Kaspersky reveals government, law enforcement requests received
Kaspersky has publicly shared information on requests received from government and law enforcement agencies, in a move it says highlights its commitment to greater transparency.
According to the company, the growing importance of technology in modern life has led to a demand for greater transparency of the software we use, security solutions included.
With this in mind, the security giant has released its first transparency report, Law enforcement and government requests report, to help its users understand how it responds to requests of this nature, as well as its approach to users’ data security and privacy.
A need for transparency
The number of cyber attacks are on the rise each year every year, and are threatening the proper development and use of digital technologies, the company says.
There is a growing need for collaboration among the IT community, and to help combat transnational cyber crime Kaspersky has been working with law enforcement agencies (LEAs) around the world.
In the report, the company shares its approach to responding to requests from global government and LEAs in two categories - user data and technical expertise.
It also disclosed information about the number of such requests by country for 2020 and the first six months of this year.
Last year, it received 160 requests from governments and LEAs in 15 countries. Of these, 132 were for non-personal technical information and expertise, which may include indicators of compromise (IOCs), information about the modus operandi of cyber attacks, output of malware reverse engineering, statistical information, and other results of investigations and research.
“All requests for user data (28) were processed and rejected due to an absence of data or not meeting legal verification requirements.”
In the first half of 2021, Kaspersky received 105 requests from governments and LEAs in 17 countries. Some 40% were processed and rejected due to a lack of data or not meeting legal verification requirements.
In total, 89 requests received during the first six months of this year were for non-personal technical information and expertise.
No access to user data
Kaspersky says under no circumstances does it provide any LEAs or government organisations with access to user data or the company’s infrastructure.
“We provide information on such data upon request, but no third party can directly or indirectly access our infrastructure or data, and all requests go through mandatory legal verification before approving, rejecting or appealing such requests.”
The company says it does not process nor have access to content data (what users create or communicate), which LEAs are usually interested in for electronic evidence.
No third party can directly or indirectly access our infrastructure or data.Kaspersky
Oleg Abdurashitov, head of Public Affairs at Kaspersky, says the company is committed to wider transparency in what it does, and how it does it.
Kaspersky works with law enforcement organisations around the world in the best interests of international cyber security, and believes that by clearly communicating its core principles for how it co-operates with organisations in fighting cyber crime it will help its users to be more confident when it comes to trusting Kaspersky cyber security solutions.
Moreover, he says the company discloses information about requests received from users for multiple purposes, such as for the removal of a user's personal information, for details on which and where a user’s data is stored, and its provision.
In 2020 Kaspersky received 503 user requests in total, while in H1 2021, that number has already more than doubled, amounting to 1 199 requests.