Can Switzerland Become a Safe Haven For the World's Data?

An anonymous reader shares an interesting article on Daily Dot which lists a number of reasons why Switzerland should be deemed as the nation for storing all of your data. The article reads: As United States and European Union regulators debate a sweeping new data-privacy agreement, Switzerland is presenting itself as a viable neutral location for storing the world's data thanks to strict privacy laws and ideal infrastructure. The Swiss constitution guarantees data privacy under Article 13. The country's laws protecting privacy are similar to those enacted by the E.U. Swiss data protections are also, in some cases, much stricter than those of the E.U., according to Nicola Benz, attorney at Swiss law firm Froriep. And since Switzerland is not part of the E.U., data stored there remains outside the reach of the union's authorities. [...] The country's tight privacy laws could make the small nation more attractive to privacy-focused start-ups. And it already has that momentum. After the former NSA contractor Edward Snowden 2013 revelations about the National Security Agency's secret surveillance activities, Switzerland witnessed something of a boom in its data-center business. Phil Zimmermann, creator of the popular PGP encryption protocol and founder of Silent Circle, even left the U.S. for Switzerland last year, citing the overreach of American authorities. Andy Yen, CEO of Swiss-based encrypted email service Protonmail, said that the country has robust processes in how it carries out data requests from authorities. Data requests have to go through a court like in most countries, said Yen, but "the person that's having their data requested needs to be notified eventually about the request happening and there's an opportunity to fight it in an open court. This is quite different than the U.S., where things can go through a so-called FISA court."

Yes, that's why the Nazi's hid their wealth there

[jfdavis668]

Everyone has been hiding money and information there for years. Everyone from the Nazi's to the Russians to FIFA.

Like the Jewish assets during WW2?

[guruevi]

The Swiss didn't seem to have any issue turning over Jewish gold and bank accounts during their Nazi alliance. How sure can we be a "friendly state" doesn't secretly get the data anyway? The Swiss bankers didn't get rich by simply holding assets, they go with whatever the highest bidder wants.

Good encryption is the only way to keep your data safe, in Switzerland or elsewhere.

Re: Like the Jewish assets during WW2?

There was no nazi alliance. Hitler hated Switzerland and took it as a personal offense that they wouldn't join the German-speaking alliance with Austria. Switzerland fully expected to be attacked by the Germany and developed a defense plan where the military and some of the population would retreat to the mountains (the redoubt) where they would provide arms to the rebels in the cities while also attacking in raids.

Both times the Germans realized it would be pointless to invade - even if they took the cities on the plains they would never take the mountains, and the Swiss population, highly armed, would constantly be attacking them.

And for the Swiss banks, they provided a much-needed service to the Jews in Germany to move their money out of Germany. If you're American you may think about the same, living in a corrupt country like you do. Unfortunately the Nazis killed most of the Swiss customers and they're still dealing with repatriating the money. Of course they can't just give it to anyone that claims it.

Re: Like the Jewish assets during WW2?

[guruevi]

Please look up recent investigations in portions of that history. The Swiss banks (not talking about the populace) were not quite the saints they portray themselves to be (http://www.pbs.org/wgbh/pages/frontline/shows/nazis/readings/sinister.html)

Re:Like the Jewish assets during WW2?

[athmanb]

Swiss misbehaviour regarding Jews during WW2 consisted of:
- Accepting confiscated jewish assets (art, jewelry) in payment for goods even when the government had been informed that "legal" proceedings leading to those forfeitures didn't even have a semblance of fairness.
- Liquidating jewish bank accounts whose owners did not contact the bank anymore after the war without taking even very reasonable measures of trying to reach any heirs.

There are some common other urban legends going around like the Swiss handing over assets to the Nazis, Jews being transported through Switzerland, Switzerland accepting gold tooth fillings etc that are all fantasy.

Re:Yes, that's why the Nazi's hid their wealth the

[judoguy]

I'm sure your data will be really safe there. Not.

The Swiss dropped their pants a while back for the U.S. I.R.S. I'm pretty sure the NSA can use that precedent.

