¹ This Ordinance regulates the organisational aspects of and procedure for the surveillance of post and telecommunications and for the provision of information on postal and telecommunications services.⁴

² It applies to:

a.

ordering authorities and the authorities directing proceedings;

b.

approval authorities;

c.

federal, cantonal and communal police forces;

d.

the Federal Intelligence Service (FIS);

e.

the State Secretariat for Economic Affairs (SECO);

f.

federal and cantonal authorities competent to deal with administrative criminal cases;

g.

the Post and Telecommunications Surveillance Service (PTSS);

h.

postal service providers (PSPs);

i.

telecommunications service providers (TSPs);

j.⁵

providers of derived communication services (PDCSs);

k.

operators of internal telecommunications networks;

l.

persons who allow third parties to use their access to a public telecommunications network;

m.

professional retailers of cards and similar means of gaining access to a public telecommunications network.

The terms and abbreviations used in this Ordinance are defined in the Annex.

The ordering authority and the approval authority shall transmit surveillance orders and orders for their extension or termination, approvals and the access rights to be established to the PTSS as follows:

a.

by means of a secure means of transmission authorised by the FDJP;

b.

by letter, if the means of transmission in accordance with letter a is unavailable for technical reasons; or

c.

by telephone in urgent cases, provided the surveillance order is submitted in accordance with letter a or b within 24 hours.

¹ The PTSS shall determine in specific cases the technical and organisational measures for conducting surveillance, unless these are directly specified in the applicable regulations, in particular for standardised types of information and surveillance.

² If, as a result of operational problems, a person or entity required to cooperate is unable to meet its obligations for the surveillance of post or telecommunications, it shall report this to the PTSS without delay and thereafter submit a written statement of the reasons. The PTSS shall inform the person or entity required to cooperate without delay if surveillance cannot be carried out because of operational problems on its side.

³ Irrespective of where the cause of the error lies, the person or entity required to cooperate must temporarily store at least the undelivered secondary telecommunications data from real-time surveillance and deliver it without delay. If the secondary telecommunications data from real-time surveillance is no longer available or incomplete, the person or entity required to cooperate must deliver without delay the secondary telecommunications data from retroactive surveillance in accordance with the instructions of the PTSS.

¹ Retroactive surveillance begins no earlier than 6 months before the day on which the order is received by the PTSS, i.e. on the day whose date corresponds to the date of the day on which the order is received. If the date in question does not fall within the month in which monitoring begins, monitoring begins at the earliest on the last day of that month.

² It ends no later than the day on which the order is received by the PTSS.

If the PTSS establishes that the surveillance relates to a holder of official or professional secrets but that the statutory measures to protect these secrets have not been taken, it shall in the following situations notify the ordering authority and the approval authority without delay and initially shall not allow the former and the persons named in the surveillance order access to the surveillance data:

a.

if surveillance has been ordered by a civilian prosecution authority: in the case of persons from the professional groups specified in Articles 170-173 CrimPC unless measures have been taken in accordance with Article 271 CrimPC;

b.

if surveillance has been ordered by a military prosecution authority: in the case of persons from the professional groups specified in Article 75 letter b MCPC unless measures in accordance with Article 70b MCPC have been taken;

c.

if surveillance has been ordered by the FIS: in the case of persons from the professional groups specified in Articles 171-173 CrimPC unless measures have been taken in accordance with Article 58 paragraph 3 of the Intelligence Service Act of 25 September 2015⁸ in conjunction with Article 23 of the Intelligence Service Ordinance of 16 August 2017⁹.

The surveillance or the provision of information shall be carried out so that neither the person concerned nor unauthorised third parties are aware of it.

The PTSS shall at the request of the ordering authority carry out automated filtering if it is technically able to so and the cost and workload involved is not disproportionate.

¹ The PTSS shall record as evidence the telephone calls made in connection with its duties.

² Any evaluations of the recording shall be carried out by the data protection officer or the PTSS Data Protection Commissioner.¹⁰

³ The PTTS shall retain the recorded telephone calls for two years and thereafter destroy the recordings.

¹ The PTSS shall open a file in the processing system for each surveillance order.

² The file contains all the documents on the case concerned, namely:

a.

the surveillance order and its attachments;

b.

the surveillance assignment or assignments issued to the relevant person or entity required to cooperate;

c.

the confirmation or confirmations of when the assignment was issued to the person or entity required to cooperate;

d.

the written acknowledgment from the person or entity required to cooperate that the surveillance assignment or assignments has or have been carried out;

e.

the rulings from the approval authority on the approval or non-approval of the surveillance order together with any appeal decisions;

f.

any extension orders and rulings from the approval authority;

g.

the termination order;

h.

the correspondence relating to the measure;

i.

the protection measures specially ordered;

j.

the accounting records.

³ The surveillance data shall be stored in accordance with Article 11 SPTA and destroyed in accordance with Article 14 of the Ordinance of 15 November 2017¹¹ on the Processing System for the Surveillance of Post and Telecommunications (PSO-PTSS).

¹ Normal working hours for the PTSS and the persons or entities required to cooperate are Monday to Friday continuously from 8am to 5pm.

² Normal working hours do not apply on public holidays. These are 1 and 2 January, Good Friday, Easter Monday, Ascension Day, Whit Monday, 1 August, 24 December from noon, 25 and 26 December and New Year's Eve (31 December) from noon.

¹ Outside normal working hours and on public holidays, the PTSS, the TSPs, with the exception of those with reduced surveillance duties (Art. 51), and the PDCSs with more extensive surveillance duties (Art. 52) must provide an on-call service during which they must be available at all times in order to rectify faults and provide the following services insofar as they are required to do so in accordance with Articles 18 and 50:

a.

providing information in accordance with Articles 35-43, 48a-48c and in accordance with Article 27 in conjunction with the Articles 35, 40, 42 and 43;

b.

activating real-time surveillance in accordance with Articles 54-59;

c.

conducting urgent retrospective surveillance activities in accordance with Articles 60-63, 65 and 66;

d.

conducting missing person searches in accordance with Article 67 and wanted person searches in accordance with Article 68, with the exception of network coverage analysis in preparation for an antenna search in accordance with Article 64;

e.

issuing assignments for the mobile phone localisation of suspected terrorists in accordance with Article 68a;

² The authorities must notify the PTSS on-call service by telephone of services provided under paragraph 1, unless the information is provided automatically via the query interface of the processing systems.

³ Requests for special information and orders for special surveillance activities (Art. 25) shall not be accepted or processed outside normal working hours or on public holidays.

⁴ TSPs with reduced surveillance duties (Art. 51), PDCSs and PDCSs with more extensive duties to provide information (Art. 22) that already have an internal on-call service must provide the PTSS with the current contact details for their on-call service. In particularly urgent cases, the PTSS is permitted to contact them outside normal working hours and on public holidays via this channel.

¹ The PTSS shall publish statistics every year about the surveillance activities ordered in the previous calendar year and the information provided. These shall indicate in particular the number:

a.

of surveillance measures in real time;

b.

of retroactive surveillance measures;

c.

of instances in which information was provided;

d.

of missing person searches;

e.

of wanted person searches;

f.¹³

of mobile phone localisations of suspected terrorists.

² The statistics in accordance with paragraph 1 shall indicate:

a.

the type of offence;

b.

the canton of the ordering authority, the ordering federal authority or, in the case of missing person searches, also an authority from the Principality of Liechtenstein, and in the case of information, the competent cantonal or federal authority (Art. 1 para. 2 lets c-f);

c.¹⁴

the nature of the information, surveillance, missing person search or wanted person search or mobile phone localisation of suspected terrorists;

d.

the duration of surveillance, if applicable;

e.

the fees;

f.

the compensation.

¹ Public prosecutor's offices and military examining magistrates shall keep annual statistics on the special technical devices and special information technology programs used in the previous calendar year for surveillance activities (Art. 269^bis para. 2 and 269^ter para. 4 CrimPC and Art. 70^bis para. 2 and 70^ter para. 4 MCPC respectively). The statistics shall indicate the type of offence.

² Public prosecutor's offices and the Office of the Military Attorney General at the DDPS shall submit the statistics to the PTSS in the first quarter of the following year. The statistics shall indicate only assignments concluded in the year concerned.

³ The PTSS shall publish consolidated statistics every year. These do not contain any details of the canton of the ordering authority or the federal ordering authority.

