Two weeks ago, Wired Magazine ran an article by Noah Shachtman: Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals.
The long and detailed article sparked a response from Kaspersky on his blog: What Wired Is Not Telling You – a Response to Noah Shachtman’s Article in Wired Magazine.
And then Shachtman responded to Kaspersky's response: Kaspersky Denies Kremlin Ties, Compares Himself to Indiana Jones.
It's all powerfully-worded stuff, and very interesting to read.
The Wired article draws attention to the increasingly-powerful role that security-related software companies play in modern life:
What is mentioned is Kaspersky’s vision for the future of Internet security—which by Western standards can seem extreme. It includes requiring strictly monitored digital passports for some online activities and enabling government regulation of social networks to thwart protest movements. “It’s too much freedom there,” Kaspersky says, referring to sites like Facebook. “Freedom is good. But the bad guys—they can abuse this freedom to manipulate public opinion.”As Kaspersky himself points out, his company is not the only one with such ties:
These are not exactly comforting words from a man who is responsible for the security of so many of our PCs, tablets, and smartphones. But that is the paradox of Eugene Kaspersky: a close associate of the autocratic Putin regime who is charged with safeguarding the data of millions of Americans; a supposedly-retired intelligence officer who is busy today revealing the covert activities of other nations; a vital presence in the open and free Internet who doesn’t want us to be too free. It’s an enigmatic profile that’s on the rise as Kaspersky’s influence grows.
All three of the world’s leading security companies – Symantec, McAfee/Intel, and Kaspersky Lab – work with law enforcement bodies worldwide to help fight cyber-crime. The ITU, CET, FBI, FSB, U.S. Secret Service… we all have a duty to help them solve criminal cases.
As a number of commenters have observed, it's certainly not necessarily a bad thing that Kaspersky's company is headquartered outside the U.S.A., and has at least some independence from the ever-increasing invasive measures that the U.S. government has been imposing.
We should give Kaspersky Labs credit for their ongoing work to educate the world about the complexities of software security, and for revealing and sharing information about complex malware like Stuxnet and Flame.
But we should also pay attention to the concerns that Shachtman and Wired raise, about the increasing power of companies like Kaspersky, Symantec, RSA, etc., and about the close relationship that people at these companies have with the so-called "military-industrial complex".
Hard issues, hard discussion; to my mind, that's how it should be.