Russian Spying Fears Push Kaspersky to Move Data & Operations to Zurich
While Facebook managed to breeze through all the stories around its lack of privacy protections that enabled a political consultancy to profile and target tens of millions of American voters, companies outside of Silicon Valley haven't had such a good luck. Kaspersky, a Moscow-based cybersecurity firm, was alleged of having ties with the Kremlin. While the company continues to deny any such accusations, it is currently facing a ban in the United States.
Signed by President Donald Trump, the Fiscal Year 2018 National Defense Authorization Act (NDAA) forbids all federal departments from using the antivirus or other services and software made by the Moscow based cybersecurity firm.
The Dutch government also announced phasing out Kaspersky products as a "precautionary measure," recommending private firms to follow the same strategy. Lithuania and some others have also banned the company's products following the lead of the US government.
Kaspersky is now moving parts of its core operations to Switzerland to gain back user trust
In its ongoing efforts to become transparent and win back its government contracts, the company has announced that it will move a number of its core processes from Moscow to Switzerland. This new "Transparency Center" in Zurich will house servers that will store data on consumers from Europe, North America, Australia, Japan, South Korea, and Singapore.
Along with consumer data, this center will also host Kaspersky's build infrastructure, which means the company will assemble and manage its products from here.
- Secure software development documentation,
- The source code of any publicly released product (including old versions),
- Threat detection rule databases,
- The source code of cloud services responsible for receiving and storing the data of customers based in Europe, North America, Australia, Japan, South Korea and Singapore,
- Software tools used for the creation of a product (the build scripts), databases, and cloud services.
As mentioned in our earlier coverage, the US government hasn't shared any evidence if the Moscow-based firm indeed colluded with the Russian government. Some reports had claimed that Israel had offered this evidence to the Trump administration which resulted in the federal ban. While most in the industry believe that the US government's ban is like trying to start a cold war in the tech industry (ban on the Chinese firm ZTE is another example), some suggested that the Kaspersky ban was justified since its software was allegedly used by the Kremlin to keep eyes on American spies - even if without the knowledge of the company. At one time, Kaspersky had also failed to alert the US government when its antivirus software had uploaded confidential files from a government contractor's computer deeming it as a virus, raising concerns over its transparency protocols.
"The world is changing and changing really fast. The world in which we worked two or three years ago is different," Anton Shingarev, vice-president of public affairs at Kaspersky Labs, said. "The company needs to address that. The allegations we faced are wrong and there is no evidence. Still the allegations are there. We need to show customers we are taking them seriously and address them."
As to why Switzerland was chosen for its first transparency center, the company said that the country's data protection laws are among the toughest in the world influencing the decision. Kaspersky said that through this Global Transparency Initiative it will allow a third-party organization to assess the "trustworthiness of everything going on in our Zurich facility" to make sure that "there will be no need to rely" on the company's word alone.
"Responsible stakeholders from government and private organizations with relevant expertise will be able to review our software to make sure everything works as expected," it added.