¹ Requests for information from the authorities specified in Article 15 SPTA to TSPs, providers of derived communication, PDCSs¹⁵ and operators of internal telecommunications networks as well as the information returned to the authorities are transmitted in the online request procedure or via the interfaces using the processing system specified in the PSO-PTSS¹⁶.

² If the online request procedure using the processing system is unavailable for technical reasons, requests for information and the information returned to the authorities may be submitted to the PTSS by post or fax.

³ In urgent cases, the authorities may submit requests for information by telephone to the PTSS, and submit the request for information specified in paragraph 1 or 2 subsequently.

⁴ The request for information must indicate, in addition to the details required for the type of information concerned, the maximum number of data records to be supplied and, if available, the reference numbers and case names.

¹ The following providers of derived communication services shall provide the information via the query interface of the PTSS processing system:

a.

TSPs, with the exception of those with reduced surveillance duties 51);

b.

PDCSs with more extensive duties to provide information (Art. 22);

c.

PDCSs with more extensive surveillance duties (Art. 52).

² TSPs, with the exception of those with reduced surveillance duties, shall provide the information in accordance with Articles 35-37, 40, 41 and 48b and in accordance with Article 27 in conjunction with the Articles 35 and 40 automatically. They shall provide other standardised information manually or automatically if they so request and by arrangement with the PTSS.

³ TSPs with reduced surveillance duties are not required to provide information in accordance with Article 48b. They shall provide the standardised information as follows:

a.

in writing, outside the processing system by means of a secure means of transmission authorised by the FDJP;

b.

manually, via the query interface of the processing system; or

c.

automatically, if they so request and by arrangement with the PTSS.

⁴ PDCSs with more extensive duties in accordance with Article 22 or 52 shall provide the information in accordance with Articles 35-37, 40 and 41 and in accordance with Article 27 in conjunction with Articles 35 and 40 automatically. They are not required to provide information in accordance with Articles 48a-48c. They shall provide the other standardised information manually or, if they so request and by arrangement with the PTSS, automatically.

¹ PDCSs without more extensive duties and operators of internal telecommunications networks are not required to adhere to the types provided for in this Ordinance when providing information.

² They shall supply the information available to them in writing outside the processing system via a secure means of transmission authorised by the FDJP.

³ They may if they so request provide the information manually via the query interface of the PTSS processing system or automatically by arrangement with the PTSS.

The persons or entities required to cooperate may engage third parties to provide information.

If the number the data records found exceeds the maximum number specified in the request, the person or entity required to cooperate shall only disclose their number.

¹ TSPs, PDCSs with more extensive duties to provide information in accordance with Article 22, PDCSs with more extensive surveillance duties in accordance with Article 52 and retailers in accordance with Article 2 letter f SPTA must ensure that subscribers are identified by suitable means.

² In the case of professionally operated public WLAN hotspots²¹, TSPs must ensure that all end users are identified by suitable means.

¹ When supplying the means of access to mobile services or on the initial activation of such services, the TSP must verify the proof of identity in accordance with Articles 20a and 20b.

² This obligation applies to the retailer in accordance with Article 2 letter f SPTA and not the TSP, if the means of access is supplied or the services are initially activated directly by the retailer.

³ The TSP shall verify in an appropriate manner the due registration and identification of the subscriber by the retailer and that the TSP has received the information and the copy of the identity document.

¹ Where the subscriber is a natural person, proof of the identity must be provided by producing any one of the following documents, which must be valid on the day of recording:

a.

a Swiss or foreign passport;

b.

a Swiss or foreign identity card; or

c.

a foreign national identity card in accordance with the Article 71 and 71a of the Ordinance of 24 October 2007²⁴ on Admission, Period of Stay and Employment.

² The following data about the subscriber shall be recorded:

a.

based on the document:

1.

surname and given name(s),

2.

date of birth,

3.

type of document, number and the issuing country or issuing organisation,

4.

nationalities;

b.

address;

c.

if known: occupation.

³ In the case of customer relationships that are not based on a subscription contract the following data must also be recorded:

a.

the time at which the means of access was supplied or the services were first activated;

b.

the name and full address of the point of supply or activation;

c.

the surname and given name(s) of the person recording the data.

⁴ The TSP or if applicable the retailer must make or have made an easily legible electronic copy of the original document. The retailer shall supply the data in accordance with paragraphs 2 and 3 and the copy to the TSP within 3 days of recording the data.

¹ In the case of legal entities, the following data must be recorded and verified based on suitable proof:

a.

the name, registered office and contact data of the legal entity;

b.

the unique business identification number (UID) in accordance with the Federal Act of 18 June 2010²⁶ on the Business Identification Number or the international legal entity identifier (LEI) of the legal entity;

c.

if available, the names and forenames of the persons who will use the provider's services.

² Retailers shall supply the information to the TSP within 3 days of recording the data.

³ Article 20a paragraph 3 applies mutatis mutandis.

¹ The PTSS shall at the request of the federal or cantonal police authorities or of the FIS arrange for a contract to be concluded between a TSP and the authority on the supplying the means of access and activating the services. The contract shall provide that the information in accordance with Article 20b is only accessible to a particularly small group of trustworthy persons. The TSP shall decide in consultation with the PTSS on the methods by which further disclosure of the data can be prevented.

² The PTSS shall verify the identity of the persons who are entitled to obtain means of access and services on behalf of the authorities, and shall pass on the information required to supply this means of access and to activate these services to the TSP. The TSP shall document the means of access supplied to and the services activated for the authorities internally.

³ The means of access and services in accordance with this Article may only be used within the scope of the law applicable to the authority concerned.

¹ The following providers must retain and be able to provide the following data for the duration of and for 6 months following the end of the customer relationship:

a.

TSPs and PDCSs with more extensive duties in accordance with Article 22 or 52: the data on the services and the data for the purpose of identification in accordance with Article 19 paragraph 1;

b.

TSPs: in addition, data on identifiers assigned on a long-term basis in accordance with Article 48a.

² TSPs must retain and be able to provide identification data in accordance with Article 19 paragraph 2 for the duration of and for 6 months following the end of authorisation to access the professionally operated public WLAN hotspot.

³ They must for the purpose of identification retain the data on the unique assignment of IP addresses for the network access point for 6 months and be able to provide the information in accordance with Article 37.

⁴ TSPs that offer mobile services must retain and be able to supply the data on the subscribers in accordance with Articles 20a and 20b and a copy of the proof of identity for the duration of and for 6 months following the end of the customer relationship.

⁵ TSPs, with the exception of those with reduced surveillance duties (Art. 51), must retain the following data for the purpose of identification for 6 months:

a.

secondary telecommunications data relating to the device identifiers actually used, in order to be able to provide the information specified in Articles 36 paragraph 1 letter b and 41 paragraph 1 letter b number 2;

b.

secondary telecommunications data relating to the assignment and translation (NAT) of IP addresses and port numbers for the network access, in order to be able to provide the information specified in Articles 38 and 39; and

c.

secondary telecommunications data to determine the networks directly adjacent to a communication or an attempt at communication using telephony and multimedia services in order to be able to provide the information in accordance with Article 48c.

⁶ PDCSs with more extensive surveillance duties (Art. 52) must retain the data in accordance with paragraph 5 letters a and b for 6 months for the purpose of identification.

⁷ The secondary telecommunications data under paragraph 2 must be destroyed as soon as the retention period has expired, unless other legislation requires or permits such data to be retained for longer.

¹ The PTSS shall declare a PDCSs to be a provider with more extensive duties to provide information (Art. 22 para. 4 SPTA), if it has met one of the following criteria:

a.

100 requests for information in the past 12 months (effective date: 30 June);

b.

annual turnover in Switzerland of CHF 100 million in two successive financial years, provided a large part of its business operations provides derived communication services and 5,000 subscribers use the provider's services.

² If a provider controls one or more undertakings required to file financial reports as defined in Article 963 paragraph 2 of the Code of Obligations²⁹, the provider and the controlled undertakings must be regarded as a single unit when calculating the values in accordance with paragraph 1.

³ Providers that exceed or fail to meet the criteria in paragraph 1 letter b must notify the PTSS of this in writing within three months of the end of their financial year and submit related supporting documents.

⁴ Providers must on request provide the PTSS with the information and supporting documents for assessing the criteria under paragraph 1 letter b. The PTSS may rely on data obtained in implementing the legislation relating to the surveillance of post and telecommunications or by other authorities in implementing federal law.

