listed in art. 2 to 5 CCC. The term "production" includes all the steps required to produce the object. It therefore includes writing the malware code - in computer language - or decrypting a password.
11 Art. 6 § 1 let. a CCC then sanctions "sale". This term refers to the handing over of an illicit object mentioned in this paragraph in exchange for a sum of money. The currency in which the sum is paid is irrelevant. It can even be paid in cryptocurrencies. However, the remittance must be expensive. It cannot be a donation.
12 "Obtaining for use" implies active behavior on the part of the person seeking to obtain prohibited material. It is necessary to have established contact with someone in possession of the prohibited material, and to have acquired it either free of charge or in return for payment. The manner in which the material is handed over is irrelevant. The transfer can be made electronically, by post or even by hand delivery. What is decisive is whether the perpetrator obtains the illicit material with the aim of using it to commit one of the offences punishable under articles 2 to 5 CCC. If the aim is to commit another offence, or simply to collect this type of material, the perpetrator is not punishable.
13 The fourth conduct mentioned in the list is "importation". This term refers to the act of introducing an illicit object into the country that sanctions this act. Importing prohibited material creates a significant risk that it will subsequently be passed on to third parties. To reduce this risk, simple introduction into the country is prohibited, even if the importer is only one link in the chain between the producer of the material and the end user.
14 Article 6 § 1 also punishes "dissemination". This is the transmission of illicit material to an indeterminate number of persons who have not necessarily requested it. Material can be sent by any means, whether by computer, post or hand delivery.
15 To avoid any gaps, the list ends with "other forms of provision". This assumption makes it possible to cover all cases which do not correspond exactly to the notions examined above, but which nevertheless enable the author to supply illicit objects to third parties. This expression includes, for example, the creation or compilation of hypertext links designed to facilitate access to illicit material.
2. Possession
16 Art. 6 § 1 let. b CCC punishes possession of any of the above-mentioned objects. As with the conduct listed in art. 6 § 1 let. a CCC, the perpetrator must possess the prohibited material with the intention of committing one of the offences punishable under arts. 2 to 5 CCC. If the perpetrator holds this material with the intention of committing another offence, or simply for collection purposes, he is not punishable.
17 The Parties have, however, left each State some leeway in determining whether possession of a single item is sufficient to commit the offence, or whether possession of a number of items is required. It has to be said, however, that this possibility seems to have been introduced mainly in favor of the United States of America, which was the only one to make use of it. However, they did not specify the minimum number of elements that had to be possessed in order to be punishable. They simply referred to the number stipulated in the applicable US federal law.
C. Unlawfulness
18 The requirement that the perpetrator must have acted without right enables the Parties to create exceptions to criminal repression. In particular, this allows them to exclude from the scope of art. 6 CCC prosecuting authorities who lawfully hold illicit material, in the form of sequestration, as part of their investigations.
19 Art. 6 § 2 expressly reserves the hypothesis that the perpetrator is not acting without right, i.e. the conduct listed in art. 6 § 1 let. a ch. 1 CCC is not punishable if it is not intended to commit an offence punishable under arts. 2 to 5 CCC. Thus, for example, test devices (also known as "cracking devices") and network analysis devices designed by professionals to assess the reliability of their IT products or check system security are manufactured for legitimate purposes, and their users are therefore considered to be acting "lawfully".
D. Intention
20 Device abuse is intentional. Intention must relate to all the objective elements of the offence. If the perpetrator possesses or provides an ordinary computer program to a third party without suspecting that it could also be used to commit one of the offences punishable under articles 2 to 5 CCC, he is not punishable.
E. Special purpose
21 In addition to intent, the perpetrator must have acted with the intention of committing one of the offences referred to in articles 2 to 5 CCC. It is therefore not sufficient for the perpetrator to intend to manufacture a malicious program solely for the technical challenge it represents, or to collect it. Similarly, it is not sufficient for the perpetrator to use the malware or password for the purpose of committing an offence other than those punishable under articles 2 to 5 CCC.
22 The aim pursued by the perpetrator must be the commission, by himself or by a third party to whom he supplies the prohibited material, of one of the offences punishable under articles 2 to 5 CCC. Art. 6 CCC establishes an abstract endangerment offence. It is therefore not necessary for the illicit material to be actually used subsequently to commit one of these offences. It is sufficient if the punishable act is committed with the aim of committing one of the offences punishable under articles 2 to 5 CCC.
IV. Reservations
23 The only conduct which the parties must punish is the sale, distribution or other provision of a password, access code or similar computer data enabling access to all or part of a computer system. They may, however, limit the scope of application of this standard with regard to other punishable conduct and/or illicit objects.
A. Punishable conduct
24 The Convention allows Parties to limit criminal prosecution by refusing to prosecute the production, obtaining for use, import and possession of illicit material.
25 Georgia, Switzerland, Chile, Japan and Sri-Lanka have made use of this possibility to limit punishable conduct as far as possible.
26 The Principality of Andorra has indicated that obtaining the devices referred to in art. 6 § 1 let. a CCC for use is not punishable under its domestic law.
