Can Switzerland Become a Safe Haven For the World's Data?

An anonymous reader shares an interesting article on Daily Dot which lists a number of reasons why Switzerland should be deemed as the nation for storing all of your data. The article reads: As United States and European Union regulators debate a sweeping new data-privacy agreement, Switzerland is presenting itself as a viable neutral location for storing the world's data thanks to strict privacy laws and ideal infrastructure. The Swiss constitution guarantees data privacy under Article 13. The country's laws protecting privacy are similar to those enacted by the E.U. Swiss data protections are also, in some cases, much stricter than those of the E.U., according to Nicola Benz, attorney at Swiss law firm Froriep. And since Switzerland is not part of the E.U., data stored there remains outside the reach of the union's authorities. [...] The country's tight privacy laws could make the small nation more attractive to privacy-focused start-ups. And it already has that momentum. After the former NSA contractor Edward Snowden 2013 revelations about the National Security Agency's secret surveillance activities, Switzerland witnessed something of a boom in its data-center business. Phil Zimmermann, creator of the popular PGP encryption protocol and founder of Silent Circle, even left the U.S. for Switzerland last year, citing the overreach of American authorities. Andy Yen, CEO of Swiss-based encrypted email service Protonmail, said that the country has robust processes in how it carries out data requests from authorities. Data requests have to go through a court like in most countries, said Yen, but "the person that's having their data requested needs to be notified eventually about the request happening and there's an opportunity to fight it in an open court. This is quite different than the U.S., where things can go through a so-called FISA court."

Like the Jewish assets during WW2?

[guruevi]

The Swiss didn't seem to have any issue turning over Jewish gold and bank accounts during their Nazi alliance. How sure can we be a "friendly state" doesn't secretly get the data anyway? The Swiss bankers didn't get rich by simply holding assets, they go with whatever the highest bidder wants.

Good encryption is the only way to keep your data safe, in Switzerland or elsewhere.

Re: Like the Jewish assets during WW2?

There was no nazi alliance. Hitler hated Switzerland and took it as a personal offense that they wouldn't join the German-speaking alliance with Austria. Switzerland fully expected to be attacked by the Germany and developed a defense plan where the military and some of the population would retreat to the mountains (the redoubt) where they would provide arms to the rebels in the cities while also attacking in raids.

Both times the Germans realized it would be pointless to invade - even if they took the cities on the plains they would never take the mountains, and the Swiss population, highly armed, would constantly be attacking them.

And for the Swiss banks, they provided a much-needed service to the Jews in Germany to move their money out of Germany. If you're American you may think about the same, living in a corrupt country like you do. Unfortunately the Nazis killed most of the Swiss customers and they're still dealing with repatriating the money. Of course they can't just give it to anyone that claims it.

Re:Yes, that's why the Nazi's hid their wealth the

[judoguy]

I'm sure your data will be really safe there. Not.

The Swiss dropped their pants a while back for the U.S. I.R.S. I'm pretty sure the NSA can use that precedent.

Store data on the cloud like RAID

[Solandri]

So for example if you have data servers in 8 countries, you encrypt and break your data up into 5 chunks. Create 3 additional parity chunks, and store one chunk in each country. To access the original data, you need to pull data from 5 of the 8 servers (the 3 parity chunks allow you to access your data even if access to your servers in up to 3 of those countries goes down).

Any individual country's government can hack, install backdoors on, or confiscate your servers in that country, and it won't help them read your data. In order to get a readable copy of your data, they need to pull the data from at least 5 of your servers in different countries, and have your decryption key. There's no need to pick a single country and hope that it is/remains neutral and friendly to your data.

ProtonMail

[GbrDead]

Actually, ProtonMail sucks a lot. It's "security" is based on two passwords: one for login, one for decrypting the mailbox.
1. Both of the passwords were sent to their server upon registration. I have no guarantees that they were not stored in clear text.
2. I have no guarantees that the mailbox is even encrypted.
3. Even if the mailbox is encrypted and they haven't stored its password, a totalitarian government may force them to install a man-in-the-middle and have my messages the moment I access them (i.e. send the password).
4. No PKI. No interoperability with PGP/MIME or S/MIME. Totally proprietary. If I send an e-mail message to a non-ProtonMail address I must somehow communicate a password for it as well. How? Not ProtonMail's problem.

In short, ProtonMail provides something that is not an end-to-end e-mail encryption and thus not useful at all. You can do much better by using even GMail (via SMTP and IMAP/POP3) with ThunderBird and Enigmail (a PGP/MIME extension). Google will only ever see the encrypted messages. Only using a desktop client guarantees that your private key will never be sent to a man-in-the-middle (e.g. GMail, ProtonMail).