{"id":14369,"date":"2018-08-29T14:04:05","date_gmt":"2018-08-29T13:04:05","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/?p=14369"},"modified":"2022-05-05T08:25:52","modified_gmt":"2022-05-05T07:25:52","slug":"transparency-status-updates","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/transparency-status-updates\/14369\/","title":{"rendered":"Global Transparency Initiative status update"},"content":{"rendered":"<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2018\/08\/19162547\/transparency-status-updates-featured-2.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2018\/08\/19162547\/transparency-status-updates-featured-2-1024x672.jpg\" alt=\"\" width=\"1024\" height=\"672\" class=\"aligncenter size-large wp-image-16239\"><\/a><br>\nWe announced the <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/about\/transparency\" rel=\"noopener noreferrer nofollow\">Global Transparency Initiative<\/a> in October 2017. Its purpose: to show the world that we have nothing to hide, and that our customers can trust us. We aimed to prove it, too \u2014 not just ask for trust.<\/p>\n<p>Over the past few years, we\u2019ve been the subject of a lot of false allegations. Although not a single fact has been presented to support those allegations, we believe it is our responsibility to prove that Kaspersky Lab can, and should, be trusted. There are fundamental reasons to put trust in us, and that\u2019s what our Global Transparency Initiative is all about.<\/p>\n<p>We will update this post as the project matures.<\/p>\n<h3>Update: August 15, 2019<\/h3>\n<p>We\u2019re pleased to announce that our third Transparency Center will open in early 2020 in Cyberjaya, Malaysia. Like the ones we opened earlier in Zurich and Madrid, this Transparency Center will serve as a trusted facility for our partners and government stakeholders, a place where they can check the source code of our products. CyberSecurity Malaysia, the country\u2019s cybersecurity agency, will host it.<\/p>\n<p>Our CEO Eugene Kaspersky notes that this Transparency Center, the company\u2019s first in the APAC region, shows our pioneering Global Transparency Initiative, which aims to address the growing demand from partners and government stakeholders for more information on how our products and technologies work, remains on track.<\/p>\n<h3>Update: July 11, 2019<\/h3>\n<p>Our second Transparency Center opened in Madrid in June for Kaspersky\u2019s customers and partners. We plan on having at least three Transparency Centers worldwide by 2020.<\/p>\n<p>But that\u2019s not all. An important part of our Global Transparency Initiative, the third-party Service Organization Controls (<a target=\"_blank\" href=\"https:\/\/www.ssae-16.com\/soc-1-report\/the-ssae-18-audit-standard\/\" rel=\"noopener noreferrer nofollow\">SOC2 Type 1<\/a>) review of Kaspersky\u2019s cybersecurity risk management controls has been completed. One of the Big Four auditors has reviewed our controls over regular automatic updates of antivirus databases for products for Windows and Unix Servers and concluded that development and release of these databases are protected from unauthorized changes. This serves as yet another confirmation that our products are secure and can be trusted. According to the terms of the contract, we can <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/about\/compliance-soc2\" rel=\"noopener noreferrer nofollow\">disclose the report to our clients and regulators upon request<\/a>.<\/p>\n<p>In addition to that we\u2019re continuing to expand our Bug Bounty program and recently we have joined the Disclose.io movement, which means that we now provide a Safe Harbor for vulnerability researchers looking into our products and guarantee that there will be no legal actions against them. You can <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/kaspersky-joins-disclose-io\/27588\/\" rel=\"noopener noreferrer nofollow\">find more about Disclose.io in our blogpost<\/a>.<\/p>\n<h3>Update: April 2, 2019<\/h3>\n<p>Our Global Transparency Initiative is making good progress: Today we announce the opening of a second Transparency Center. It will be located in Madrid, Spain, and will serve the purpose of providing more information regarding how Kaspersky Lab\u2019s products and technologies work. In addition to that, the new Center will also serve as a briefing center where visitors can learn about our product portfolio, engineering, and data processing practices. We expect the Center\u2019s first visitors this June. Plans to open Transparency Centers in Asia and North America in 2020 are ongoing.<\/p>\n<p>Relocation of our data processing infrastructure is also on track. We have already relocated the receiving infrastructure to Switzerland and plan to finish relocating the storage part by the end of Q2. We expect to finalize full relocation of data processing for European customers by the end of this year.<\/p>\n<p>In addition to that, we have published the results of a voluntary third-party legal assessment of Russian legislative acts and how they apply to Kaspersky Lab. The assessment was conducted by Dr. Kaj Hober, professor of International Investment and Trade Law at Uppsala University in Sweden and an expert on Russian law system. The key findings are the following:<\/p>\n<ul>\n<li>Kaspersky Lab may be asked by the federal security service (FSB) to cooperate with it, but the company is not obliged to do so.<\/li>\n<li>Laws that oblige vendors to assist the FSB with operational-investigative activities apply only to companies that provide electronic communication services, which Kaspersky Lab is not.<\/li>\n<li>Laws that force companies to store data in Russia and provide it and encryption keys (to decrypt it) to the FSB apply only to telecom providers, and Kaspersky Lab is not a telco.<\/li>\n<\/ul>\n<p>Last but not least, we have improved our Bug Bounty program, adding <a href=\"https:\/\/www.kaspersky.co.uk\/password-manager?icid=gb_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">Kaspersky Password Manager<\/a> and <a href=\"https:\/\/www.kaspersky.co.uk\/small-to-medium-business-security?icid=gb_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Endpoint Security for Linux<\/a> as well as some other products to the scope of the software available for review. So far more than 50 bugs were discovered and reported through the program, and researchers were paid more than $17,000 in bounties for pointing them out.<\/p>\n<h3>Update: November 13, 2018<\/h3>\n<p>Our first Transparency Center is now officially open, enabling authorized partners to access reviews of the company\u2019s code, software updates, and threat detection rules.<\/p>\n<p>Starting today, we will also process malicious and suspicious files shared with us by users of Kaspersky Lab products in Europe in our two world-class data facilities in Zurich.<\/p>\n<p>As promised, Kaspersky Lab has also contracted with one of the Big Four professional services firms to conduct an audit, under the <a target=\"_blank\" href=\"https:\/\/www.aicpa.org\/content\/dam\/aicpa\/research\/standards\/auditattest\/downloadabledocuments\/ssae-no-18.pdf\" rel=\"noopener noreferrer nofollow\">SSAE 18 standard<\/a>, of the company\u2019s engineering practices around the creation and distribution of threat detection rule databases, to independently confirm their accordance with the highest industry security practices.