Tag Archives: Transparency Center

Kaspersky Global Transparency Initiative Explained!

The Kaspersky Global Transparency Initiative Explained!

The upcoming Trump-Putin summit aside, Kaspersky Lab is pushing forward with their Global Transparency Initiative. What is the Kaspersky Global Transparency Initiative? And how does it help guarantee that Kaspersky Lab products and services are safe to use?

We explain it all, with a little help from Stephan Neumeier and Oleg Abdurashitov from Kaspersky Lab!

 

The Kaspersky Global Transparency Initiative

The Kaspersky Global Transparency Initiative began in October 2017, as a way to allay fears that Kaspersky Lab products and services had backdoors built-in.

It was really an extension of Eugene Kaspersky’s offer to show Kaspersky Lab source codes to the US government.

July 2017 : Eugene Kaspersky Offers Source Codes To US Government

In response to the US government’s prohibition on the use of Kaspersky Lab products, Eugene Kaspersky offered to make Kaspersky Lab source codes available to the US government for inspection.

Oct. 2017 : Source Codes Available For Inspection

In the initial version, Kaspersky Lab offered to :

  • make their source codes available for independent review and evaluation,
  • conduct an independent assessment of their software development and supply chain,
  • establish three Transparency Centers in Asia, Europe and the US.
  • increase bug bounty awards to US$100,000

We immediately pointed out that it did not address a major concern of the US government – that data is still being routed through Russian Internet service providers that are subject to the Russian intelligence surveillance system called SORM (System of Operative-Investigative Measures).

Kaspersky Lab maintained that customer data sent to their Russian servers are encrypted, and they do not decrypt them for the Russian government. But it would be impossible for them to prove that to anyone’s satisfaction.

May 2018 : Core Operations Moves To Switzerland

Last month, Kaspersky Lab announced that they are establishing a data center in Zurich by the end of 2019. This facility will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries to follow.

The Kaspersky Switzerland facility will :

  • store and process customer data of select countries outside of Russia
  • host Kaspersky’s software build conveyer that will assemble and digitally-sign the final executable files and updates
  • serve as the first Kaspersky Transparency Center.

In addition, Kaspersky will be arranging for a qualified and independent third-party to review and supervise the data storage, processing, software assembly and source codes at this Zurich facility.

The very act of moving their customer data out of Russia to a neutral country finally removes our main criticism of their initial transparency initiative. Now, no one has to worry about sensitive data being transmitted through the Russian SORM intelligence surveillance system.

 

The Kaspersky Global Transparency Initiative Going Forward

The establishment of the Swiss datacenter is merely another phase in the long process of “earning trust”, as Stephan Neumeier called it. Eventually, customer data from most countries outside of Russia will move to that datacenter.

By the end of 2018, all Kaspersky Lab products and threat detection rule databases (AV databases) will be assembled and signed with a digital signature in Switzerland, before being distributed to customers worldwide. All newly assembled software will also be verified by an independent organization, certifying that software builds and updates received by customers match the source code provided for audit.

The next step would be the establishment of two more Transparency Centers – one in Asia, and another one in North America. Singapore and Canada are probable favourites.

 

Perhaps A Backdoor Bounty?

We would suggest that perhaps Kaspersky Lab should establish an independent backdoor bounty program, separate from their current bug bounty.

A large sum of money could be placed in escrow, under an independent and competent third-party, which can freely investigate and reward security researchers who can successfully prove the existence of a backdoor in any Kaspersky product or service.

That would go a long way into shoring up trust of those who have neither the financial nor the technical capabilities to visit a Kaspersky Transparency Center and peruse millions of lines of code.

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Moves Core Russian Operations To Switzerland!

In a move to allay fears of collusion with Russian authorities, Kaspersky Lab announced on 15 May 2018 that they will be moving a number of their core Russian operations to Switzerland. This would include their customer data storage and processing for most regions, as well as software assembly and threat detection updates.

To ensure full transparency and integrity, they are also arranging for this activity to be supervised by an independent third party, also based in Switzerland. Here are the full details!

 

 

Customer Data Storage & Processing

Kaspersky Lab will establish a data center in Zurich by the end of 2019. This facility will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries to follow.

This information is stored and processed at this facility will be voluntarily shared by users of the Kaspersky Security Network (KSN) – a cloud-based system that automatically processes cyberthreat-related data. 

Relocation of software assembly

Kaspersky Lab will relocate to Zurich its ‘software build conveyer’ — a set of programming tools used to assemble ready to use software out of source code.

Before the end of 2018, Kaspersky Lab products and threat detection rule databases (AV databases) will start to be assembled and signed with a digital signature in Switzerland, before being distributed to the endpoints of customers worldwide.

The relocation will ensure that all newly assembled software can be verified by an independent organization and show that software builds and updates received by customers match the source code provided for audit.

[adrotate group=”1″]

First Kaspersky Lab Transparency Center

Kaspersky Lab first announced their Global Transparency Initiative in October 2017. One of their initiatives include the creation of three Kaspersky Transparency Centers – one each in Asia, Europe and the US.

The first Transparency Center will be in Switzerland, and is expected to open this year. It will allow organisations and governments to inspect and review the source code of Kaspersky Lab products and software updates in a secure facility.

Independent supervision and review

Kaspersky Lab is arranging for the data storage and processing, software assembly, and source code to be independently supervised by a third party qualified to conduct technical software reviews. They are also calling for the creation of a new, non-profit organization to take on this responsibility.

Don’t forget to read our interview with Eugene Kaspersky on his alleged ties with Russian President Vladimir Putin and the Kremlin.

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!