Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Kaspersky Files New Lawsuit Over U.S. Government Software Ban

Kaspersky Lab has filed a new lawsuit over the U.S. government’s decision to ban its products in federal agencies, this time challenging the National Defense Authorization Act (NDAA).

Kaspersky Lab has filed a new lawsuit over the U.S. government’s decision to ban its products in federal agencies, this time challenging the National Defense Authorization Act (NDAA).

The NDAA for Fiscal Year 2018 was signed by President Donald Trump in mid-December and it reinforced the binding operational directive (BOD) issued by the Department of Homeland Security (DHS) in September, which ordered government agencies to stop using products from Kaspersky due to concerns regarding its ties to Russian intelligence.

Kaspersky filed a lawsuit to appeal the BOD on December 18, a few days after President Trump signed the NDAA. Last month, the security firm filed an injunction in an effort to expedite the appeal.

The government filed a response to the injunction earlier this month and Kaspersky responded this week with a new lawsuit that challenges the NDAA as a bill of attainder.

A bill of attainder is a legislative act that singles out an individual or group for punishment without a trial. Legislative bills of attainder are banned by the U.S. constitution.

“Kaspersky Lab has filed an action challenging the constitutionality of Section 1634 (a) and (b) of the National Defense Authorization Act for Fiscal Year 2018, which prohibits any federal entity from using the company’s hardware, software or services. Kaspersky Lab believes that these provisions violate the U.S. Constitution by specifically and unfairly singling out the company for legislative punishment, based on vague and unsubstantiated allegations without any basis in fact,” Kaspersky Lab stated.

“No evidence has been presented of any wrongdoing by the company, or of any misuse of its products. Kaspersky Lab is proven to be one of the world’s leading IT security companies, with a track record of uncovering malicious code and threat actors regardless of their origin or purpose,” the company added.

Kaspersky has attempted to clear its name by launching a new transparency initiative that involves giving partners access to source code and paying significantly larger bug bounties for vulnerabilities found in the firm’s products.

Advertisement. Scroll to continue reading.

It has also attempted to provide a logical explanation over accusations that its software had been exploited by Russian hackers to steal data belonging to the U.S. National Security Agency (NSA) from a contractor’s device.

Related: How Antivirus Software Can be the Perfect Spying Tool

Related: WikiLeaks Says CIA Impersonated Kaspersky Lab

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...