Kaspersky Transparency Initiative update, September 2022

Introducing our new Transparency Center format and the opening of two more facilities in Europe.

Global Transparency Initiative update: September 2022

Businesses are showing increased interest in having confidence in their technology providers, with more than 70% of IT decision makers declaring a strong importance of having ongoing assurance that the IT solutions they use are operating in a known and trusted state. This is why we decided to open two new trust-building facilities for the company’s partners and customers in Italy and in the Netherlands. The centers will operate as per a new format: providing customers and partners with just the most popular service — an overview of our engineering and data management practices.

The new centers are part of the Kaspersky Global Transparency Initiative (GTI), and aim to open the “black box” of technology – increasing customer confidence in the company’s solutions. With the 2017 launch of the GTI, we became the first cybersecurity company to open its source code for external review. The initiative aims to engage the broader community in validating and verifying the trustworthiness of our products, internal processes, and business operations.

The opening of the new Transparency Centers reflects the company’s ongoing commitment to enhance both transparency and accountability for its customers and partners. Having added new facilities in Utrecht and Rome, we now have the largest network of such centers in Europe, along with hubs in Madrid and Zurich.

Operating in the company’s offices, the centers in Rome and Utrecht – open to our partners, customers, and government cybersecurity authorities – serve exclusively for the blue piste option, the most sought-after option by Transparency Center visitors since the opening of the first facility in 2018. The blue piste represents a general overview of our engineering and data processing practices, products and services. During a visit, partners and customers will be met by a team of experts who’ll answer any questions regarding the company’s data processing practices and the functioning of our solutions, together with a live demonstration of a source code review.

With the latest addition of two new facilities, we now operate nine Transparency Centers in Europe, APAC, North America and Latin America. Centers opened earlier offer additional review options — the red and black pistes — which vary in their depth and the level of technical skills required. The former provides a review of the most critical parts of the source code, enabling analysis of a particular functionality, while the latter represents the deepest and most comprehensive review of the most critical parts of the source code. The code review can be run solely for consultation purposes and in compliance with the strictest access policy to rule out the possibility of any modifications. To learn more or request access, please visit the Kaspersky transparency center website.

The new edition of the Transparency report

Another pillar forming our Global Transparency Initiative is the release of Kaspersky Transparency reports, revealing information on requests received from government and law enforcement agencies, and users for their personal data. The latest report covers the first six months of 2022.

During the first half of 2022, we received a total of 89 requests from governments and law enforcement agencies from eight countries (Brazil, China, Italy, Japan, Jordan, Russia, Singapore, and South Korea), a 15% decrease in requests year-on-year (105 requests in H1 2021). As previously, the overwhelming majority — 89% — of requests received were for non-personal technical information, i.e., information facilitating the conduct of investigations into cybercrimes — indicators of compromise (IoCs), information about modus operandi of cyberattackers, results of malware reverse engineering, and other results of cyber forensic analysis. As many as 11% of requests asked for user data, with all of them having been rejected.

The share of requests for non-personal technical data rose from 85% to 89%. The share of approved requests grew as well: out of all the requests received over H1 2022, 64% were granted. All other requests were rejected either for not meeting legal verification requirements or due to an absence of required data.

In addition, as part of its Transparency reports, we are making public information about requests received from users for personal-data-related purposes — details on where a user’s data is stored, or provision or removal of personal information. We received 3,285 such requests in the first half of 2022.

We are continuing our commitment to updating such data every six months, and publish Transparency reports on a regular basis to ensure stakeholders have the necessary information and can trust in our solutions. The reports also provide more information on the company’s approach to handling such requests and our principles. Previous Transparency reports can be found on the Kaspersky Global Transparency Initiative page.