Kaspersky
Solved

PRIVACY: Does Switzerland require Kaspersky to maintain "Log Files" of each customer using Kaspersky VPN?

  • 3 October 2021
  • 8 replies
  • 199 views

Some VPN services boast that they do not maintain “log files” detailing which of their customers logged in and who they connected to.  Personally, as an AMERICAN, I was happier when Kaspersky was based in Moscow, because at least then one could be confident that an American FBI subpoena would be ignored, even if Kaspersky VPN maintained log files.  I also use Swiss based Protonmail.  Today I hear that the American FBI has subpoenaed the metadata of 200,000 American users from Proton mail ….  If a Swiss court agrees, then Proton mail will fulfill the FBI’s request.  THE NEXT STEP of the FBI will be to subpoena the Swiss log files of Kaspersky VPN.  WHAT IS KASPERSKY GOING TO DO ABOUT THAT?  If a Swiss court orders Kaspersky to comply with the request… DO YOU HAVE VPN LOG FILES AND ARE YOU GOING TO TURN THEM OVER AND ARE YOU GOING TO TELL US THAT YOU DID?????????????????????

icon

Best answer by Danila T. 7 October 2021, 13:09

View original

This topic has been closed for comments

8 replies

Userlevel 7
Badge +11
  1. Do you have any VPN log files & are you going to turn them over & are you going to tell us that you did?

Hello @DallasMike56

Welcome!

  1. Please contact Kaspersky Data Protection Officer
  2. Kaspersky does not capture VPN log files, unless you’ve requested assistance from Kaspersky Technical Support & the team have requested logs, traces & other data; this would normally be if the Technical Support team was helping you troubleshoot a technical issue. 
  3. VPN use must comply with local legislation. 

You may also like to read: 

KASPERSKY LAB PRIVACY POLICY → YOUR RIGHTS AND YOUR PERSONAL DATA AND HOW TO EXERCISE THEM.

Application usage restriction

Data provision under the End User License Agreement

Data provision under the End User License Agreement on the territory of the European Union, the United Kingdom, Brazil, or by California residents

Data provision during application activation

Data provision during connecting to My Kaspersky

Data provision to Kaspersky Security Network

Saving data to the application operation report

About using the application in the European Union, the United Kingdom, Brazil, or by California residents

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 7
Badge +9

How can nonexistent VPN logs be requested :thinking:


“Why Switzerland?

We chose this location for two reasons. First, Switzerland has maintained its policy of neutrality for two centuries. Second, the country has strong data protection legislation. We believe these two qualities make Switzerland the perfect place to move part of our sensitive infrastructure.”

Well, Berny, it would be great if VPN logs were ALWAYS nonexistent.  However, based upon the reply I received from Kaspersky Technical Support, apparently VPN logs ARE sometimes kept.  One supposes that if they can be kept at the behest of Tech Support, they can be kept at the request of a Swiss court too.  Often law enforcement agencies insist that their snooping be kept private, and that those subject to surveillance NOT be informed.   Many VPN providers prefer to not tell their customers this unpleasant fact, as it severely undercuts the rationale for purchasing a VPN in the first place.  

 I would suspect that Kaspersky must comply with Swiss law, of course.  My question is (not in any specific case, but just generally)  has Kaspersky VPN EVER been required by Swiss law enforcement to maintain VPN logs and turn them over?  How often does this occur?  Are you allowed to inform your customers, specifically, that they are under surveillance?  Surely, you can inform us (the customers) whether GENERALLY these legal requirements are something Kaspersky VPN is subject to?

To reiterate my initial point as an American… I WISH KASPERSKY WERE STILL BASED IN MOSCOW.  At least then you wouldn’t potentially be subject to the American FBI attempting to surveil 200,000 Americans via requests to Swiss courts, as they are attempting to do RIGHT NOW with Proton Mail.

Userlevel 7
Badge +11

@DallasMike56

Thank you for posting back. 

As we said in our first reply & as Kaspersky Technical Support have already confirmed to you: Kaspersky does not capture VPN log files, unless you’ve requested assistance from Kaspersky Technical Support & the team have requested logs, traces & other data; this would normally be if the Technical Support team was helping you troubleshoot a technical issue

Those logs are provided to Kaspersky with your consent.

Why would you need to be told, when you’ve consented to providing the data & have provided the data to the technical team?  

  • The DPO can also be reached by post at: Kaspersky Labs GmbH, Ingolstadt, Despag-Strasse 3, 85055, Germany, or email at: dpo@kaspersky.com. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Ah well, Mr. Flood, I may be having difficulty getting my question across clearly.

  1. I understand that Kaspersky VPN does not routinely keep log files
  2. I understand that Kaspersky VPN tech support WILL keep log files upon request, and clearly there is no need for Kaspersky VPN tech support to notify the customer in this case, as the log files were kept upon that same customer’s request, BUT !!!
  3. THE QUESTION IS:  WILL AND DOES KASPERSKY VPN ALSO ON OCCASION KEEP VPN LOG FILES WITHOUT NOTIFYING THE CUSTOMER BY THE ORDER OF A SWISS COURT????

Note that VPN providers in every part of the world ARE REQUIRED to follow the local law where they are located, and in this Kaspersky in Switzerland is no different than any other VPN provider, even given the reasonably good privacy laws of Switzerland.  The question is NOT whether a Swiss court can order Kaspersky VPN to maintain a log file -- because a Swiss court clearly can.  Now such a court order can’t make log files from the past magically appear -- if they were never kept, they can’t be pulled out of thin air.  But it CAN affect things going forward.  And in the good ole USA, for example, a VPN provider can be forced by the US government to A) BEGIN keeping logs of particular customers, and B) NEVER TELL THE CUSTOMER THAT SUCH LOGS ARE BEING KEPT.

One hopes Switzerland is less totalitarian than the US.  And, if not, you clearly couldn’t answer the question anyway.  BUT… just perhaps, NOT in a specific case, but generally, the following question could be answered:

HAS KASPERSKY VPN EVER BEEN ORDERED BY A SWISS COURT TO MAINTAIN A VPN LOG FILE?

 

 

Userlevel 7
Badge +11

Hello @DallasMike56

Thank you for the information.

Rest assured we’ve read everything you’ve written.

The Kaspersky Community cannot answer your generic questions, beyond the advice already given. 

OTOH, the Kaspersky Data Protection Officer, who’s role is specifically designed to manage all privacy concerns, may be able to assist, please contact them. 

Note, to protect all Kaspersky customer’s privacy, (ioo), we very much doubt, if the DPO, or any Kaspersky employee, would tell you if Kaspersky has ever been ordered by a Swiss court, to maintain a VPN log file. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 7
Badge +9

@DallasMike56 

Please continue with Kaspersky HQ, I amicably close this Topic

Userlevel 7
Badge +7

Hello @DallasMike56 !

 

HAS KASPERSKY VPN EVER BEEN ORDERED BY A SWISS COURT TO MAINTAIN A VPN LOG FILE?

 

No. Kaspersky has not received any requests from law enforcement or government agencies regarding the Kaspersky VPN service.

 

Kaspersky provides the VPN servers together with its trusted partner, the Pango software company, and both Kaspersky and Pango do not log online user activity. In addition to this, users’ IP addresses do not exist when the VPN session is closed, nor are they logged. Our cooperation with the Pango is based on the data protection agreement. Further information about how the Kaspersky VPN Secure Connection processes users’ data can be found here.

 

However, if we receive law enforcement or government requests in the future, we will process them in accordance with our policy, meaning that all external requests go through a mandatory legal verification as a first step to ensure the security and privacy of our users as well as compliance of the company with the applicable national and international laws. More information about our policy can be found here.