27 Azerbaijan stated that it would only prosecute the conduct listed in art. 6 § 1 CCC if serious damage occurred.
28 Ukraine explained that it would not punish the obtaining for use and other forms of making available of the items referred to in art. 6 § 1 let. a ch. 1 CCC, as well as the production and obtaining for use of the items referred to in art. 6 § 1 let. a ch. 2 CCC.
29 The United States of America has reserved the right not to prosecute the production, procurement for use, import and possession of illicit material designed or adapted to enable the commission of the offences punishable under art. 4 and 5 CCC.
30 Israel has declared that it will not prosecute the obtaining for use or importation of illicit material, nor the possession of a password, access code or similar computer data enabling access to all or part of a computer system.
31 Germany, the Principality of Andorra, Argentina and Peru have limited themselves to refusing to prosecute possession of illicit material (art. 6 § 1 let. b CCC).
B. Illicit material
32 The Convention also allows Parties to limit prosecution by refusing to consider as illicit devices, including computer programs, primarily designed or adapted to enable the commission of one of the offences punishable under articles 2 to 5 CCC.
33 Georgia, Norway, Switzerland, Japan and Sri-Lanka have also made use of this possibility to limit punishable material as far as possible.
34 Chile initially entered the same reservation as Georgia, Norway, Switzerland and Japan. However, it amended its legislation in 2022. In its new version, abuso de los dispositivos corresponds to art. 6 CCC. The reservation is therefore no longer necessary.
35 The United States has reserved the right not to prosecute devices, including computer programs, designed or adapted to enable the commission of the offences punishable under art. 4 and 5 CCC.
36 Germany has declared that a device, including a computer program, primarily designed or adapted to enable the commission of an offence punishable under art. 2 to 5 CCC is not punishable material under German law.
V. Comparison with Swiss law
37 In its Message on the approval and implementation of the Council of Europe Convention on Cybercrime, the Federal Council stated that art. 6 CCC was essentially covered by art. 144bis para. 2 of the Swiss Criminal Code, as well as by the addition of a second paragraph to art. 143bis of the Swiss Criminal Code.
38 However, even if Switzerland has made use of all the possibilities afforded by art. 6 § 3 CCC to limit punishable conduct and illicit material to a minimum, the fact remains that Swiss law falls far short of the minimum requirements laid down by art. 6 CCC, for several reasons.
39 Firstly, art. 144bis ch. 2 al. 1 CP only applies to software. It does not apply to other devices, passwords, access codes or similar computer data. What's more, the software covered by art. 144bis ch. 2 al. 1 CP must be suitable or intended for committing an offence punishable under art. 144bis ch. 1 al. 1 CP. This raises two problems. On the one hand, art. 144bis ch. 1 al. 1 CP does not fully satisfy the minimum requirements of art. 4 CCC. On the other hand, art. 144bis ch. 2 al. 1 CP completely ignores software which is itself or is intended to commit an offence corresponding to those punishable under art. 2, 3 or 5 CCC. Such software is therefore not punishable under Swiss law.
40 The addition of art. 143bis para. 2 of the Swiss Penal Code closes only a small part of these important loopholes. Indeed, this provision only punishes the act of putting into circulation or making accessible a password, a program or any other data suitable or intended for committing the offence punishable under art. 143bis para. 1 PC. On the one hand, this standard does not meet the minimum requirements of art. 2 CCC. Secondly, it does not penalize the circulation or making available of a password, program or any other data suitable or intended for the commission of an offence other than that punishable under art. 143bis para. 1 of the Criminal Code.
41 In the final analysis, even assuming that art. 143bis para. 1 PC meets the requirements of art. 2 CCC, and that art. 144bis para. 1 para. 1 PC meets the minimum requirements of art. 4 CCC, punishability under Swiss law would be limited to circulating or making available a password, program or other data suitable or intended for committing the offence punishable under art. 2 CCC, as well as manufacturing, importing, putting into circulation, promoting, offering or otherwise making available software suitable for or intended to commit the offence punishable under art. 4 CCC.
42 In order to meet the minimum requirements of art. 6 CCC, art. 143 para. 1, art. 143bis para. 1 and art. 144bis ch. 1 para. 1 PC would therefore have to be adapted as indicated above; the equivalent of art. 5 CCC and complete each of these provisions by adding a paragraph which would punish the sale, distribution or any other provision of a password, access code or similar computer data enabling access to all or part of a computer system, with the aim of committing one of these four offences.
Bibliography
Trechsel Stefan/Crameri Dean, in : Trechsel Stefan/Pieth Mark (Hrsg.), Schweizerisches Strafgesetzbuch, Praxiskommentar, 4. éd., Zurich 2021
Weissenberg Philippe, in: Niggli Marcel Alexander/Wiprächtiger Hans (éditeurs), Basler Kommentar, Strafrecht II, 4. éd., Bâle 2018
Materials
Conseil de l’Europe, Explanatory Report to the Convention on Cybercrime, Budapest 23.11.2001, disponible à https://rm.coe.int/16800cce5b, visité le 21.1.2024 (cité : Rapport explicatif de la Convention sur la cybercriminalité)
Message relatif à l'approbation et à la mise en œuvre de la Convention du Conseil de l'Europe sur la cybercriminalité, FF 2010 4275, disponible à https://www.fedlex.admin.ch/eli/fga/2010/813/fr, visité le 21.1.2024