⁵ A provider that is declared to have more extensive duties to provide information must ensure that it can store the data required for providing information within 2 months and provide the information within 12 months of the declaration.

If third parties are engaged by the provider to assist in providing information or conducting surveillance activities, they shall be subject to the same requirements as the provider. The provider remains responsible for providing information and conducting the surveillance activities ordered to the extent specified; in particular it shall take the measures required to ensure that suitable contact persons for providing information and conducting the surveillance activities ordered are available to the PTSS at all times. Both the provider assigned the task by the PTSS and its assistants serve as contact points for the PTSS.

¹ The Federal Justice and Police Department (FDJP) shall standardise the types of information and surveillance that are defined in this Ordinance.

² If, based on the international standards and the enquiries made of the persons or entities required to cooperate, it proves impossible or unreasonable to standardise a type of information or surveillance, the FDJP shall dispense with doing so.

In the case of information and surveillance activities that do not correspond to a standardised type of information or surveillance, TSPs and PDCSs shall provide the PTSS with all already available interfaces and connections to the PTSS processing system. The content and the secondary telecommunications data of the telecommunication of the person under surveillance must be supplied as far as possible in accordance with Article 26 paragraph 1 SPTA. The PTSS shall determine the modalities in specific cases.

¹ The types of information relate to information about:

a.

the subscribers (Art. 35, 40, 42 and 43 together with Art. 27 in conjunction with these articles);

b.

services (Art. 36-39 and 41);

c.

the method of payment (Art. 44);

d.

the proof of identity (Art. 45);

e.

the copies of invoices (Art. 46);

f.

the copies of contracts (Art. 47);

g.

the technical data relating to telecommunications systems and network elements (Art. 48);

h.

the identifiers assigned (Art. 48a and 48b); and

i.

determining the adjacent networks (Art. 48c).

² The authorities may only request the information that persons or entities required to cooperate are required to provide in accordance with the procedures defined in this Ordinance.

¹ Requests for types of information specified in Articles 35, 40, 42 and 43 may be complied with by carrying out a search that tolerates errors and finds phonetic matches (flexible name search). In this case, the suffix "FLEX" shall be added to the abbreviation for the relevant information request type: IR_5_NA_FLEX, IR_11_TEL_FLEX, IR_14_email _FLEX and IR_16_COM_FLEX.

² The request for information shall in each case contain the first and at least one additional query criterion for the underlying information request type.

The types of surveillance are as follows:

a.

real-time surveillance:

1.

of secondary telecommunications data in the case of network access services (Art. 54),

2.

of content and secondary telecommunications data in the case of network access services (Art. 55),

3.

of secondary telecommunications data in the case of applications (Art. 56 and 58),

4.

by means of position determination by the network (Art. 56a and 56b),

5.

of content and secondary telecommunications data in the case of applications (Art. 57 and 59);

b.

retroactive surveillance:

1.

of network access services (Art. 60),

2.

of applications (Art. 61 and 62),

3.

by determining the location of the most recent activity (Art. 63),

4.

by means of an antenna search (Art. 66) and the related preparations (Art. 64 and 65);

c.

the missing person search (Art. 67):

1.

by determining the location of the most recent activity (Art. 67 let. a),

2.

by means of position determination by the network (Art. 67 let. b and c),

3.

by means of real-time surveillance of content and secondary telecommunications data for network access services and telephony and multimedia services (Art. 67 let. d),

4.

by means of real-time surveillance of secondary telecommunications data for network access services and telephony and multimedia services (Art. 67 let. e),

5.

by means of retroactive surveillance of network access services and in the case of telephony and multimedia services (Art. 67 let. f);

d.

the wanted person search (Art. 68):

1.

by determining the location of the most recent activity (Art. 68 para. 1 let. a),

2.

by means of position determination by the network (Art. 68 para. 1 let. b and c),

3.

by means of real-time surveillance of content and secondary telecommunications data for network access services and telephony and multimedia services (Art. 68 para. 1 let. d),

4.

by means of real-time surveillance of secondary telecommunications data for network access services and telephony and multimedia services (Art. 68 para. 1 let. e),

5.

by means of real-time surveillance of secondary telecommunications data for network access services and telephony and multimedia services (Art. 68 para. 1 let. f),

6.

by means of an antenna search and the related preparations (Art. 68 para. 1 let. g);

e.

real-time mobile phone localisation of terrorist suspects (Art. 68a).

¹ The quality of the data transmitted is acceptable if:

a.

the data delivery meets the requirements specified by the FDJP;

b.

the data is delivered without loss of data and without interruptions; and

c.

the transmitted surveillance data or information data correspond to that specified in the surveillance order or request for information.

² The persons or entities required to cooperate are responsible for the quality of the transmitted information and surveillance data up to the point of delivery.

³ If a provider or the PTSS identifies any defects in the quality of the data transmitted, they shall inform each other without delay. The PTSS shall determine the seriousness of the defects and the procedure for their rectification after consulting the provider. The provider and the PTSS shall inform each other regularly and promptly about the status of the rectification of defects.

¹ The PTSS may make test connections; in doing so, it may work with the prosecution authorities and the FIS. The tests serve the following purposes in particular:

a.

assuring the quality of the data diverted to the PTSS and the prosecution authorities by the persons or entities required to cooperate;

b.

verifying the ability of the persons or entities required to cooperate to provide information and conduct surveillance;

c.

testing the PTSS processing system;

d.

training;

e.

generating reference data.

² The PTSS may instruct the persons or entities required to cooperate to participate in generating the test data. The PTSS shall draw up a test plan after consulting the persons or entities required to cooperate.

³ The persons or entities required to cooperate shall provide the PTSS with the required test connections and the required telecommunications services or derived communications services at its request free of charge and permanently. They shall assist the PTSS in making the required test connections that they cannot themselves provide.³²

⁴ The prosecution authorities and the FIS may also make test connections at their own expense for the purpose of quality assurance and the training. To this end, they shall submit orders to the PTSS and pay fees.

¹ TSPs and PDCSs with more extensive information (Art. 22) or surveillance duties (Art. 52) shall in accordance with Article 33 paragraph 1 SPTA provide proof of their ability to provide information and conduct surveillance.

² Proof is provided if:

a.

the tests that must be conducted in accordance with PTSS requirements have been successfully completed; and

b.

the provider confirms in a questionnaire drawn up by the PTSS it meets the requirements in relation to standardised information and surveillance activities that cannot be proven by testing.

³ The PTSS shall ensure that it conducts the verification process promptly and does not cause any delay in market introduction. To do so, it shall carry out the following tasks:

a.

It shall check the results of the tests in accordance with paragraph 2 letter a.

b.

It shall evaluate the questionnaire in accordance with paragraph 2 letter b.

c.

It shall keep a record of the test procedures.

d.

It shall issue the providers with confirmation in accordance with Article 33 paragraph 6 SPTA.

e.

It shall retain the records for as long as the confirmation remains valid and for ten years after its expiry.

⁴ The PTSS shall state in the confirmation that the provider has proven its ability to provide certain types of information and conduct certain types of surveillance activities.

¹ The confirmation of ability to provide information and conduct surveillance is valid for three years.

² On expiry of the term of validity, the PTSS may extend the confirmation by a further three years if the person or entity required to cooperate certifies that since confirmation was granted no modifications have been carried out that influence data delivery or the ability to provide information or conduct surveillance.

³ If a provider can no longer provide information or conduct surveillance, it shall notify the PTSS immediately.

The FDJP shall regulate the procedure for verifying ability to provide information and conduct surveillance.

The PTSS shall immediately declare a confirmation of ability to provide information and conduct surveillance that has already been issued to be invalid for the relevant types of information or surveillance if:

a.

the provider gives notice that it can no longer provide information or conduct surveillance;

b.

the provider is unable on two or more occasions to deliver data, provide information or conduct surveillance;

c.

the information on the provider that underlies the confirmation is untrue.

