An Open Letter to Eugene Kaspersky

Dear Mr. Kaspersky,

You are, of course, one the most well-known IT security experts in the world. Your company, Kaspersky Lab, is one of the largest and most successful providers of a suite products that protect users against various forms of malware. It was with some interest then, that I attended your presentation at the University of Melbourne on May 25, 2011.

In that presentation you claimed that all major operating systems were equally susceptible to malware; I do not believe that even from a modicum of research that this is the case. You are, of course, a respected speaker on such matters and end-users will be prone to accept what you say as an authoritative speaker. Those of us who have some knowledge on the matters would ask that you provide some backing evidence to this assertion.

What I found more disconcerting however was your proposals to establish an "Internet passport" and owner registration of hardware, along with digital fingerprinting. You attempted to assure those present that this was not a 'big-brother' strategy, but rather simply providing another tool for police to catch cyber-criminals. This follows statements that you made in in 2009 during an interview with ZDNet Asia where commented: "Everyone should and must have an identification, or internet passport ... The internet was designed not for public use, but for American scientists and the US military. Then it was introduced to the public and it was introduce it in the same way." In other words, you are arguing that a certain class of individuals - those working for government agencies - should have unfettered access to the Internet whereas members of the public be subject to surveillance and should not have the right to anonymity.

It is a matter of fact that yours is not the only anti-malware suite available. I am certain that continuing attacks on anonymity is doing your company a grave disservice. Continuing to argue for the circumvention of those tools which provide liberty will eventually and inevitably result in a consumer boycott against those who advocate such arguments. You are possibly quite aware in particular how strong the contemporary "Internet generation" feel about matters of anonymity and their surprising capacity to engage in distributed concerted action to ridicule those who oppose it.

I urge you, in the strongest possible terms, to reconsider your position. Surely you are aware of how dissidents in some of the most authoritarian dictatorships in the world are reliant upon anonymity? The high reliance of social networking technologies for information and communication among those involved in the reforms in the Middle East and North Africa? I must confess that I find it very strange to raise the importance of anonymity and protection from State surveillance from a person who lived in the former Soviet Union. Your assumptions that governments will use Internet passports in a benevolent fashion is not one which any study of history gives much credibility to.

What you must realise is that both good people and bad people can take advantage of the Internet's features which allow for anonymous communication. Removing the innate technological capacity for such anonymity will simply mean that criminal identity theft will become a new market for existing cybercriminals to move in to, and one which they will do so with great success. By all means, please continue the excellent work on targetting the malware which effects users which may be propagated through anonymous means - but do not target the tools of anonymity itself.

Yours sincerely,

Lev Lafayette
May 28, 2011


Russian translation available here:

Translated into Russian