Sent: Freitag, 20. April 2018 17:18
To: Jean-Pierre Schwickerath <swinog(a)hilotec.net>
Subject: Public Wifi and BÜPF
Dear Mr Schwickerath,
Your post from 9 April to the Swinog mailing-list  was brought to our attention. We
would like to provide you with some information about the new surveillance act (BÜPF) and
answer your questions about the obligations of providers of public WLAN hotspots. We are
copying the list because we believe this information might be of general interest.
(visited 20 April 2018)
The new BÜPF and its ordinances came into force on 1st March 2018. The ordinance VÜPF
contains specific obligations for Telecommunications Service Providers concerning
professionally operated public WLAN accesses (Art. 19 para. 2 VÜPF). In your post, you
refer to information published by Digitale Gesellschaft about Public WLAN . The
information given in „Merkblatt Public-WLAN”, dated 16th October 2017, is outdated.
(visited 20 April 2018)
For information about the new law and its ordinances, please visit our website
which is available in German, French and
Italian. Some information is also available in Romansh or English. There you can find the
complete legal basis together with the explanatory reports.
On our website we also provide a memo about professionally operated public WLAN accesses
in German: https://www.li.admin.ch/sites/default/files/2018-02/Merkblatt%20WLAN.pdf
To respond to your questions:
> If I understand the information on the above page
correctly, he doesn't need to identify his users, so he won't (and won't store
any logs) and
> as a consequence he will not have any information to be stored for 6 months for the
> Is that so?
The obligation to identify the end users of professionally operated public WLAN accesses
with appropriate means lies with the Telecommunications Service Provider (TSP). According
to your short description, the company operating the access point does not seem to qualify
as Telecommunications Service Provider. However, if you would like a thorough assessment,
we invite you to contact us.
Please note that the obligation to identify WLAN end users is not automatically associated
with data retention of all secondary data for 6 months, which is another obligation that
only lies with TSP that have full surveillance obligations.
> The other question that comes to my mind: if the
customer provides a captive portal to have users acknowledge a "Hausordnung" /
> conduct, then the APs will "store" which MAC address has checked the box.
Does that make his subject to the Büpf?
According to your description, your customer operates the wireless access point and shares
his Internet access with the public. This activity falls within the BÜPF category „persons
who make their access to a public telecommunications network available to third parties“
(Article 2 letter e BÜPF), no matter if a captive portal is provided or not. This category
of persons only has passive obligations under the BÜPF, does not need to prepare anything
and does not need to store data based on the BÜPF.
Do not hesitate to contact us for further information.
Post and Telecommunications Surveillance Service
Provider Management Team
Fellerstrasse 15, 3003 Bern
Tel. +41 58 463 34 29