¹ Information Request Type IR_4_NA comprises the following data about subscribers to network access services:

a.

if available, the unique subscriber identifier (e.g. customer number);

b.³³

in the case of mobile services:

1.

the data on the natural person or legal entity in accordance with Articles 20-20b,

2.

if available, additional addresses and contact data and their term of validity, and

3.

in the case of natural persons, gender;

c.³⁴

in the case of the other network access services:

1.

the identification data specified in Article 19,

2.

if known, the details of the natural or legal entity, additional addresses and contact data and their term of validity, and

3.

in the case of natural persons, gender;

d.

the following information about each network access service that the subscriber obtains from the provider:³⁵

1.

the unique identifier for the provider (e.g. TSP number),

2.³⁶

the main unique service identifier (e.g. user name, MSISDN, GPSI),

3.

the period over which the service was used (start, first activation and, if applicable, termination),

4.

if applicable, further information about additional options or restrictions on the network access service,

5.

if applicable, the installation addresses of the fixed location access to the network and their period of validity in each case,

6.

the statuses of the service as designated internally by the provider (e.g. active, suspended, blocked) and their period of validity in each case,

7.

if applicable, all static IP addresses, IP prefixes, IP address ranges and net masks or prefix lengths assigned to network access service concerned and their period of validity in each case,

8.

in the case of customer relationships that are not based on a subscription contract, the time and the point of supply (name and complete address) for the means of access and the name of the person who made the supply,

9.³⁷

if applicable, the associated ICCID at the time of its supply,

10.³⁸

if applicable, the associated IMSI or SUPI,

11.³⁹

the type of customer relationship (e.g. prepaid, subscription),

12.⁴⁰

if applicable, the list or area for the additional addressing resources and identifiers (e.g. ICCID) registered in connection with or associated with the service (e.g. MSISDN) and their term of validity,

13.⁴¹

the name of the service (e.g. name of the subscriptions or of the tariff).

² The request for information shall specify the period to which the request relates. It shall contain at least one of the following query criteria.⁴²

a.

surname(s), first name(s);

b.

date of birth;

c.

country and postcode or country and place;

d.

street and, if possible, house number;

e.

identity document number and, optionally, the type of identity document;

f.

name and, optionally, the registered office of the legal entity;

g.⁴³

UID or LEI;

h.

subscriber identifier (e.g. customer number);

i.⁴⁴

subscriber identifier or service identifier other than IP addresses (e.g. user name, MSISDN, GPSI);

j.⁴⁵

IMSI or SUPI;

k.⁴⁶

ICCID.

³ In the case of the criteria in accordance with paragraph 2 letters a-d, a second query criterion shall be added. In the case of searches for character strings (para. 2 let. a, c, d and f), the provider shall search for the specified spelling in accordance with the FDJP regulations.⁴⁷

¹ Information Request Type IR_6_NA comprises the following data about network access services:

a.

if available, the unique subscriber identifier (e.g. customer number);

b.

the following data about the requested services and any additional associated network access services:

1.

the unique service identifier (e.g. user name),

2.

if applicable, all identifiers associated with the service concerned (e.g. user name, MSISDN, GPSI) and their term of validity,

3.

if available, the alternative subscriber identifier, and in particular in the case of a professionally operated public WLAN hotspot, an identifier that enables a request for the identification data in accordance with Article 19 paragraph 2 to be made,

4.

the unique device identifiers in accordance with international standards (e.g. IMEI, PEI, MAC address) of the devices used in connection with the service for the devices used at the provider in connection with the service concerned in the last 6 months and, if available, the individual names of the devices,

5.

if applicable, the ICCID of all SIMs associated with the service concerned and their term of validity, the PUK and PUK2 codes, the IMSI or the SUPI, the MSISDN or the GPSI and the eUICC-ID,

6.

in the case of a multi-device offer: information on whether the device is the main device or a secondary device.

² The request for information shall specify the period to which the request relates. It shall contain at least one of the following query criteria:

a.

the service identifier, other than IP addresses (e.g. user name, MSISDN, GPSI or an identifier) that enables a request for the identification data in accordance with Article 19 paragraph 2 to be made;

b.

the IMSI or the SUPI;

c.

the unique device identifier in accordance with international standards (e.g. IMEI, PEI, MAC address);

d.

the installation address of the fixed location access to the network;

e.

the ICCID.

¹ Information Request Type IR_7_IP comprises the following data for the purpose of identification if a unique IP address was not assigned:⁴⁹

a.

if available, the unique subscriber identifier (e.g. user name);

b.⁵⁰

the unique service identifier (e.g. user name, MSISDN, GPSI) of the network access service or an identifier that enables a request for the identification data in accordance with Article 19 paragraph 2 to be made;

c.

the unique identifier that indicates the provider of the network access service (e.g. TSP number).

² The request for information shall contain the following information:

a.

the IP address;

b.

the date and time.

¹ Information Request Type IR_8_IP (NAT) comprises the following data for the purpose of identification if a unique IP address was not assigned (NAT ):⁵¹

a.

if available, the unique subscriber identifier (e.g. user name);

b.⁵²

the unique service identifier (e.g. user name, MSISDN, GPSI) of the network access service or an identifier that enables a request for the identification data in accordance with Article 19 paragraph 2 to be made.

² The request for information shall contain the information known about the requested NAT context:⁵³

a.

the public source IP address;

b.

if required for identification, the public source port number;

c.

if required for identification, the public destination IP address;

d.

if required for identification, the destination port number;

e.

if required for identification, the type of transport protocol;

f.⁵⁴

the relevant date and time, at the beginning, within or at the end of the NAT context.

¹ Information Request Type IR_9_NAT comprises the following data on a specific NAT context for the purpose of identification in connection with a NAT procedure at provider level:

a.

the source IP address before or after the NAT translation;

b.

the source port number before or after the NAT translation.

² The request for information shall contain the data known about the requested NAT context:

a.

the source IP address after or before the NAT translation;

b.

the source port number after or before the NAT translation;

c.

if required for identification, the public destination IP address;

d.

if required for identification, the destination port number;

e.

if required for identification, the type of the transport protocol;

f.

the relevant date and time, at the beginning, within or at the end of the NAT context.

¹ Information Request Type IR_10_TEL comprises the following data about subscribers to telephony and multimedia services:

a.

if available, the unique subscriber identifier (e.g. customer number);

b.⁵⁶

in the case of mobile services:

1.

data on the natural person or legal entity in accordance with Articles 20, 20a and 20b,

2.

if available, additional addresses and contact data and their term of validity, and

3.

in the case of natural persons, gender;

c.⁵⁷

in the case of the other telephony and multimedia services:

1.

the identification data specified in Article 19,

2.

if available, data on the natural person or legal entity, additional addresses and contact details and their term of validity, and

3.

in the case of natural persons, gender;

d.

the following data about each telephony and multimedia service obtained by the subscriber from the provider:⁵⁸

1.

the unique identifier designating the provider (e.g. TSP number),

2.⁵⁹

the unique main service identifier (e.g. telephone number, SIP URI),

3.

the period over which the service was used (start, first activation and if applicable, termination),

4.

the type of the service (e.g. private telecommunications installation, public call station, fixed location or mobile location service),

5.

if applicable, the installation addresses of the fixed location network access to the service and their period of validity in each case,

6.⁶⁰

the statuses of the service as designated internally by the provider (e.g. active, suspended, blocked) and their term of validity,

7.⁶¹

if applicable, the list or range of other addressing resources (e.g. telephone numbers, IMPU) or identifiers (e.g. ICCID) registered in connection with this service and their term of validity,

8.

in the case of customer relationships that are not based on a subscription contract, the time and the point of supply (name and complete address) of the means of access and the name of the person who made the supply,

9.

if applicable, details of predetermined free choice of service provider for connections,

10.⁶²

if applicable, the associated IMSI or SUPI,

11.⁶³ if applicable, the associated ICCID at the time of supply,

12.⁶⁴

the type of customer relationship (e.g. prepaid, subscription),

13.⁶⁵

the name of the service (e.g. name of the subscriptions or of the tariff).

² The request for information shall specify the period to which the request relates. It shall contain at least one of the following query criteria:⁶⁶

a.

surname(s), first name(s);

b.

date of birth;

c.

country and postcode or country and place;

d.

street and, if possible, house number;

e.

identity document number and optionally, the type of identity document;

f.

name and optional registered office the legal entity;

g.⁶⁷

UID or LEI;

h

subscriber identifier (e.g. customer number)

i.

addressing resources or identifiers (e.g. telephone number, SIP URI, TEL URI, IMPU);

j.⁶⁸

IMSI or SUPI;

k.⁶⁹

ICCID.

