The OA-IA coordinates its activities with those of parliamentary oversight bodies as well as with those of other federal and cantonal oversight bodies.14 After the pandemic years 2020 and 2021, this interaction intensified again during the reporting year.
14 Art. 78 para. 2 IntelSA
Federal Administrative Court (FAC)
During the reporting year, representatives of the FAC and the OA-IA met twice. On 23 March 2022, they discussed the court’s rejection and authorisation of information-gathering measures, questions on cable communications intelligence, the upcoming consultation procedure on the revision of the IntelSA and the OA-IA’s audit plan for 2022.
On 26 October 2022, both parties also discussed the latest developments in case law on intelligence activities, the new audit plan for 2023 and the corresponding audit reports. They expressed their interest in the bi-annual meetings. The meetings will therefore continue at this rhythm. The head of the OA-IA proposed that the meetings be used to extensively discuss one topic of common interest at a time.
Swiss Federal Audit Office (SFAO)
The SFAO and the OA-IA met on 18 July 2022 and spoke on the phone on 16 November 2022. The OA-IA’s 2023 audit plan and other audit topics were discussed.
Post and Telecommunications Surveillance Service (PTSS)
The OA-IA worked intensively with the PTSS for Audit ‘21-16 Telecommunication services’. A meeting was held at the PTSS and the PTSS answered several of the OA-IA’s questions. In addition, OA-IA auditors also underwent training at the PTSS on 22 November 2022 to learn more about the monitoring possibilities of the FIS.
Control Delegation (CDel)
The CDel invited the OA-IA to three hearings. The following topics were discussed:
- 26 January 2022: Reports for Audit ‘21-1 Deployment of FIS employees in Swiss representations abroad’, Audit ‘21-2 Critical infrastructure protection / cyber defence’ and reports on incidents in the Cyber FIS Division.
- 29 June 2022: Audit report for ‘21-15 HUMINT’; audit reports for subsequent Audit ‘22-18 Data collection by Cyber FIS’ and Audit ‘22-16 Links between FIS and EOC and Swiss telecommunication service providers’
- 22 November 2022: OA-IA prepares draft audit plan for 2023; OA-IA provides a legal assessment of an information-gathering measure requiring approval (IGMRA); interim results of Audit ‘22-18 Data collection by Cyber FIS’.
Independent Control Authority for Radio and Cable Communications Intelligence (ICA)
As part of the planned transfer of the ICA’s tasks to the OA-IA as set out in the IntelSA, an OA-IA representative took part in the ICA’s regular inspections of the intelligence services. The aim was to become familiar with the ICA’s inspection methods and to ensure the transfer of know-how. In addition, the new Director of the OA-IA met with the president of the ICA on 25 October 2022.
Visit to the OA-IA by the head of the DDPS General Secretariat
On 15 March 2022, the head of the General Secretariat of the DDPS paid a courtesy visit to the OA-IA and took the opportunity to provide an update on recruitment of the new Director of the OA-IA.
In 2022, the OA-IA received twenty-one enquiries from citizens.
In 2022, the Director of the OA-IA met at least once with the following people to discuss various matters:
- Head of DDPS
- Head of DDPS General Secretariat
- Director and deputy director of FIS
- Head of MIS
- Head of EOC
- Former head of SFAO
- Head of DDPS Internal Revision
«The OA-IA can share oversight methods, processes and experiences with other oversight authorities working in the same field.»
The OA-IA can share oversight methods, processes and experiences with other oversight authorities working in the same field. This brings continuous benefits to audit activities. However, the OA-IA (unlike intelligence services) has no legal basis for substantive information sharing with foreign partner authorities. The following international meetings took place in 2022:
Meeting with the Danish oversight authority (Tilsynet med Efterretningstjenesterne, TET), Bern
On 9 March 2022, the OA-IA met with the Danish oversight authority at the latter’s request to exchange views on possible approaches to oversight. This included mapping of IT infrastructure, oversight communication strategies and how best to handle topics that receive considerable media attention. The OA-IA was able to learn from the Danish oversight authority about additional ways of mapping IT infrastructure. At the same time, the Danish oversight authority was inspired by the OA-IA’s website and this prompted it to produce an explanatory video in 2022 similar to the one used by the OA-IA.
