An embattled Kaspersky Labs is fighting back against accusations that its ties to the Russian government can create a security risk when using its anti-virus software. On Tuesday, the cybersecurity firm announced that it will be moving a significant chunk of its infrastructure to Switzerland, and an independent group will be able to review its source code.
Last year, the Department of Homeland Security ordered all United States government agencies to cease using Kaspersky’s software due to concerns that it might be compelled to share information intercepts with the Russian government. Since then, the security company has admitted that its software downloaded classified NSA documents but pinned the blame on a reckless U.S. government contractor. And Israeli intelligence reportedly observed Russian agents using Kaspersky software as a hacking tool. Other governments have joined in on the Kaspersky ban including the U.K. and the Netherlands. The company’s decision to set up shop in Switzerland is being framed as a move that would not only help rebuild trust but make Kaspersky more transparent than its competitors.
In a blog post, the company wrote that it will begin moving its “‘software assembly line’ and servers that store and process Kaspersky Security Network data” to Zurich — a process that should be complete by the end of 2018. It will then set up a “Transparency Center” where “responsible stakeholders from government and private organisations with relevant expertise” will be allowed to review its source code, updates, detection rules, and data storage practices. The servers that process and store data for users in Europe, North America, Australia, Japan, South Korea, and Singapore will be part of the migration.
Separate from the Transparency Center, Kaspersky supports the formation of a third-party, non-profit group that will assess the trustworthiness of all activity at the Zurich data center. All of its software will be compiled and signed in Switzerland by this third-party, but we have few details about how the group will be formed. Kaspersky hopes to have its transparency initiative fully implemented by the end of 2019, with the goal of opening additional centres in North America and Asia by 2020.
Distrust for Kaspersky’s service is rooted in a law requiring companies located in Russia to route data through Russian ISPs that are allegedly monitored by intelligence operatives. Kaspersky has maintained that the data in its system is encrypted and intercepts would be useless. The company’s founder, Eugene Kaspersky, has also been under scrutiny for his personal ties to Russian intelligence, and several reports have pointed to specific collaboration with the FSB.
Kaspersky Labs has long been one of the most trusted names in security but that trust has been seriously undermined over the last year. It hopes that this new strategy will make its service more reliable than ever. “As far as we know, we are the first cybersecurity company to come forward with such an initiative,” it said in its announcement. “Being the very first gives us an advantage in that respect.”
[Kaspersky Labs via TechCrunch, Reuters]