The Data Protection Authority has opened an investigation into Kaspersky

Il Garante della privacy ha aperto un'istruttoria su Kaspersky thumbnail

The conflict between Russia and Ukraine, we are discovering it day after day, is only partially taking place on the purely military front.

It is also a technological and cyber warfare. First the sanctions of the telecommunications companies against Putin, then censorship and counter-censorship by social media against Moscow and vice versa.

Not to mention the hackers, lined up on both sides. Up to, to take just one example, the recent news of the Ukrainian president who invites his compatriots to surrender to the enemy. Too bad, however, that it was not the real Volodymyr Zelensky but a deepfake.

In all of this, there is a company that has ended up in the crosshairs, and it could not have been otherwise. In fact, Kaspersky Lab, based in Moscow, is one of the world leaders in the production of computer security software, better known as antivirus.

And of course, in this historical moment, having your computer protected by a Russian antivirus sounds paradoxical.

In fact, in addition to the legitimate doubts which we will discuss later, an official intervention also arrives. Our Privacy Guarantor intervened on the Kaspersky case, opening an investigation on the risks of the Russian antivirus. Let’s see what it is.

The Privacy Guarantor and Kaspersky: an investigation has been opened

As can be read in an article published on the official website on Friday 18 March, the Privacy Guarantor has opened an investigation on Kaspersky Lab.

More precisely, the investigation by the Privacy Guarantor on Kaspersky Lab intends to “assess the potential risks relating to the processing of personal data of Italian customers carried out by the Russian company that supplies the Kaspersky antivirus software”.

The action was necessary “in order to investigate the alarms launched by numerous Italian and European bodies specialized in IT security on the possible use of that product for cyber attacks against Italian users.”

The requests of the Privacy Guarantor to Kaspersky

The Guarantor asked Kaspersky Lab not only to specify the number and type of its customers in our country. But also to give detailed information on how personal data are processed regarding the various products and services released. Including, it says in the note, “those of telemetry or diagnostics”.

Furthermore, here is perhaps the main aspect to be clarified. The Guarantor wants Kaspersky to say whether or not customer data is transferred outside the European Union, and in particular to Russia.

Last point, Kaspersky Lab must provide the list of “requests for acquisition or communication of personal data, referring to Italian data subjects, addressed to the company by government authorities of third countries, starting from January 1, 2021, distinguishing them by country and indicating how many of them Kaspersky has provided positive feedback for. “

The recent veto on Kaspersky

The investigation opened by the Privacy Guarantor on Kaspersky is only the formalization of a series of suspicions and moves that have already been discussing for days.

In a recent article we gave you news of the decision taken by Franco Gabrielli, Undersecretary to the Prime Minister with responsibility for national security.

Having some doubts about the danger of Kaspersky for the Italian administration, Gabrielli has in fact decided to dispose of it. Gabrielli spoke of “antivirus systems produced by the Russians and used by our public administrations that we are verifying and planning to dispose of, to prevent them from becoming an attack tool from a protection tool. It is the fifth sector of possible conflict after sky, earth, sea and space ”.

We are therefore awaiting a rule that suspends the use of Kaspersky antivirus in the Public Administration. as well as, of course, the indication of a replacement software. The Kaspersky antivirus has been running in the computer systems of Italian PAs since 2003.

Our country’s decision to suspend the Russian antivirus follows similar ones in the Netherlands and Germany.

Hacked from Russia?

The hypothesis comes from the Bundesamt für Sicherheit in der Informationstechnik, the German cybersecurity authority. According to which Kaspersky, according to Reuters, is forced by the Kremlin to launch cyber attacks on the technological infrastructures of several European countries.

Even the French Agence nationale de la sécurité des systèmes d’alformation, for similar suspicions, on March 4 advised anyone using the Kaspersky antivirus to think of alternatives.

However, Kaspersky Lab denied having direct links with the Russian government in this direction. “Kaspersky is a private company, with no ties to the Russian government: even today we continue to guarantee the quality and integrity of our products.”