³ In the case of the criteria in paragraph 2 letters a-d, a second query criterion shall be added. In the case of searches for character strings (para. 2 let. a, c, d and f), the provider shall search for the specified spelling in accordance with the FDJP regulations.⁷⁰

¹ Information Request Type IR_12_TEL comprises the following data about telephony and multimedia services:

a.

if available, the unique subscriber identifier (e.g. customer number);

b.

the following data about the requested services and any additional associated telephony and multimedia services:

1.

if applicable, public addressing resources (e.g. MSISDN, SIP URI, TEL URI) and private addressing resources (e.g. IMPI) associated with the service concerned and their term of validity,

2.

the unique device identifiers in accordance with international standards (e.g. PEI) of the devices used in connection with the service concerned from the provider in the last 6 months and, if available, the names of the devices,

3.

if applicable, the ICCID of all SIMs associated with the service concerned and their term of validity, the PUK and PUK2 codes, the IMSI or the SUPI, the MSISDN or the GPSI and the eUICC-ID,

4.

in the case of a multi-device offer: information on whether the device is the main device or a secondary device.

² The request for information shall specify the period to which the request relates. It shall contain at least one of the following query criteria:

a.

the public addressing resource (e.g. SIP URI, MSISDN, GPSI);

b.

the IMSI or the SUPI;

c.

the unique device identifier in accordance with international standards (e.g. IMEI, PEI, MAC address);

d.

the installation address of the fixed location access to the network;

e.

the private addressing resource (e.g. IMPI);

f.

the ICCID.

¹ Information Request Type IR_13_EMAIL comprises the following data about subscribers to email services:

a.

if available, the unique subscriber identifier (e.g. customer number);

b.

the identification data specified in Article 19 and, if known, the data on the natural person or legal entity, additional contact data and the gender of the natural person;

c.

the following information about each email service that the subscriber obtains from the provider:⁷²

1.

the unique identifier that indicates the provider of the service,

2.

the unique service identifier (e.g. email address, user name),

3.

the period over which the service was used (start, first activation and if applicable, termination),

4.

if applicable, the list of all additional addressing resources (e.g. alias address) that pertain to this service,

5.

if applicable, the list of all addresses, to which messages addressed to the requested address are forwarded (e.g. mailing list),

6.⁷³

the name of the service;

d.⁷⁴

if applicable, the additional addressing resources or identifiers recorded by the provider in connection with this service (e.g. email address, MSISDN, GPSI, addressing resource provided to restore lost access to the email account).

² The request for information shall specify the period to which the request relates. It shall contain at least one of the following query criteria:⁷⁵

a.

surname(s), first name(s);

b.

date of birth;

c.

country and postcode or country and place;

d.

street and if possible house number;

e.

identity document number and, optionally, the type of identity document;

f.

name and, optionally, registered office of the legal entity;

g.⁷⁶

UID or LEI;

h.

subscriber identifier (e.g. customer number);

i.

service identifier (e.g. email address, user name);

j.⁷⁷

identifiers associated with the service concerned, such as a recovery addressing resource.

³ In the case of the criteria in paragraph 2 letters a-d, a second query criterion shall be added. If searching for character strings (let. a, c, d and f), the provider shall search for the specified spelling of the term in accordance with the FDJP regulations.⁷⁸

¹ Information Request Type IR_15_COM comprises the following data about subscribers to other telecommunications or derived communications services (e.g. messaging services, communications services in social networks:⁷⁹

a.

if available, the unique subscriber identifier (e.g. customer number);

b.

the identification data specified in Article 19 and, if known, data on the natural person or legal entity, additional contact data and the gender of the natural person;

c.

the following data about each additional telecommunications service or derived communications service that the subscriber obtains from the provider:⁸⁰

1.

the unique identifier that indicates the provider,

2.

the unique service identifier (e.g. user name),

3.

the period over which the service was used (start, first activation and if applicable, termination),

4.

the statuses of the service as designated internally by the provider (e.g. active, suspended, blocked) and their period of validity in each case,

5.

the list of other addressing resources or identifiers registered in connection with this service,

6.⁸¹

the name of the service.

² The request for information shall specify the period to which the request relates. It shall contain at least one of the following query criteria:⁸²

a.

surname(s), first name(s);

b.

date of birth;

c.

country and postcode or country and place;

d.

street and, if possible, house number;

e.

identity document number and, optionally, the type of identity document;

f.

name and, optionally, the registered office of the legal entity;

g.⁸³

UID or LEI;

h.

subscriber identifier (e.g. customer number);

i.⁸⁴

addressing resource or identifier (e.g. user address, pseudonym, unique application-specific identifier);

j.⁸⁵

identifier associated with the service concerned, such as a recovery addressing resource.

³ In the case of the criteria in paragraph 2 letters a-d, a second query criterion shall be added. If searching for character strings (let. a, c, d and f), the provider shall search for the specified spelling of the term in accordance with the FDJP regulations.⁸⁶

¹ Information Request Type IR_17_PAY comprises the following data about the method of payment used by subscribers to telecommunications and derived communications services:

a.

the unique identifier that indicates the provider;

b.

the unique subscriber identifier (e.g. customer number);

c.⁸⁷

the unique identifier that the provider has assigned to the subscriber for accounting or billing purposes;

d.

the unique service identifier (e.g. telephone number, SIP URI, user name);

e.

the method of payment (debit, bank transfer or prepaid);

f.⁸⁸

the account information that the subscriber has given to the provider, consisting of the name of the bank, account holder and IBAN (or BIC and account number) or national bank number and account number;

g.

the billing addresses (house number, street, PO box, postcode, place, country) and their period of validity (start and if applicable, termination).

² The data specified in paragraph 1 must be supplied if the provider has it.

³ The request for information shall specify the period to which the request relates. It shall contain at least one of the following query criteria:

a.

the subscriber identifier (e.g. customer number);

b.

the service identifier (e.g. telephone number, SIP URI, user name);

c.⁸⁹

the identifier that the provider has assigned to the subscriber for accounting or billing purposes;

d.⁹⁰

the subscriber's bank account information: IBAN (or BIC and account number) or national bank number and account number;

e.

the billing address (house number, street, PO box, postcode, place, country);

f.⁹¹

the code for topping up the credit or paying for the service.

¹ Information Request Type IR_18_ID comprises the provision of an electronic copy of the subscriber's identification document recorded in accordance with Article 20a paragraph 4.

² The request for information shall specify the period and subscriber or service identifier, ICCID, IMSI or SUPI or, if applicable, device identifier to which it relates.

¹ Information Request Type IR_19_BILL comprises the provision of electronic copies of all available billing records pertaining to the subscriber, not including secondary telecommunications data on telecommunications services and derived communications services.⁹³

² The request for information shall specify the period and unique subscriber or service identifier or unique identifier for accounting or billing to which it relates.

¹ Information Request Type IR_20_CONTRACT comprises the provision of electronic copies of all available contract documents pertaining to the subscriber to telecommunications services and derived communications services.

² The request for information shall specify the period and subscriber or service identifier, ICCID, IMSI or SUPI or, if applicable, the device identifier to which it relates.

¹ Information Request Type IR_21_TECH comprises the provision of technical data relating to telecommunications systems and network elements at the requested location, in particular the location data for mobile radio cells and professionally operated public WLAN hotspots.

² The location data comprise:

a.

the identifiers of network elements (e.g. cell or geographical area identifier) or another suitable designation (e.g. hotspot name)) and the geographical coordinates or other details of the location in accordance with international standards;

b.

the available postal address of the location;

c.

if applicable, the main directions of emission of the antennae of the cells;

d.

other available location features; and

e.

if applicable, the associated timestamps.

³ The request for information shall specify the period to which the request relates. It shall contain at least one of the following query criteria:

a.

the geographical coordinates of the requested location of the network element;

b.

the identifier of the network element (e.g. cell or geographical area identifier) or another suitable designation (e.g. hotspot name).

¹ Information Request Type IR_51_ASSOC_PERM comprises the provision of all identifiers (IMPU and IMPI) that are or were assigned to the requested identifier (IMPU or IMPI) at the relevant point in time for the provision of a specific telephone and multimedia service, and the term of validity of this assignment.

² The request for information shall specify the relevant point in time, the requested identifier and its type (IMPU or IMPI).

¹ Information Request Type IR_52_ASSOC_TEMP comprises the provision of the permanent identifiers (e.g. SUPI) that are assigned to the requested temporary identifiers (e.g. SUCI, 5G-GUTI) at the time that the provision of a specific telecommunications service is requested.

