Comment on the revised Secret Service Law
Several Kolab Now users have been asking what the new Nachrichtendienstgesetz (NDG; Secret Service Law) approved by popular Swiss referendum will mean to them.
The short answer is: Not much.
The longer answer is:
The new law will likely enter into force on the 1st of September 2017. It has been largely criticised as not only useless, but also dangerous by civil rights and privacy experts, as well as those who represent the liberal principles of Switzerland.
Kolab Systems shares that assessment and our CEO was outspoken asking for a vote against the law in the referendum. In our view, the most dangerous aspect of this law is that it threatens to turn the secret service from an ally, to a potential threat against security and freedom.
Politically, it was a reaction to the near complete dismantling of the secret service carried out some decades ago. The secret service was back then banned entirely from carrying out activities within the borders of the country. Despite the result of the referendum, the legal situation in Switzerland for protecting privacy is, and will continue to be, better than in the rest of the world, especially when combined with the political stability of the country and its long-standing traditions.
For users of Kolab Now, the most important change is that when you access your Kolab Now service from abroad, the secret service will be allowed to record that traffic. Because all our data transport layers are mandatorily encrypted to the state of the art, using methods such as Perfect Forward Secrecy (PFS) and large keys, the captured data will be largely useless. The Swiss secret service will from now on see what so far your own Internet provider, the interconnecting points, the NSA, and your national secret service have been seeing: that your IP address is connecting to Kolab Now. Nothing more.
They have no way of knowing your identity/user name, they will not be able to access your data, and they will have no knowledge of who you are in contact with.
In order to do that, they would have to either (a) compel us to cooperate, which we will only do within the confines of a court order approved by a judge, or (b) try to break into our service. As for the latter, when you run a service on the Internet, anyone from around the world can try to break into your servers. This is a scenario you always seek to do your utmost to defend against. Hence Kolab's defences are already in place and are being maintained and improved day by day. Defend our servers is something we do regardless of any law.
So at the end of the day, not very much changes for users of Kolab Now.
If you were not concerned about the NSA and your local secret service knowing that you were connecting to Kolab Now, but are extremely concerned that the Swiss secret service will now also know this from 1st of September 2017 onward, our recommendation would be to at some point in the next 12 months get yourself a VPN or start using Tor to access our services.
Other than that we remain committed to protecting the privacy of our users and to the Kolab Mission: