EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification

European Commission "not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products."
Written by Catalin Cimpanu, Contributor
Kaspersky Lab
Logo: Kaspersky Lab // Composition: ZDNet

In a document published today, the European Commission has revealed that they don't have any actual evidence of Kaspersky software being used for spying on behalf of the Russian government, as the US government alluded in 2017.

The document was the Commission's reply to a series of questions submitted by Gerolf Annemans, a European Parliament member on behalf of Belgium, in March this year.

The questions were related to a motion the European Parliament voted in June 2018 that put forward a general strategy and guidelines for an EU-wide joint plan on cyber defense. The document advised EU states to exclude and ban programs and equipment that have been "confirmed as malicious," naming Kaspersky as the only example.

2018 EU motion labeled Kaspersky as "confirmed as malicious"

The EU voted its motion at a time when the US had just banned the use of Kaspersky software on government systems on the premise that Kaspersky antivirus software had been used to steal sensitive documents from government computers.

The US government never backed up its claims but did the opposite by pressuring companies in the private US sector to stop using the Russian company's software.

A general red scare followed in the US, with Best Buy and Office Depot pulling Kaspersky products off their shelves and Twitter banning the company from advertising on its network.

The anti-Kaspersky panic spread across the pond to Europe, where the UK warned state agencies and private companies against using Kaspersky software on systems storing sensitive information, and the Dutch government deciding to phase out the use of Kaspersky products on government networks altogether.

Kaspersky denied all accusations of any wrongdoing and even opened a "Transparency Center" in Switzerland where European governments could come and inspect its source code, and where the company said it would store all data on European users, without sending it to its Russian servers.

Belgian MP asked for evidence

In his March 2019 letter to the European Commission, MP Annemans wanted to know on what grounds and what evidence the EU Parliament voted to recommend the banning of Kaspersky in June 2018, and why it classified the company as "confirmed as malicious," alluding that the EU might have gotten its facts from press articles instead of intelligence briefings.

Annemans cited reports authored by the German, French, and Belgium government which found no evidence of any wrongdoing on Kaspersky's side.

Almost a year after the EU recommended that national governments ban Kaspersky software, the Commission has now admitted its mistake.

"The Commission is not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products," a representative for the European Commission told Annemans in a reply dated April 12.

The EU letter, however, does not to repair Kaspersky's market share, which suffered considerably after the US government ban and the EU Parliament vote. However, it brings a sense of justice for the company.

Maybe following the publication of this formal acknowledgment that Kaspersky did nothing wrong, the Russian antivirus vendor might re-think its decision to withdraw from its once fruitful Europol partnership that led to the arrest of countless cyber-criminals, and which also spawned the NoMoreRansom project.

Speaking at the Kaspersky Security Analyst Summit this month, Eugene Kaspersky, the company's founder, said the US government ban made cybercriminals happy.

These were 2017's biggest hacks, leaks, and data breaches

More cybersecurity coverage:

Editorial standards