Kaspersky has publicly shared information on requests received from government and law enforcement agencies, and users for data and technical expertise in 2020 and H1 2021.
The Law enforcement and government requests report helps Kaspersky’s users understand how the company responds to such requests and its approach to users’ data security and privacy.
As the number of cyberattacks increases every year, threatening the proper development and use of digital technologies, there is a rising need for collaboration among the IT community. To fight transnational cybercrime successfully and make sure its users are safe, protected and confident in the cyberworld, Kaspersky has been working with law enforcement agencies (LEAs) across the globe.
Kaspersky publicly shared its approach in responding to requests from global government and law enforcement agencies for two categories: user data and technical expertise. It also disclosed information about the number of such requests by country for 2020 and the first six months (H1) of 2021:
* In 2020, Kaspersky received 160 requests from governments and LEAs from 15 countries. 132 of those were for Non-Personal Technical Information & Expertise. All requests for user data (28) were processed and rejected due to an absence of data or not meeting legal verification requirements.
* In H1 2021, Kaspersky received 105 requests from governments and LEAs from 17 countries. 40% of those were processed and rejected due to an absence of data or not meeting legal verification requirements. In total, 89 requests received during the first six months of this year were for Non-Personal Technical Information & Expertise.
Kaspersky never provides any law enforcement or government organisations with access to user data or the company’s infrastructure. We provide information on such data upon request, but no third party can directly or indirectly access our infrastructure or data, and all requests go through mandatory legal verification before approving, rejecting or appealing such requests.
User data includes information provided by users to Kaspersky when they use the company’s products and services and depends on the services, products and features users use and is protected as described in the Kaspersky Privacy Policy. As a cybersecurity company, Kaspersky does not process nor have access to content data (what users create or communicate), in which LEAs are usually interested in for electronic evidence.
Requests for technical expertise include non-personal technical information produced and provided by Kaspersky security researchers and machine learning algorithms. This may include the MD5 hashes of malware, indicators of compromise (IoCs), information about the modus operandi of cyberattacks, output of malware reverse engineering, statistical information, and other results of investigations and research.
“We at Kaspersky are committed to wider transparency in what we do and how we do that. Our company works with law enforcement organisations across the globe in the best interests of international cybersecurity, and we believe that by clearly communicating our core principles for how we cooperate with organisations in fighting cybercrime we will help our users to be more confident trusting Kaspersky cybersecurity solutions,” comments Oleg Abdurashitov, head of public affairs at Kaspersky.
In addition, the company discloses information about requests received from users for multiple purposes, such as for the removal of a user’s personal information, for details on which and where a user’s data is stored, and its provision. In 2020 Kaspersky received 503 user requests in total, while in H1 2021, that number has already more than doubled, amounting to 1,199 requests.