Security Experts:

Kaspersky Sues U.S. Government Over Product Ban

Kaspersky Lab has filed a lawsuit against the U.S. government in response to the decision of the Department of Homeland Security (DHS) to ban the use of the company’s products in federal agencies.

The Russia-based cybersecurity firm’s appeal, filed in the U.S. District Court for the District of Columbia, targets the DHS’s Binding Operational Directive 17-01, which the agency issued in mid-September. President Donald Trump reinforced the ban last week when he signed the National Defense Authorization Act for FY2018.

Kaspersky says the ban is unconstitutional as it infringes the company’s due process rights. Kaspersky believes the DHS should have given it the opportunity to view the information and contest it before the directive was issued.

The company’s lawsuit also alleges that the decision to prohibit its products in federal agencies is largely based on rumors and media reports citing anonymous sources. While some believe the U.S. government may have actual evidence that Kaspersky Lab has been aiding Russia’s espionage efforts, no proof has been presented and even some officials appear to base their accusations on news reports.

Kaspersky claims that it voluntarily reached out to the DHS in July and offered to assist with any investigation into the company and its products. While the agency seemed to appreciate the offer and promised to get it touch, it did not do so, and instead it issued the 17-01 directive, banning the company’s software and services without warning.

The security firm says that while only a relatively small percentage of its revenue comes from the U.S. government, the DHS’s actions have had a negative impact on sales in other sectors, in both the United States and other countries.

“Through Binding Operational Directive 17-01, DHS has harmed Kaspersky Lab’s reputation, negatively affected the livelihoods of its U.S.-based employees and U.S.-based business partners, and undermined the company’s contributions to the broader cybersecurity community,” said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab.

A majority of the accusations against Kaspersky Lab stem from its founder’s former ties to Russian intelligence. However, the CEO pointed out that most of the intelligence reports published by the company in the past years targeted Russian-speaking espionage groups.

In response to claims by U.S. officials that Kaspersky’s software is dangerous due to the deep level of access and privileges it requires, the Russian businessman highlighted that these capabilities are present in all security products and it’s unfair to single out his company without any evidence of wrongdoing.

“Dissuading consumers and businesses in the United States and abroad from using Kaspersky Lab products solely because of its geographic origins and without any credible evidence does not constitute a risk-based approach to cybersecurity and does little to address information security concerns related to government networks,” Eugene Kaspersky said.

Kaspersky has attempted to clear its name by launching a new transparency initiative that involves giving partners access to source code and paying significantly larger bug bounties for vulnerabilities found in the firm’s products.

Shortly after the DHS ban was announced in September, Eugene Kaspersky was invited to testify before Congress. The hearing was later rescheduled for October, but the cyber security tycoon did not receive an invitation.

*Updated to clarify that the September hearing was rescheduled for October and Eugene Kaspersky was not invited. The article incorrectly stated that the CEO was unable to travel to the US for the September hearing due to visa problems.

Related: Kaspersky in Focus as US-Russia Cyber-Tensions Rise

Related: Kaspersky Shares More Details on NSA Incident

view counter
Eduard Kovacs is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.