This is a law enforcement officer’s nightmare. Confidential, highly sensitive information is leaked about himself, the victims of crime or the people he is investigating. In the worst case – if the nightmare ends badly – it falls into the hands of suspicious characters who try to blackmail him with this information.
For Zurich prosecutors and police officers, the nightmare has become reality. And their own authorities are responsible for the data meltdown: the Zurich Ministry of Justice.
Psychiatric reports and home addresses
For years, management has released old servers and computers belonging to its employees, some of which contain unencrypted data on their hard drives, for disposal. These include directories containing cell phone numbers of cantonal police officers, employees’ private addresses, building plans, and even psychiatric reports from defendants. This emerges from the documentation Blick has. This data reached Roland Gisler, 58, a man from the Zurich neighborhood with multiple criminal records. Owner of Bar Neugasshof, which has been the focus of police attention for decades.
Zurich authorities have been aware of the self-inflicted data scandal for two years. They have kept it secret from the public until now. As the Blick research shows, an administrative investigation was launched in 2020 and has since been completed. The Department of Justice has not provided any information on its implementation or outcome – and the authority refuses to publish the final report, despite the Disclosure Act. To Blick’s knowledge, even the Cantonal Council Supervision Committee (GPK) has yet to receive it.
Fehr downplayed scandal
Responsible government councilor Jacqueline Fehr (59, SP) downplays the issue to the Zurich cantonal council’s GPK.
Alarm bells sounded in the commission after environmental lawyer and SVP cantonal councilor Valentin Landmann (72) asked a question with other SVP members about the scandal in the cantonal parliament on Monday. Landmann knows about it because he’s involved in the case himself. Gisler’s lawyer.
Through his brother André Gisler (57), Gisler obtained the Department of Justice hard drives and USB sticks. He worked for management from 2000 to 2014. During this period, the Head of the Ministry of Justice was his SP party colleague Markus Notter (62) and later Green Party Member of Parliament Martin Graf (68). According to one IT executive, hard drives were “always properly disposed of or destroyed,” as he claimed in an internal memo.
Hard drives stored in wooden box in the garden
The statements of André Gisler and a former employee raise strong suspicions.
The deal, as explained in André Gisler’s prosecution inquiry: He received deactivated computers, printers, servers and other devices from the Ministry of Justice and was allowed to resell them in exchange after deleting the data on them. As he said, there was no employment contract, let alone having to confirm in writing that the data was properly deleted. There is talk of thousands of computers falling into the hands of the man.
Some of the hard drives and sticks went to his brother Roland Gisler. They were hidden behind his house in a large wooden box. He says that when he looked at the hard drives, he found dozens of unencrypted documents. It is claimed that among these are the interrogations and reports written by the famous forensic psychiatrist Frank Urbaniok (60). When asked, he said he was never informed if that was true.
The leak only surfaced two years ago
The Zurich judiciary only learned where their data ended two years ago. As evidenced by the interrogation minutes, André Gisler’s former employee is said to have contacted authorities in 2013, in particular the Federal Data Protection and Information Commissioner’s (EDÖB) office. He is said to have sent himself several unencrypted military justice documents. But nothing happened to him after that. He said he never got a response to his email.
But in early November 2020, when a woman suddenly arrived at a prosecutor’s private address (see box), the judiciary launched an investigation. Less than a week later, Roland Gisler was arrested. He was detained for eight months. Criminal proceedings are continuing against him for violence and threats against and against the authorities, as confirmed by the Zurich Public Prosecutor.
The Zurich Ministry of Justice downplays the explosive extent of the data leak, according to its own authority – citing how long ago it all happened. But the truth is, he only learned about it two years ago. How does it emerge from an e-mail sent by prosecutor Beat D.* from the highway traffic department to Beat Oppliger, the senior prosecutor at the time.
