> On 9 Apr 2018, at 08:44, Jean-Pierre Schwickerath <swi...@hilotec.net> wrote:
> Dear colleagues
> I'd like to ask if anyone can confirm that the information published on 
> https://www.digitale-gesellschaft.ch/publicwlan/ is accurate in regards
> to being subject to "Überwachungspflichten gemäss BÜPF".
> We have been asked by a customer to sell him a Wifi-Installation for
> his café. We are going to sell him the hardware and do the one time
> installation. Afterwards the customer is running the infrastructure
> himself, he might ask us for help for firmware upgrades and similar
> tasks but we are not going to run that Wifi as a service or do any
> monitoring. 
> If I understand the information on the above page correctly, he doesn't
> need to identify his users, so he won't (and won't store any logs) and
> as a consequence he will not have any information to be stored for 6
> months for the büpf. 
> Is that so?
> The other question that comes to my mind: if the customer provides a
> captive portal to have users acknowledge a "Hausordnung" / code of
> conduct, then the APs will "store" which MAC address has checked the
> box. Does that make his subject to the Büpf?

To my knowledge the information presented represents the current status quo. 
The BÜPF's rule is to assist the police in criminal investigations. Assuming a 
user has used the Wifi-installation and further assume that user has committed 
a serious crime the police has to investigate, then the Cafe owner could be 
asked to assist by providing information. However the simple MAC address would 
not help here because it would only mean that _someone_ has signed up to the 
Café, not that this person has committed the crime or has anything to do with 
it. For that the MAC to IP address matching would have to be stored. 
Furthermore if you don't store any data on the user itself, it wont lead 

If the Cafe owner is considered a telecommunications operator, then he could be 
forced to tolerate wiretapping in such a case (assuming the criminal comes to 
that Café regularly to commit his crime) but I have my severe doubts that this 
might ever be relevant. Firstly because the wiretapping could occur one level 
up by the Café's ISP, secondly, because a Café owner is not really a 
telecommunications provider etc. The people from the BÜPF are not stupid 
neither. They know the real world out there and they know the limitations. So 
they don't go for impossible solutions just because the law could imagine them.

So for the Café owner I think its much more relevant to take care of the 
Datenschutzgesetz properly by _NOT_ storing anything. Then he should be on the 
safe side. The likelyhood he ever will hear from the BÜPF again is very very 

> Thank you very much for your input on this topic. 
> Best Regards
> Jean-Pierre
> -- 
> HILOTEC Engineering + Consulting AG - Langnau im Emmental
> IT für KMUs: Netzwerke, Server, PCs, Linux, Telefonanlagen, 
> VOIP, Hosting, Datenbanken, Entwicklung, WLAN, Cloud, Firewalls
> Tel: +41 34 408 01 00 - https://www.hilotec.com/
> _______________________________________________
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

swinog mailing list

Antwort per Email an