Security Experts:

Connect with us

Hi, what are you looking for?



Kaspersky’s U.S. Government Ban Upheld by Appeals Court

The U.S. government’s ban on software made by Russia-based cybersecurity firm Kaspersky Lab remains in place, a federal appeals court in Washington, DC, ruled on Friday.

The court said Kaspersky had failed to demonstrate that the ban was an unconstitutional legislative punishment.

The U.S. government’s ban on software made by Russia-based cybersecurity firm Kaspersky Lab remains in place, a federal appeals court in Washington, DC, ruled on Friday.

The court said Kaspersky had failed to demonstrate that the ban was an unconstitutional legislative punishment.

“Kaspersky failed to adequately allege that Congress enacted a bill of attainder. The court noted the nonpunitive interest at stake: the security of the federal government’s information systems. The law is prophylactic, not punitive,” the appeals court said in its ruling. “While Kaspersky is not the only possible gap in the federal computer system’s defenses, Congress had ample evidence that Kaspersky posed the most urgent potential threat and Congress has “sufficient latitude to choose among competing policy alternatives.” Though costly to Kaspersky, the decision falls far short of “the historical meaning of legislative punishment.” Relying just on the legislative record, Kaspersky’s complaint fails to plausibly allege that the motivation behind the law was punitive.”

Kaspersky’s appeal against the US government ban rejected

In September 2017, the U.S. Department of Homeland Security (DHS) issued bindingoperational directive BOD 17-01, ordering government departments and agencies to stop using products from Kaspersky Lab due to concerns about the company’s ties to Russian intelligence. The ban was reinforced a few months later when President Donald Trump signed the National Defense Authorization Act (NDAA) for FY2018.

Kaspersky filed a lawsuit in mid-December 2017, arguing that the ban is unconstitutional and that the company should have been given the opportunity to respond before the DHS’s directive was issued.

In January 2018, the company filed an injunction in an effort to expedite the appeal and in February it filed a new lawsuit challenging the NDAA.

A Washington judge rejected both lawsuits in May, saying that the government had a right to institute the ban in order to protect its systems. The judge argued that the ban does not inflict punishment on Kaspersky.

The security company filed an appeal shortly after and that appeal has now been rejected as well.

“The DC Circuit Court’s decision is disappointing, but the events of the past year that culminated in this decision were almost expected, and not just by our company, but by the cybersecurity industry in general,” said Eugene Kaspersky, founder and CEO of Kaspersky Lab.

“We’re sure that the issues involved in our litigation go far beyond technical aspects of US constitutional law; they include real-world problems concerning everyone: a progression of protectionism and balkanization in a world of understated cyberrivalry and highly sophisticated international cyberthreats.”

“Regardless of whether we decide to pursue further legal action in response to today’s decision from the DC Circuit Court, we’ll remain committed to providing the best cybersecurity solutions for our customers globally and saving the world from cyberthreats,” he added.

Kaspersky Lab recently launched a Transparency Center in Switzerland as part of its Global Transparency Initiative, whose goal is to maintain and regain trust.

Kaspersky has been having problems in Europe as well, with the European Parliament, Lithuania, the Netherlands, and the UK either banning the company’s products or recommending against their use.

Related: Twitter Bans Ads From Kaspersky Lab

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.