By Jack Stubbs and Jim Finkle
MOSCOW/TORONTO (Reuters) – Moscow-based Kaspersky Lab plans to open a data center in Switzerland to address Western government concerns that Russia exploits its anti-virus software to spy on customers, according to internal documents seen by Reuters.
Kaspersky is setting up the center in response to actions in the United States, Britain and Lithuania last year to stop using the company’s products, according to the documents, which were confirmed by a person with direct knowledge of the matter.
The action is the latest effort by Kaspersky, a global leader in anti-virus software, to parry accusations by the U.S. government and others that the company spies on customers at the behest of Russian intelligence. The U.S. last year ordered civilian government agencies to remove the Kaspersky software from their networks.
Kaspersky has strongly rejected the accusations and filed a lawsuit against the U.S. ban.
The U.S. allegations were the “trigger” for setting up the Swiss data center, said the person familiar with Kapersky’s Switzerland plans, but not the only factor.
“The world is changing,” they said, speaking on condition of anonymity when discussing internal company business. “There is more balkanisation and protectionism.”
The person declined to provide further details on the new project, but added: “This is not just a PR stunt. We are really changing our R&D infrastructure.”
A Kaspersky spokeswoman declined to comment on the documents reviewed by Reuters.
In a statement, Kaspersky Lab said: “To further deliver on the promises of our Global Transparency Initiative, we are finalizing plans for the opening of the company’s first transparency center this year, which will be located in Europe.”
“We understand that during a time of geopolitical tension, mirrored by an increasingly complex cyber-threat landscape, people may have questions and we want to address them.”
Kaspersky Lab launched a campaign in October to dispel concerns about possible collusion with the Russian government by promising to let independent experts scrutinize its software for security vulnerabilities and “back doors” that governments could exploit to spy on its customers.
The company also said at the time that it would open “transparency centers” in Asia, Europe and the United States but did not provide details. The new Swiss facility is dubbed the Swiss Transparency Centre, according to the documents.
Work in Switzerland is due to begin “within weeks” and be completed by early 2020, said the person with knowledge of the matter.
The plans have been approved by Kaspersky Lab CEO and founder Eugene Kaspersky, who owns a majority of the privately held company, and will be announced publicly in the coming months, according to the source.
“Eugene is upset. He would rather spend the money elsewhere. But he knows this is necessary,” the person said.
It is possible the move could be derailed by the Russian security services, who might resist moving the data center outside of their jurisdiction, people familiar with Kaspersky and its relations with the government said.
Western security officials said Russia’s FSB Federal Security Service, successor to the Soviet-era KGB, exerts influence over Kaspersky management decisions, though the company has repeatedly denied those allegations.
The Swiss center will collect and analyze files identified as suspicious on the computers of tens of millions of Kaspersky customers in the United States and European Union, according to the documents reviewed by Reuters. Data from other customers will continue to be sent to a Moscow data center for review and analysis.
Files would only be transmitted from Switzerland to Moscow in cases when anomalies are detected that require manual review, the person said, adding that about 99.6 percent of such samples do not currently undergo this process.
A third party will review the center’s operations to make sure that all requests for such files are properly signed, stored and available for review by outsiders including foreign governments, the person said.
Moving operations to Switzerland will address concerns about laws that enable Russian security services to monitor data transmissions inside Russia and force companies to assist law enforcement agencies, according to the documents describing the plan.
The company will also move the department which builds its anti-virus software using code written in Moscow to Switzerland, the documents showed.
Kaspersky has received “solid support” from the Swiss government, said the source, who did not identify specific officials who have endorsed the plan.
(Reporting by Jack Stubbs in Moscow and Jim Finkle in Toronto; Editing by Jonathan Weber)