Accordingly, on 8 November 2020, shortly before 20:00, the doorbell rang at D.’s door. A woman with three children was standing in front of the door. She wanted her son, who was currently in criminal proceedings against him, to say nice things to his employer.
“Then there is a bigger problem”
D. was confused. “My phone number and license plate are blocked. So it shouldn’t be possible to find out my home address this way,” he wrote to the attorney general.
The researcher learned that the woman got the address from Roland Gisler. D. spoke to him and panicked. “If the story about how Roland Gisler got my address is true, there’s a bigger problem.”
In subsequent questioning of witnesses, D. says he was “totally shocked”. It was clear that someone had not gained unauthorized access to his computer. The home address is not registered anywhere. “I realized that everything had to have a larger dimension.” A hunch that will soon be confirmed.
* Name known to editors
The Zurich Ministry of Justice downplays the explosiveness of the data leak in its jurisdiction, citing how long ago it all happened. But the truth is, he only learned about it two years ago. How does it emerge from an e-mail sent by prosecutor Beat D.* from the highway traffic department to Beat Oppliger, the senior prosecutor at the time.
Accordingly, on 8 November 2020, shortly before 20:00, the doorbell rang at D.’s door. A woman with three children was standing in front of the door. She wanted her son, who was currently in criminal proceedings against him, to say nice things to his employer.
“Then there is a bigger problem”
D. was confused. “My phone number and license plate are blocked. So it shouldn’t be possible to find out my home address this way,” he wrote to the attorney general.
The researcher learned that the woman got the address from Roland Gisler. D. spoke to him and panicked. “If the story about how Roland Gisler got my address is true, there’s a bigger problem.”
In subsequent questioning of witnesses, D. says he was “totally shocked”. It was clear that someone had not gained unauthorized access to his computer. The home address is not registered anywhere. “I realized that everything had to have a larger dimension.” A hunch that will soon be confirmed.
* Name known to editors
Gisler is accused, among other things, of trying to blackmail and influence the Zurich judiciary with the data. Milieu-Beizer was recently sentenced to several years in prison for, among other things, drug trafficking and possession of illegal weapons. He took the decision to the Federal Supreme Court as he saw it as revenge for the Zurich authorities for the data scandal.
blackmail attempt risk
The relationship shows the risk of data leakage. Further attempts at blackmail are not excluded. Finally, it is unclear who owns the hard drives that still contain unencrypted data from the Zurich jurisdiction. According to the files, Gisler gave the documents to several people.
After the initial inspection of the confiscated hard drives, the lead prosecutor was already certain that Roland Gisler was an unauthorized person holding “sensitive data from the judiciary”. He wrote this in a letter to the Supreme Court in February 2021.
known for a long time? Are you kidding? Are you serious when you say that?
The authorities today are doing everything they can to put the scandal into perspective. A Justice Department spokesman refused a first look request, arguing that this case was “long known”. This is not true. Then the topic was presented as cold coffee, since 2013 data carriers are destroyed as “professional certified”. Media spokesman Benjamin Tommer says this process was set up “independently of the 2008 incident.” He and government councilor Fehr at GPK claim that 2008 was the end of the data leak. But Blick and SVP cantonal councilor Landmann have documents dated from 2001 to 2012.
The prosecution also reported that there is now only “a small amount of data from the judiciary” on the data carriers protected in connection with the criminal prosecution against Gisler. This can be a major shortcoming. Blick had access to over 30 documents, more than ten allegedly containing sensitive, sometimes very sensitive data.
Ministry of Justice leaves questions unanswered
Blick wanted to know how secret documents from the Ministry of Justice could have gotten around Zurich. Wasn’t there a written agreement with the company in which devices containing highly sensitive data were entrusted? How many hard drives containing potentially sensitive information are still believed to be in circulation? And what were the results of the administrative investigation initiated?
All this remains open. Questions are “the subject of criminal investigation without exception”, the judiciary reports only on request. You do not know the answers and therefore cannot answer the questions.