Our principles of cooperation with law enforcement agencies, commercial and public entities
As a private company, we have no political ties to any government but are proud to collaborate with the authorities of many countries, as well as international law enforcement agencies, and commercial and public entities in fighting cybercrime. We work with the authorities in the best interests of international cybersecurity, providing technical consultations or expert analysis of malicious programs, in compliance with court orders or during investigations – all in accordance with industry standards.
Other cybersecurity vendors do the same. Without the expertise of security professionals, successful law enforcement operations would be an unattainable dream. When cybercrime cases are domestic, IT security companies work with their local law enforcement agencies to assist in investigations. When they are international, they work with the appropriate law enforcement authorities of the affected countries to abide by legal policies and federal jurisdictions. This cooperation is crucial in fighting cybercrime worldwide.
We work together with the global IT security community, international organisations, national and regional law enforcement agencies (including but not limited to INTERPOL, Europol, the Federal Security Service of the Russian Federation and the Federal Service for Technical and Export Control of the Russian Federation, The City of London Police, The National High Tech Crime Unit (NHTCU) of the Netherlands’ Police Agency, Microsoft Digital Crimes Unit), as well as Computer Emergency Response Teams (CERTs) and many other police authorities worldwide. During investigations, Kaspersky Lab’s security experts only provide technical expertise and focus their research on analysing malware. None of this involves any user data being processed by third parties. The company applies the same methodologies and principles to discovery and analysis in these cases as it does to commercially-motivated malware.
For instance, in Russia our expertise led to law enforcement agencies stopping the activities of a cybercriminal group that had been engaged in the theft of funds from the client accounts of Russian financial institutions since 2013. Over the period of its activity, the group managed to steal over 1 billion rubles from these accounts.
In October 2014, Kaspersky Lab and Europol signed a memorandum of understanding, which paved the way for closer cooperation between the two organisations. Moreover, Kaspersky Lab has supported INTERPOL with products and intelligence for INTERPOL’s launch of its Digital Crime Center at the Global Complex for Innovation (IGCI) in Singapore. The Center is responsible for carrying out the technical part of INTERPOL’s investigations into cyber-incidents.
We also run special training courses on a regular basis for international police organisations, as well as for INTERPOL and Europol officers.
In July 2016, the Dutch National Police, Europol, Intel Security and Kaspersky Lab announced the launch of the No More Ransom project - a non-commercial initiative that unites public and private organisations and aims to inform people of the dangers of ransomware, while at the same time helping victims recover their data without having to pay the criminals. The No More Ransom online portal offers educational resources and 54 free decryption tools in 26 different languages to help victims of ransomware decrypt affected devices. With more than 100 supporting partners from the public and private sector, the initiative continues to expand to address evolving ransomware threats.
Alongside everything mentioned above, and like all other vendors, we obtain licenses for the development of information security software. This is a worldwide practice. According to legislation, such development is subject to licensing by a regulator. In Russia, for instance, the relevant regulator would be the Federal Service for Technical and Export Control, or the Federal Security Service if it is about obtaining a license for the encryption of data related to state secrets.
Does Kaspersky Lab have any ties to any government?
Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organisations from cyberthreats, but it does not have unethical ties or affiliations with any government. In its 20 years’ of existence, Kaspersky Lab’s operations have never raised flags – the company abides by the highest ethical business practices and implements trustworthy technology development.
Why is Kaspersky Lab now under such pressure from U.S. government officials and media?
Kaspersky Lab doesn’t have inappropriate ties to any government, which is why no facts has been presented publicly by anyone or any organisation to back up the false allegations made against the company. The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it is being treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts.
Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organisations from cyberthreats, but it does not have unethical ties or affiliations with any government.
Is there any hidden agenda with Kaspersky Lab being under the control of the Russian government, either directly or indirectly? Do you follow direct orders from the Russian government?
No. As a company focused on serving the security needs of individuals, companies and governments all around the world, Kaspersky Lab does not have political ties to any government. In addition, more than 85 percent of our revenue comes from outside of Russia, which further demonstrates that working inappropriately with any government would be detrimental to the company’s bottom line.
Have you ever received a request from law enforcement to provide them with your users’ data?
No. Our solutions process a very limited volume of personal data. This is why we have never received a request of this kind in 20 years of operating in the market.
Has Kaspersky Lab ever been asked by any government to insert a “backdoor” (or something similar) into the company’s products?
Kaspersky Lab does not include any undeclared capabilities in its products, because such activity would be illegal. We have never received any such requests and will not address them, should they emerge in the future. Where applicable, Kaspersky Lab is ready to present for review the source code of its products. In addition, Kaspersky Lab has launched a bug bounty program, offering security researchers an opportunity to search for security bugs in our products in exchange for a bounty. Alongside everything mentioned above, the process of obtaining licenses for the development of software for information security involves our products being examined by regulators for undeclared features (backdoors).
Has Eugene Kaspersky ever worked for the KGB – for example during his time at a KGB-sponsored education facility?
No. Eugene Kaspersky grew up in the Soviet era, when almost every educational opportunity was sponsored by the government in some way. After graduating from a prestigious Soviet high school with a focus on mathematics, he then studied cryptography at a university that was sponsored by four state institutions, one of which was the KGB. Upon graduating in 1987, he was placed at a Ministry of Defense (MoD) scientific institute, where he served as a software engineer. Contrary to misinformed sources, serving as a software engineer was the extent of his military experience, and he never worked for the KGB.
Is Kaspersky Lab subject to Russian surveillance laws (such as SORM)?
Russia and other countries have implemented surveillance legislation aimed at stopping terrorist activities. However, those laws and tools are applicable to telecom companies and Internet Service Providers (ISPs). Kaspersky Lab does not provide communication services, thus the company is not subject to these laws or other government tools, including Russia’s System of Operative-Investigative Measures (SORM). Also, it’s important to note that the information received by the company, as well as traffic, is protected in accordance with legal requirements and stringent industry standards, including encryption, digital certificates, firewalls and more.
Why should I trust a Russian solution when there are comparable products developed in the U.S. (Japan, etc.)?
We live in an age of globalisation. Kaspersky Lab was founded in Russia, and then became part of a holding company registered in the UK, and has R&D centers as well as security experts around the world - including in Russia, Europe, Japan, Israel, Australia, South Korea, the Middle East, the United States and Latin America. Product and service quality are the only things that matter. We use an approach similar to that of most Fortune 500 companies today and believe there is a strong link between industry best practice and the use of insight and expertise from a multitude of nationalities. For us, that means cherry picking the best talent from a global pool, without exclusions. In addition, Kaspersky Lab products constantly demonstrate the highest quality protection and usability results in independent tests conducted by respected testing organisations.