² The request for information shall specify the requested temporary identifiers and the associated mobile area.

¹ Information Request Type IR_53_TEL_ADJ_NET comprises, if applicable, the determination and provision of the name of the networks directly adjacent to a communication or an attempt at communication in the case of telephony and multimedia services (e.g. Inter-Operator-Identifier, IP-address).

² The request for information shall specify the communication or attempt at communication to which the request relates. It shall contain the following query criteria:

a.

the time of the communication or attempt at communication;

b.

the addressing resources to which the communication or attempt at communication was addressed; and

c.

if available, the addressing resources for the origin of the communication or the attempt at communication.

¹ The surveillance order submitted to the PTSS shall contain the following data:

a.

the contact data of the ordering authority;

b.

the contact data of the authorised persons envisaged as recipients of the surveillance data;

c.

if known, the surname, first name, date of birth, address and occupation of the person to be placed under surveillance;

d.

the reference numbers and case names for the surveillance activities;

e.

the reason for surveillance, in particular the offence to be investigated by means of surveillance;

f.

the names of the persons or entities required to cooperate;

g.

the types of surveillance ordered or the type of special surveillance;

h.

the identifiers subject to surveillance (target ID);

i.

if necessary, an application for general authorisation for the surveillance of several connections without authorisation in specific cases (Art. 272 para. 2 and 3 CrimPC or Art. 70c para. 2 and 3 MCPC);

j.

the starting date and the duration of the surveillance;

k.

in the case of persons bound by professional secrecy in accordance with Article 271 CrimPC or Article 70b MCPC: a note to this effect;

l.

if need be, measures to protect persons holding professional secrets and further protection measures that the authorities and the PTSS must take.

² If conducting the surveillance so requires, the FDJP may provide that the surveillance order submitted to the PTSS must include further technical data.

¹ Each TSP, with the exception of those with reduced surveillance duties (Art. 51), and each PDCS with more extensive surveillance duties (Art. 52) must be able to conduct the surveillance activities in Sections 8-12 of this Chapter (Art. 54-69) that relate to services that they provide, or they must be able to arrange for third parties to conduct the surveillance. PDCSs with more extensive surveillance duties are not required to conduct the types of surveillance in Articles 56a, 56b, 67 letters b and c and 68 paragraph 1 letters b and c.⁹⁹

² The provider shall ensure its ability to conduct surveillance of telecommunications from the commercial launch of a service provided to customers.

³ It shall ensure that it can accept surveillance assignments outside normal working hours in accordance with Article 10 and can conduct them or arrange for third party to do so in accordance with the FDJP requirements.

⁴ It shall guarantee that within the period specified in the surveillance assignment surveillance will be conducted of all telecommunications traffic carried on the infrastructures under its control provided the traffic is part of the services under surveillance and can be assigned to the target ID¹⁰⁰.

⁵ It shall support the PTSS, at its request, in order to ensure that the transmitted surveillance data actually corresponds to the telecommunications traffic specified in the surveillance assignment.¹⁰¹

⁶ If additional identifiers are associated with the target ID (e.g. IMPI with IMPU, email address with alias address, extra-SIM, multi-device), the provider shall ensure that these identifiers are also monitored as part of the type of surveillance.¹⁰²

⁷ In the case of real-time surveillance of mobile services, relevant network elements such as HLR, HSS and UDM shall also be monitored, in particular to record information about the network providing the service, a change in the assigned service and device identifiers, location-related events, a change in the network element providing the service, and identification and authentication events involving the target ID and shall be transmitted to the IRI in standardised form.¹⁰³

⁸ In the case of real-time surveillance in the IMS, determination of location data for the target ID from the network side shall if necessary be initiated.¹⁰⁴

⁹ If a new terminal device (multi-device) or a new SIM (extra SIM) is added to a service when real-time surveillance or periodic position determination is already active, this device or SIM must also be monitored. No additional fee is payable for this and no additional compensation is paid. If necessary, the provider may request an additional administrative identification number for the surveillance.¹⁰⁵

¹ At the request of a TSP, the PTSS shall declare it to be a TSP with reduced surveillance duties (Art. 26 para. 6 SPTA) if it:

a.

only offers its telecommunications services in the field of education and research; or

b.

meets neither of the following criteria:

1.

surveillance assignments for 10 different surveillance targets in the past 12 months (effective date: 30 June),

2.

annual turnover in Switzerland from telecommunications services and derived communications services of CHF 100 million in two successive financial years.

² Article 22 paragraph 2 applies to the calculation of the values specified in paragraph 1 letter b.

³ TSPs with reduced surveillance duties are required to give written notice to the PTSS with supporting documents if they:

a.

no longer offer their services exclusively in the field of education and research; or

b.

achieve the value specified in paragraph 1 letter b number 2 for a second successive financial year; notice must be given within three months of the end of the financial year.

⁴ The PTSS may rely on data obtained in implementing the legislation relating to the surveillance of post and telecommunications or by other authorities in implementing federal law.

⁵ A provider that is declared to have more extensive duties to provide information must ensure that it can store the data required for providing information and provide the information within 2 months and 12 months of the declaration respectively.

¹ The PTSS shall in a ruling declare a PDCSs to have more extensive surveillance duties (Art. 27 para. 3 SPTA) if it has met one of the following criteria:

a.

surveillance assignments for 10 different surveillance targets in the past 12 months (effective date: 30 June);

b.

annual turnover in Switzerland of CHF 100 million in two successive financial years, provided a large part of its business operations is providing derived communication services, and 5000 subscribers use the provider's services.

² Article 22 paragraphs 2-5 apply mutatis mutandis.

¹ The persons or entities required to cooperate that must allow the PTSS or the third parties that it instructs access to its installations and shall allow the PTSS or the third parties access to buildings, devices, lines, systems, networks and services to the extent that this is required for surveillance or for making test connections.

² They shall make existing means of network access to public telecommunications networks available free of charge. By agreement with the PTSS or the third parties that it instructs, they shall provide new means of network access at the expense of the PTSS to the extent that this is required for surveillance.

¹ Surveillance Type RT_22_NA_IRI comprises the real-time surveillance of a network access service in the mobile communications sector.

² The following secondary telecommunications data of telecommunications traffic sent or received via the network access service under surveillance must be transmitted in real time:

a.

when access to the network is established or disconnected: the date, the time, the type of event and the technology and, if applicable, the reason for disconnection;

b.

the type of current access to the network;

c.

the AAA information used by the network access service under surveillance, in particular the subscriber identifiers and the associated IMSI or SUPI;

d.

the IP addresses assigned to the network access service and the associated terminal devices under surveillance and the date and time of each assignment;

e.

the available addressing resources and identifiers of the network access service under surveillance, in particular the associated MSISDN or GPSI and the associated IMSI or SUPI;

f.

the unique device identifiers in accordance with international standards for the currently associated terminal devices of the network access service under surveillance (e.g. IMEI, PEI, MAC address);

g.

the type, date and time of the start and if applicable the end of events that modify the technical properties of the network access service under surveillance or its mobility management, and, if known, their causes;

h.

the current location data for the target, the cells used or the non-3GPP access used, determined by the network if possible and indicated accordingly, whereby the location information relating to the target from NAS signalling messages shall also be transmitted and, in the case of EPS and 5GS, the location information shall be supplemented with the respective associated time stamp or the age of the location data, if available;

i.

if possible, information on the previous and current network providing the service;

j.

information about any change in the assigned service and device identifiers, location-related events and if applicable their reason, about any change in the network element providing the service and identification and authentication events involving the target;

k.

in the case of 5G-technology: additional information about assigning a new temporary identifier for the target.

³ The location data comprise the associated timestamps and, if available, the type of network access point technology used and:

a.

the identifiers (e.g. cell or geographical area identifier) and the geographical coordinates of the cells and if applicable the directions of emission of the cells and in the case of a combined cell, additional location data in accordance with the applicable FDJP regulations;

b.

the position of the target determined by the network, for example in the form of geographical coordinates and the related uncertainty value, or in the form of polygons with details of the geographical coordinates of each polygon point;

c.

other data on the location of the target or of the cells in accordance with international standards;

d.

in the case of a non-3GPP access:

1.

the identifiers or another suitable designation (e.g. hotspot name) for the non-3GPP access, the public source IP address for the secured connection of the target to the gateway and, in the case of NAT, the source port number and the protocol, or

2.

the identifier for the network access point and, if available, its postal address.

