Global cybersecurity company Kaspersky has publicly shared information on requests received from government and law enforcement agencies, and users for data and technical expertise in 2020 and H1 2021.

Demand for greater transparency of the software organizations and people use is also growing, including security solutions. To address this demand, Kaspersky has issued its first transparency report, law enforcement and government requests report, to help its users understand how the company responds to such requests and its approach to users’ data security and privacy.

As the number of cyberattacks increases every year, threatening the proper development and use of digital technologies, there is a rising need for collaboration among the IT community. To fight transnational cybercrime successfully and make sure its users are safe, protected and confident in the cyberworld, Kaspersky has been working with law enforcement agencies (LEAs) across the globe.

Kaspersky detects almost 5 million attacks vs WFH devices in PH in H1 2021
Kaspersky shares 5 ways to keep finances safe online

Kaspersky publicly shared its approach in responding to requests from global government and law enforcement agencies for two categories: user data and technical expertise. It also disclosed information about the number of such requests by country for 2020 and the first half of 2021.

In 2020, Kaspersky received 160 requests from governments and LEAs from 15 countries and 132 of those were for Non-Personal Technical Information & Expertise. All requests for user data (28) were processed and rejected due to an absence of data or not meeting legal verification requirements.

In H1 2021, Kaspersky received 105 requests from governments and LEAs from 17 countries. 40% of those were processed and rejected due to an absence of data or not meeting legal verification requirements. In total, 89 requests received during the first six months of this year were for Non-Personal Technical Information & Expertise.

User data

Kaspersky never provides any law enforcement or government organizations with access to user data or the company’s infrastructure. “We provide information on such data upon request, but no third party can directly or indirectly access our infrastructure or data, and all requests go through mandatory legal verification before approving, rejecting or appealing such requests,” Kaspersky said.

User data includes information provided by users to Kaspersky when they use the company’s products and services and depends on the services, products and features users use and is protected as described in the Kaspersky Privacy Policy. According to Kaspersky, as a cybersecurity company, it does not process nor have access to content data (what users create or communicate), which LEAs are usually interested in for electronic evidence.

Requests for technical expertise include non-personal technical information produced and provided by Kaspersky security researchers and machine learning algorithms. This may include the MD5 hashes of malware, indicators of compromise (IoCs), information about the modus operandi of cyberattacks, output of malware reverse engineering, statistical information, and other results of investigations and research.

In addition, the company discloses information about requests received from users for multiple purposes, such as for the removal of a user’s personal information, for details on which and where a user’s data is stored, and its provision. In 2020 Kaspersky received 503 user requests in total, while in the first half of 2021, that number has already more than doubled, amounting to 1,199 requests.