Bits of Freedom is an international coalition of civil rights organizations and security experts who has recently published an open letter (https://www.bof.nl/live/wp-content/uploads/Letter-to-antivirus-companies-.pdf) where they ask antivirus companies for transparency and ask 4 direct questions. To address their concern, which we believe is also shared by many citizens, we want to answer this questions here:
1. Have you ever detected the use of software by any government (or state actor) for the purpose of surveillance
Yes. Our main goal is to protect users by stopping any infection attempt, and doing that we stop thousands of Trojan attacks on a daily basis. We stop all of them based on the morphology and behaviour of the malware involved, whoever is behind them is not taken into account in order to stop them.
2. Have you ever been approached with a request by a government, requesting that the presence of specific software is not detected, or if detected, not notified to the user of your software? And if so, could you provide information on the legal basis of this request, the specific kind of software you were supposed to allow and the period of time which you were supposed to allow this use?
No.
3. Have you ever granted such a request? If so, could you provide the same information as in the point mentioned above and the considerations which led to the decision to comply with the request from the government?
No.
4. Could you clarify how you would respond to such a request in the future?
We would not comply with such a request. We do detect malware based on technical factors, nothing else. Any government is free to ask for a specific piece of malware not being detected, in the same way that we are free to ignore their requests and protect our users against any malware, whoever the cybercriminal and/or government is behind it.
Luis Corrons
PandaLabs Technical Director
Panda Security