Surveillance Type RT_23_NA_CC_IRI involves the real-time surveillance of a network access service. The content of the telecommunication sent or received via the network access service under surveillance, and the related secondary telecommunications data in accordance with Article 54 paragraphs 2 and 3 must be transmitted in real time.

¹ Surveillance Type RT_24_TEL_IRI comprises the real-time monitoring of a telephony and multimedia service and, if applicable, the real-time monitoring of converging services, in particular SMS, voice mail and RCS.

² The following secondary telecommunications data of the telecommunication that is sent, processed or received via the services under surveillance must be transmitted in real time:

a.

the date and the time of logging-in and logging-out processes and their result;

b.

the AAA information used by the services under surveillance and the information on registration and subscription events and the corresponding responses, in particular the subscriber identifier (e.g. SIP URI, IMPI) and the IMSI in the case of mobile services or the SUPI and if applicable, the customer's and server's IP addresses and port numbers as well as details of the protocol used;

c.

the signalling information, in particular on the serving system, on subscriber status and on service quality;

d.

if applicable, the presence information;

e.

in the case of communications, communication attempts and technical modifications (e.g. inclusion of additional services, inclusion of converging services or change to converging services, changes in network access technology, location updates), if applicable:

1.

their type, the date and the time of their start and if applicable their end,

2.

the addressing resources (e.g. MSISDN, GPSI, E.164-number, SIP URI, IMPU) of all subscribers in communication and their role,

3.

the actual known destination address and the available intermediate addresses where the communication or the communication attempt is diverted or forwarded,

4.

the unique device identifiers in accordance with international standards for the terminal devices of the services under surveillance (e.g. IMEI, PEI, MAC address),

5.

the other available identifiers,

6.

the reasons for the termination of communication or its non-materialisation or for the technical modification,

7.

the signalling information on additional services (e.g. conference calls, call forwarding, DTMF),

8.

the status of the communication or of the communication attempt,

9.

in the case of mobile services: in addition the current location data in accordance with Article 54 paragraphs 2 letter h and 3 determined by the network if possible and indicated accordingly;

f.

in the case of mobile services: additional information about the previous and current network providing the service, any change in the assigned service and device identifiers, location-related events and if applicable their reason, any change in the network element providing the service, and identification and authentication events involving the target.

¹ Surveillance Type RT_54_POS_ONCE comprises in each case the immediate non-recurrent position determination by the network of all mobile terminal devices associated with the target ID.

² Position determination shall be carried out by the network using an immediate positioning function in accordance with the FDJP regulations.

³ The following data shall be transmitted immediately:

a.

the MSISDN or GPSI, IMEI or PEI and IMSI or SUPI observed, at least one of these data, and any of the others if available;

b.

network identifier for the location service client and the timestamp of the position determined;

c.

in the case of successful position determination: the timestamp of the position and the following position data:

1.

if available, the positioning method,

2.

if available, data on the accuracy of the position,

3.

the position in the form of:

-

geographical coordinates and if applicable the associated uncertainty values

-

polygons, with details of the geographical coordinates of each polygon point or

-

other data in accordance with international standards, and

4.

if available, the altitude data for the position, the service quality, the movement status and the speed and direction of movement of the terminal device;

d.

in the case of unsuccessful position determination: the reason for failure (error code) and the location data specified in Article 63 for the most recent detectable activity, at no additional cost.

¹ Surveillance Type RT_55_POS_PERIOD comprises in each case the recurrent position determination by the network of all mobile terminal devices associated with the target ID.

² Position determination shall be carried out by the network using a regular positioning function in accordance with the FDJP regulations.

³ The following data shall be transmitted immediately:

a.

the MSISDN or GPSI, IMEI or PEI and IMSI or SUPI observed, at least one of these data, and any of the others if available;

b.

network identifier for the location service client and the timestamp of the position determined;

c.

in the case of successful position determination, the timestamp of the position and the following position data:

1.

the positioning method,

2.

data on the accuracy of the position,

3.

the position in the form of:

-

geographical coordinates and if applicable the associated uncertainty values

-

polygons, with details of the geographical coordinates of each polygon point or

-

other information in accordance with international standards, and

4.

if available, the altitude data for the position, the service quality, the movement status and the speed and direction of movement of the terminal device;

d.

in the case of unsuccessful position determination: the reason for failure (error code).

Surveillance Type RT_25_TEL_CC_IRI comprises the real-time surveillance of a telephony and multimedia service and, if applicable, converging services, in particular SMS, voice mail and RCS. The content of the telecommunications traffic sent, processed or received via the services under surveillance, as well as the related secondary telecommunications data in accordance with Article 56 must be transmitted in real time.

Surveillance Type RT_26_EMAIL_IRI comprises the real-time surveillance of an email service. The following secondary telecommunications data on the telecommunications traffic sent, processed or received via the service under surveillance must be transmitted in real time:

a.

the date and the time of logging-in and logging-out processes and their status;

b.

the AAA information used by the service under surveillance, in particular the subscriber identifier and, if applicable, the alias address;

c.

the customer's and server's IP addresses and port numbers as well as details of the protocol used;

d.

the date, time, volume of data, email addresses of the sender and the recipient of the message and the IP addresses and port numbers of the sending and receiving email servers for the following events:

1.

sending or forwarding of a message,

2.

receipt of a message,

3.

processing of a message in the mailbox,

4.

downloading of a message from the mailbox,

5.

uploading of a message to the mailbox.

Surveillance Type RT_27_EMAIL_CC_IRI comprises the real-time surveillance of an email -service. The content of the telecommunications traffic sent, processed or received via the service under surveillance, as well as the related secondary telecommunications data in accordance with Article 58 must be transmitted in real time.

Surveillance Type HD_28_NA comprises the retroactive surveillance of secondary telecommunications data of a network access service. The following secondary telecommunications data of the telecommunication that has been sent or has been received via the network access service under surveillance must be transmitted:

a.

the date and the time of the start and if applicable the end or the duration or the session;

b.

the type and status of the network access;

c.

the identifier that was used for authenticating the user at the access point under surveillance, for example the user name;

d.

the IP address assigned to the target and their type or in the case of non-3GPP access the public source IP address for the secured connection of the target to the gateway and the associated source port number;

e.

the unique device identifier of the terminal device used by the target in accordance with international standards (e.g. MAC address, IMEI or PEI in the case of mobile services);

f.

the volumes of data that were uploaded and downloaded during the session;

g.

in the case of mobile services: the GPRS, EPS or 5GS information (in particular IMSI, SUPI, MSISDN. GPSI) and the location data at the beginning, end of and during the session in accordance with the applicable FDJP regulations;

h.

in the case of access to the network via a professionally operated public WLAN hotspot: the identifiers (e.g. BSSID) or other suitable designations (e.g. hotspot name), the location data (geographical coordinates or postal address) and, if available, the type of authentication, an identifier that enables a request for the identification data in accordance with Article 19 paragraph 2 to be made and the IP-address of the access used by the target;

i.

if available, in addition to the data in letters g and h, the location information from maritime navigation or aviation;

j.

in the case of fixed network access: the addressing resources of the access and. if available, the postal address.