Intelligence Oversight Working Group (IOWG)
The IOWG is an international working group comprised of representatives of the oversight authorities of Belgium, Denmark, the Netherlands, Norway, England, Sweden and Switzerland.
- Bern, 10–11 March 2022 (IOWG Staff Level): The OA-IA organised this first face-to-face meeting since the pandemic. Topics included the structure of the working group, future areas of focus and various methods to be used to inform the public.
- London, 5–6 October 2022 (IOWG Staff and Chair Level): At the staff-level meeting, the oversight authorities exchanged views on oversight challenges associated with the (new) technological methods and means used by intelligence services. At the staff-level meeting, participants decided that additional member countries would be able to attend meetings. They also confirmed the jointly agreed statement.
Third Workshop of ‘European Intelligence Oversight Network (EION)’, 10 June 2022, Berlin
On 10 June 2022, two OA-IA staff members attended a workshop organised by the Stiftung Neue Verantwortung in Berlin.
The workshop focused on the collection and processing of commercially available data by intelligence services. In a technical presentation, the Dutch oversight authority (Commissie von Toezicht op de Inlichtingen- en Veiligheidsdiensten, CTIVD) explained the findings from their audit on the use of automated OSINT by the Dutch intelligence services. Automated OSINT is the automated collection of data from information sources that can be accessed by anyone using specialised software or web applications (tools). These tools include software that comes with search and network analysis features and offers a user-friendly way of retrieving information from a variety of different sources.
In two discussion panels, the participants also exchanged views on the legal basis and the tasks of oversight authorities with regard to the acquisition and use of commercially available data by intelligence services. By taking part in this workshop, the OA-IA gained in-depth background knowledge, which could ultimately be included in the planned Audit ‘22-15 Open-source intelligence (OSINT)’.
European Intelligence Oversight Conference (EIOC)
On 6–7 October 2022, the British oversight authority hosted an international meeting to discuss new technological challenges – such as artificial intelligence. All oversight authorities are currently working to introduce national legal bases to enable the exchange of information. Oversight authorities from the United Kingdom, Austria, Belgium, Bulgaria, Denmark, Finland, France, Germany, Greece, Italy, Luxembourg, Norway, the Netherlands, Portugal and Switzerland attended this meeting.
International Intelligence Oversight Forum (IIOF), 14-15 October 2022, Strasbourg
The fifth IIOF meeting took place in Strasbourg on 14 and 15 November 2022. In addition to OA-IA staff, participants at the event included members of intelligence oversight authorities, intelligence services and data protection authorities. Among the various topics, participants discussed implementation of Convention 108+, which sets minimum legal standards on the contracting parties with regard to data processing and protection of the rights of the persons concerned. Intelligence oversight is also affected by this. This is because the rules of Convention 108+ include exceptions when it comes to intelligence. The less stringent requirements placed on intelligence services must be balanced by stronger oversight. Other topics related to the current security situation and the development of intelligence techniques and technologies.
With the digital transformation of society, the challenges created by cyberspace and the emergence of new tools to search for and process information, such interactions with other oversight authorities is invaluable for the OA-IA. In particular, such meetings make it possible to establish contacts, to examine oversight practices, to find out about the experiences of other oversight authorities, and to share and develop best practices in the area of oversight.
Meeting with Canadian oversight authority (National Security and Intelligence Review Agency, NSIRA), 17 November 2022, Bern
On 17 November 2022, the OA-IA welcomed a delegation from the Canadian National Security and Intelligence Review Agency (NSIRA). This meeting in Switzerland took place at NSIRA’s initiative after NSIRA representatives had attended the IIOF in Strasbourg on 14 and 15 November.
The discussions focused in particular on the structure, legal framework and procedures of the Swiss and Canadian oversight authorities. After touching on theoretical aspects, the participants exchanged views on the respective best practices in intelligence oversight. The OA-IA staff also shared their experiences with public relations, and the NSIRA representatives were positively impressed. All of the participants concluded that the meeting had been productive.