<\/p>\n<h3>Update: August 29, 2018<\/h3>\n<p>We are making good progress, having already implemented one major change by <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/even-more-transparency\/19943\/\" rel=\"noopener noreferrer nofollow\">raising our bug bounty to $100,000<\/a>. This helped make our products more secure and reliable. At this point, we have also initiated the next phase of the Global Transparency Initiative project, installing the equipment necessary for relocating our user data processing to Europe.<\/p>\n<p>Kaspersky Lab has also signed contracts with two European providers \u2014 <a target=\"_blank\" href=\"https:\/\/www.interxion.com\/\" rel=\"noopener noreferrer nofollow\">Interxion<\/a> and <a target=\"_blank\" href=\"https:\/\/www.nts.ch\/\" rel=\"noopener noreferrer nofollow\">NTS<\/a> \u2014 to host the new infrastructure necessary to collect, process, and store customer data in Zurich, Switzerland, by the end of 2018, addressing concerns from public and private sector stakeholders regarding unauthorized access to customer data. Relocation of data processing and storage will begin with European customers, and other countries will follow. We plan to finalize full relocation for European countries in Q4 2019.<\/p>\n<h3>Why Switzerland?<\/h3>\n<p>We chose the location for several reasons. On the one hand, Switzerland is located in the heart of Europe. On the other hand, Switzerland is not part of the EU, which makes it an independent country that can make its own decisions. We also find the symbolism appealing: One of our Global Transparency Initiative\u2019s main principles is to show that we are independent, so there\u2019s just no better place than Switzerland to start.<\/p>\n<p>Switzerland is also well known for its highly innovative and advanced IT landscape, and for its strict regulations on processing data requests received from authorities. So, our customer data will be stored and processed in one of the most secure locations in the world.<\/p>\n<h3>Global Transparency Initiative phases<\/h3>\n<p>Other elements of our Global Transparency Initiative are also being developed.<\/p>\n<p>We\u2019re planning on opening our first Transparency Center in Switzerland. This is currently being set up and will be opened once we\u2019re ready to start processing data in the Zurich data centers (this is scheduled for later this year). <strong>[UPDATE: Our first center is now open.]<\/strong><\/p>\n<p>We\u2019re determined to relocate the facilities that are tasked with customer data processing for other countries too. This is quite a complicated process, so in order to minimize any potential disruption in protecting our customers, we\u2019ve decided to stick to an incremental approach. So we\u2019ll get back to this after we\u2019ve finished relocating the data processing facilities for European citizens to Switzerland.<strong> [UPDATE: The relocation process has started and will be completed for European citizens in 2019.]<\/strong><\/p>\n<p>The third-party code and processes review is also due to happen following the relocation; we are now looking for a suitable partner.<strong> [UPDATE: We have now contracted with a partner for this phase.]<\/strong><\/p>\n<p>Another part of our scope is moving the software and threat detection rules database assembly process to Switzerland. However, addressing concerns over unauthorized user data access was higher priority, so this move will happen after we have kicked off the data relocation process.<\/p>\n<p>Implementing the Global Transparency Initiative is a very important process for us. We\u2019re absolutely confident that investing time and effort into this lengthy project is necessary to prove that Kaspersky Lab is fully transparent, independent, and has every reason to be trusted. As we can share more news about the ongoing processes of our Global Transparency Initiative, we\u2019ll continue to update this blog as well as our <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/transparency-center\" rel=\"noopener noreferrer nofollow\">Transparency Center website<\/a>, so that everyone can find information about our transparency-related activities in one place.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Current status and updates regarding the implementation of our Global Transparency Initiative.<\/p>\n","protected":false},"author":2706,"featured_media":14359,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2027],"tags":[2343,2344,2242,352,2345,2004],"class_list":{"0":"post-14369","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-special-projects","8":"tag-data-processing","9":"tag-global-transparency-initiative","10":"tag-gti","11":"tag-kaspersky-lab","12":"tag-switzerland","13":"tag-transparency"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/transparency-status-updates\/14369\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/transparency-status-updates\/14152\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/transparency-status-updates\/11845\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/transparency-status-updates\/6447\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/transparency-status-updates\/16130\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/transparency-status-updates\/13360\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/transparency-status-updates\/16828\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/transparency-status-updates\/16198\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/transparency-status-updates\/21211\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/transparency-status-updates\/5218\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/transparency-status-updates\/23637\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/transparency-status-updates\/11147\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/transparency-status-updates\/10789\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/transparency-status-updates\/9661\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/transparency-status-updates\/17568\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/transparency-status-updates\/10716\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/transparency-status-updates\/21378\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/transparency-status-updates\/23415\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/transparency-status-updates\/17278\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/transparency-status-updates\/21014\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/transparency-status-updates\/21024\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/transparency\/","name":"transparency"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/14369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=14369"}],"version-history":[{"count":7,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/14369\/revisions"}],"predecessor-version":[{"id":16558,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/14369\/revisions\/16558"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/14359"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=14369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=14369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=14369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}