Re:but of course.

You do realize Sweden and Switzerland are two different countries.

Re:Yes, that's why the Nazi's hid their wealth the

[rubycodez]

"Under the new treaty, U.S. authorities will be able to ask the Swiss to disclose names of U.S. taxpayers at a bank who exhibit certain "behavioral patterns" indicating tax evasion under U.S. law, such as trying to conceal the ownership of the account through a trust. The U.S. also will be able to request information even from small cantonal banks that, unlike UBS and Credit Suisse Group, don't do business in the U.S." WSJ 05 March 2012

Re:but of course.

[PopeRatzo]

You do realize Sweden and Switzerland are two different countries.

Seriously? Are you sure? That's the place where they wear wooden shoes, right?

Store data on the cloud like RAID

[Solandri]

So for example if you have data servers in 8 countries, you encrypt and break your data up into 5 chunks. Create 3 additional parity chunks, and store one chunk in each country. To access the original data, you need to pull data from 5 of the 8 servers (the 3 parity chunks allow you to access your data even if access to your servers in up to 3 of those countries goes down).

Any individual country's government can hack, install backdoors on, or confiscate your servers in that country, and it won't help them read your data. In order to get a readable copy of your data, they need to pull the data from at least 5 of your servers in different countries, and have your decryption key. There's no need to pick a single country and hope that it is/remains neutral and friendly to your data.

ProtonMail

[GbrDead]

Actually, ProtonMail sucks a lot. It's "security" is based on two passwords: one for login, one for decrypting the mailbox.
1. Both of the passwords were sent to their server upon registration. I have no guarantees that they were not stored in clear text.
2. I have no guarantees that the mailbox is even encrypted.
3. Even if the mailbox is encrypted and they haven't stored its password, a totalitarian government may force them to install a man-in-the-middle and have my messages the moment I access them (i.e. send the password).
4. No PKI. No interoperability with PGP/MIME or S/MIME. Totally proprietary. If I send an e-mail message to a non-ProtonMail address I must somehow communicate a password for it as well. How? Not ProtonMail's problem.

In short, ProtonMail provides something that is not an end-to-end e-mail encryption and thus not useful at all. You can do much better by using even GMail (via SMTP and IMAP/POP3) with ThunderBird and Enigmail (a PGP/MIME extension). Google will only ever see the encrypted messages. Only using a desktop client guarantees that your private key will never be sent to a man-in-the-middle (e.g. GMail, ProtonMail).

Re:Don't forget the Cayman Islands...

[__aaclcg7560]

If it's really affecting your mental health, please read this article:

Mitt Romney had an obligation as a presidential candidate to explain why he had an unusually large retirement account and release his tax returns. He didn't, danced around the issue and played the victim when the media ran stories.

You should also Google "SEP IRA limits" - that's the plan that small business owners use to contribute (and deduct) up to about $50K year.

Most business owners don't set up SEP IRAs in the Cayman Islands. Unless, of course, they have something to hide from the IRS or the general public.

Re:Me too

[johanw]

So you're saying they are very vulnerable to a social engineering attack?

Re:Guarantees? Banking secrecy, anyone?

[skegg]

To be fair, a lot of constitutions across a lot of countries "guarantee" their citizens many things.
The problem is that the government-of-the-day chooses to interpret the constitution however it wishes.
And it's our fault for not holding them accountable.

Iceland would be better

[seoras]

I was asked by the ex-CEO of Mega (not Dotcom) for suggestions for non-hostile data centres about a 18 month ago.
We'd met casually and he was talking about the risks of raids, neutrality etc and was soliciting ideas.
I suggested Iceland for a number of good reasons.
1) Geo-physical location. Right in the middle of the atlantic at the mid-point between Europe and N.America. Good latency to either continent.
2) Political neutrality. Iceland jails bankers and politicians. Not whistle blowers and has been a Wikileaks save haven.
3) Abundance, even surplus, of renewable energy. Cooling isn't a problem either :)