Surveillance Type HD_29_TEL comprises the retroactive surveillance of secondary telecommunications data of a telephony and multimedia service and, if applicable, converging services, in particular SMS, voice mail and RCS. The following secondary telecommunications data of the past telecommunications traffic in communications and communication attempts using the services under surveillance must be transmitted:¹¹²

a.

their type, the date and time of the start and, if applicable, the end or their duration;

b.¹¹³

the addressing resources (e.g. MSISDN, GPSI, E.164 number, SIP URI, IMPU) of all persons communicating with each other and their roles;

c.

the reason for the end of the communication or the communication attempt;

d.¹¹⁴

in the case of mobile services: IMEI or PEI of the terminal device used by the target and the IMSI or SUPI of the target;

e.

if applicable, the type of carrier service;

f.

in the case of SMS and MMS: the information on the event, the type (only in the case of SMS) and the status;

g.¹¹⁵

in the case of mobile services: the location data determined by the network if possible and indicated accordingly for the cell or the non-3GPP access used by the target at the beginning and at the end of the communication or the communication attempt and, if available, during the communication, in accordance with the applicable FDJP regulations;

1.

the cell and geographical area identifiers, the geographical coordinates and if applicable the main directions of emission and the postal address, or

2.

the positions of the target determined by the network (e.g. in the form of geographical coordinates and the related uncertainty value or in the form of polygons with details of the geographical coordinates of each polygon point) as well as the related postal addresses, or

3.

other details in accordance with international standards of the target's locations or the cells that he or she used, as well as the related postal addresses;

g^bis.¹¹⁶ if available, in addition to the data in letter g, the location information from maritime navigation or aviation;

h.

in the case of multimedia services:

1.

the customer's IP address and its type and the port number,

2.

the communication correlation identifier,

3.

the types of multimedia content,

4.

information on the multimedia components (time, name, description, initiator, access-correlation identifier), and

5.

if applicable, information on the IMS services (type of IMS service used, role of the network element from which the secondary telecommunications data come);

i.¹¹⁷

in the case of multimedia services: information on the target's network access:

1.

the access type,

2.

the access class,

3.

an indication of whether the information on access to the network comes from the network, and

4.

the location data relating to the network access at the beginning and the end of the multimedia session, and, if available, during the multimedia session in accordance with the applicable FDJP regulations;

j.¹¹⁸

if applicable, the name of networks directly adjacent to the communication or the attempt at communication.

Surveillance Type HD_30_EMAIL comprises the retroactive surveillance of secondary telecommunications data of an email service. The following secondary telecommunications data of the past telecommunication sent, processed or received via the service under surveillance must be transmitted:

a.

the date, the time, the type of event, the subscriber identifiers, if applicable the alias address, the sender and recipient addresses, the protocol used, the IP addresses and port numbers of the server and the client, and, if applicable, the delivery status of the message in the case of the following events: sending, receipt, mailbox log-in, mailbox log-out and in the case of the following events, if available: downloading, uploading, deletion, processing, addition of a message;

b.

the IP addresses and names of the sending and receiving email servers.

¹ Surveillance Type HD_31_PAGING comprises the determination of the location of the most recent activity detectable by the mobile telephony provider (network access services, telephony and multimedia services) for all mobile terminal devices associated with the target ID of the person under surveillance.

² The following data shall be transmitted:

a.

the MSISDN or the GPSI;

b.

the IMSI or the SUPI;

c.

if available, the IMEI or der PEI;

d.

the type of network access point technology;

e.

if applicable, the frequency band;

f.

the unique identifier for the mobile network;

g.

the date and time of the most recent detectable activity for network access services and telephony and multimedia services; and

h.

the location data in accordance with the applicable FDJP regulations.

¹ Surveillance Type AS_32_PREP_COV comprises the network analysis in preparation for an antenna search in accordance with Article 66. It is carried out by the TSPs and serves to identify the mobile radio cells or public WLAN hotspots that most probably cover the location described by the ordering authority in the form of geographical coordinates or by means of postal address, if applicable taking account of additional information (e.g. time of day, weather, day of the week, location within or outside of a building).

² TSPs shall supply the PTSS with a list of cell or geographical area identifiers of the mobile radio cells identified and the identifiers (e.g. BSSID) or other suitable designations (e.g. hotspot name) of the professionally operated public WLAN hotspots identified.¹²¹

¹ Surveillance Type AS_33_PREP_REF comprises the identification of mobile radio cells or public WLAN hotspots on the basis of reference communications and instances of reference network access in preparation for an antenna search in accordance with Article 66.

² The ordering authority shall itself arrange for reference communications to be made and the reference network to be accessed at the relevant location and shall send the PTSS a list with the following related data:¹²²

a.

the type of communication or of access to the network;

b.

the date and the time of the communication or access to the network;

c.

the addressing resource of the telephony and multimedia service used or of the network access service;

d.

if applicable, the name of the mobile network used.

³ The PTSS shall instruct the TSPs, on the basis of the secondary telecommunications data relating to previous telecommunications traffic, to identify the mobile radio cells or public WLAN hotspots used in each case at the beginning and at the end of the reference communications and instances of reference network access in accordance with paragraph 2 and to provide it with the list in accordance with paragraph 2, completed with the corresponding cell or geographical area identifiers of the mobile cells and the associated identifiers (e.g. BSSID) or other suitable designations (e.g. hotspot name) of the WLAN hotspots.¹²³

¹ Surveillance Type AS_34 comprises the retroactive surveillance of all communications, communication attempts and instances of network access that have taken place via a specific mobile radio cell or a specific public WLAN hotspot over a period of up to two hours.¹²⁴

² The TSP shall supply the secondary telecommunications data resulting from paragraph 1 relating to previous telecommunications traffic in accordance with Article 60 and 61.

The following types of surveillance may be ordered for a missing person search in accordance with Article 35 SPTA:

a.

Type EP_35_PAGING: determining the location of the most recent activity detectable by the mobile telephony provider of all mobile terminal devices associated with the target ID of the missing person or a third party; this type corresponds to Type HD_31_PAGING in accordance with Article 63;

b.

Type EP_56_POS_ONCE: the immediate non-recurrent position determination by the network of all mobile terminal devices associated with the target ID of the missing person or a third party; this type corresponds to Type RT_54_POS_ONCE in accordance with Article 56a;

c.

Type EP_57_POS_PERIOD: the recurrent position determination by the network of all mobile terminal devices associated with the target ID of the missing person or a third party; this type corresponds to Type RT_55_POS_PERIOD in accordance with Article 56b;

d.

Type EP_36_RT_CC_IRI: real-time surveillance of content and secondary telecommunications data; this type corresponds to the combination of types of surveillance in accordance with Article 55 (network access services) and in accordance with Article 57 (telephony and multimedia services);

e.

Type EP_37_RT_IRI: real-time surveillance of secondary telecommunications data; this type corresponds to the combination of types of surveillance in accordance with Article 54 (network access services) and in accordance with Article 56 (telephony and multimedia services);

f.

Type EP_38_HD: retroactive surveillance of secondary telecommunications data); this type corresponds to the combination of types of surveillance in accordance with Article 60 (network access services) and in accordance with Article 61 (telephony and multimedia services).

¹ The following types of surveillance may be ordered for a search for convicted persons in accordance with Article 36 SPTA; "wanted person search" must be indicated in the surveillance order as the reason for surveillance (Art. 49 para. 1 let. e):

a.

the location determination in the case of the most recent activity detectable by the mobile service provider of all mobile terminal devices associated with the target ID of the convicted person or a third party in accordance with Article 63;

b.

the immediate non-recurrent position determination by the network of all mobile terminal devices associated with the target ID of the convicted person or a third party in accordance with Article 56a;

c.

the recurrent position determination by the network of all mobile terminal devices associated with the target ID of the convicted person or a third party in accordance with Article 56b;

d.

any of the types of real-time surveillance of the content and secondary telecommunications data of network access services or applications in accordance with Articles 55, 57 or 59;

e.

any of the types of real-time surveillance of secondary telecommunications data of network access services or applications in accordance with Articles 54, 56 or 58;

f.

any of the types of retroactive surveillance in accordance with Articles 60-62;

g.

an antenna search in accordance with Article 66 and the corresponding preparations in accordance with Articles 64 and 65.

² In the case of the surveillance type in paragraph 1 letter f, the start and end of the surveillance are governed by Article 4a.

¹ Surveillance Type ML_50_RT may be ordered for the mobile phone localisation of suspected terrorists in accordance with Article 23q paragraph 3 of the Federal Act of 21 March 1997¹²⁹ on Measures to Safeguard Internal Security.

² It comprises the combination of real-time surveillance of the secondary telecommunications data required for mobile phone localisation in the case of mobile network access services, mobile telephony and multimedia services and, if applicable, convergent mobile services, in particular SMS, Voice Mail and RCS.

³ In the case of mobile network access services, the secondary telecommunications data from telecommunications traffic in accordance with Article 54 paragraph 2 letters a-c, g and h and paragraph 3 must be transmitted.

⁴ In the case of mobile telephony and multimedia services and convergent mobile services, the secondary telecommunications data from telecommunications traffic in accordance with Article 56 paragraph 1 letters a, b, d and e numbers 1 and 9 and paragraph 2 must be transmitted.

Surveillance in accordance with Articles 56-59, 61 and 62 also includes telecommunication carried out via the services under surveillance that can be assigned to the target ID even if the identifier under surveillance is not administered by the provider given the assignment.