Kaspersky Lawsuits Seeking to End Government Ban DismissedJudge Rejects Russian Firm's Argument That It Was Unfairly Treated
Russian software firm Kaspersky Lab has been dealt a setback in its effort to overcome the U.S. government's ban on use of the firm's anti-virus software on federal systems.
See Also: Splunk Predictions 2020
A federal judge on Wednesday dismissed the firm's two lawsuits seeking to have the ban lifted. In her ruling, Judge Colleen Kollar-Kotelly says the government's action does not inflict punishment on Kaspersky Lab. "It eliminates a perceived risk to the nation's cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation," she writes.
In its lawsuits, Kaspersky Lab alleged that it has been denied due process - meaning fair treatment, including the right to see charges against it and have a hearing before an impartial judge - and that the company's reputation, as well as the reputation of its U.S.-based employees and business partners, has been damaged by the U.S. government's unproven allegations.
In her ruling, Kollar-Kotelly writes: "The United States government's networks and computer systems are extremely important strategic national assets. Threats to these systems are constantly expanding and evolving. Their security depends on the government's ability to act swiftly against perceived threats and to take preventive action to minimize vulnerabilities. These defensive actions may very well have adverse consequences for some third parties. But that does not make them unconstitutional."
In a statement reacting to the judge's ruling, the Russian company says: "Kaspersky Lab is disappointed with the court's decisions on its constitutional challenges to the U.S. government prohibitions on the use of its products and services by federal agencies. We will vigorously pursue our appeal rights."
Federal Actions Challenged
The lawsuits challenged the Department of Homeland Security's Binding Operational Directive 17-01, published in a Sept. 19 Federal Register notice, which required all federal government agencies to develop and begin implementing a plan to expunge all "information security products, solutions and services supplied directly or indirectly" by Kaspersky Lab or related entities from federal government systems (see Kaspersky Software Ordered Removed From US Government Computers).
In addition to that directive, President Donald Trump in December signed a military bill into law that included a provision prohibiting all civilian and military agencies from using software products from Kaspersky Lab (see New Law Bans Kaspersky AV Software From Federal Computers).
In early May, Sen Jeanne Shaheen, D-N.H., confirmed that Kaspersky Lab anti-virus software had been scrubbed from all federal government computer systems, NextGov reports.
When announcing the directive that bans Kaspersky Lab software from federal systems, officials voiced concerns that Kaspersky Lab has inappropriate ties to Russian intelligence and other government operations, that Russian law allows intelligence agencies to compel the company to assist it and that Russian intelligence agencies might eavesdrop or intercept information collected by the company.
Another concern: "Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems," DHS said in a statement.
Officials have also cited the fact that Eugene Kaspersky graduated from a cryptography institute run by the Soviet Union's KGB - as cause for concern.
But Kaspersky and his firm have continued to deny any improper behavior, saying they would never help "any government in the world with its cyber espionage efforts."
And many security experts say that technically, all anti-virus software must have deep access to systems, and that politically, concerns about ties between intelligence agencies and domestic cybersecurity vendors could apply to vendors from any country (see Surveying 17 Anti-Virus Firms on Their Security Practice).
The Department of Homeland Security, in a statement, said it was pleased with the court's decision and "will continue to do everything in our power, working with federal agencies, to safeguard the government's information systems and networks," according to NextGov.