Global Transparency Initiative status update

August 29, 2018

We announced the Global Transparency Initiative in October 2017. Its purpose: to show the world that we have nothing to hide, and that our customers can trust us. We aimed to prove it, too — not just ask for trust.

Over the past few years, we’ve been the subject of a lot of false allegations. Although not a single fact has been presented to support those allegations, we believe it is our responsibility to prove that Kaspersky Lab can, and should, be trusted. There are fundamental reasons to put trust in us, and that’s what our Global Transparency Initiative is all about.

We will update this post as the project matures.

Update: November 13, 2018

Our first Transparency Center is now officially open, enabling authorized partners to access reviews of the company’s code, software updates, and threat detection rules.

Starting today, we will also process malicious and suspicious files shared with us by users of Kaspersky Lab products in Europe in our two world-class data facilities in Zurich.

As promised, Kaspersky Lab has also contracted with one of the Big Four professional services firms to conduct an audit, under the SSAE 18 standard, of the company’s engineering practices around the creation and distribution of threat detection rule databases, to independently confirm their accordance with the highest industry security practices.

Update: August 29, 2018

We are making good progress, having already implemented one major change by raising our bug bounty to $100,000. This helped make our products more secure and reliable. At this point, we have also initiated the next phase of the Global Transparency Initiative project, installing the equipment necessary for relocating our user data processing to Europe.

Kaspersky Lab has also signed contracts with two European providers — Interxion and NTS — to host the new infrastructure necessary to collect, process, and store customer data in Zurich, Switzerland, by the end of 2018, addressing concerns from public and private sector stakeholders regarding unauthorized access to customer data. Relocation of data processing and storage will begin with European customers, and other countries will follow. We plan to finalize full relocation for European countries in Q4 2019.

Why Switzerland?

We chose the location for several reasons. On the one hand, Switzerland is located in the heart of Europe. On the other hand, Switzerland is not part of the EU, which makes it an independent country that can make its own decisions. We also find the symbolism appealing: One of our Global Transparency Initiative’s main principles is to show that we are independent, so there’s just no better place than Switzerland to start.

Switzerland is also well known for its highly innovative and advanced IT landscape, and for its strict regulations on processing data requests received from authorities. So, our customer data will be stored and processed in one of the most secure locations in the world.

Global Transparency Initiative phases

Other elements of our Global Transparency Initiative are also being developed.

We’re planning on opening our first Transparency Center in Switzerland. This is currently being set up and will be opened once we’re ready to start processing data in the Zurich data centers (this is scheduled for later this year). [UPDATE: Our first center is now open.]

We’re determined to relocate the facilities that are tasked with customer data processing for other countries too. This is quite a complicated process, so in order to minimize any potential disruption in protecting our customers, we’ve decided to stick to an incremental approach. So we’ll get back to this after we’ve finished relocating the data processing facilities for European citizens to Switzerland. [UPDATE: The relocation process has started and will be completed for European citizens in 2019.]

The third-party code and processes review is also due to happen following the relocation; we are now looking for a suitable partner. [UPDATE: We have now contracted with a partner for this phase.]

Another part of our scope is moving the software and threat detection rules database assembly process to Switzerland. However, addressing concerns over unauthorized user data access was higher priority, so this move will happen after we have kicked off the data relocation process.

Implementing the Global Transparency Initiative is a very important process for us. We’re absolutely confident that investing time and effort into this lengthy project is necessary to prove that Kaspersky Lab is fully transparent, independent, and has every reason to be trusted. As we can share more news about the ongoing processes of our Global Transparency Initiative, we’ll continue to update this blog as well as our Transparency Center website, so that everyone can find information about our transparency-related activities in one place.