Security Experts:

Kaspersky's U.S. Government Ban Upheld by Appeals Court

The U.S. government’s ban on software made by Russia-based cybersecurity firm Kaspersky Lab remains in place, a federal appeals court in Washington, DC, ruled on Friday.

The court said Kaspersky had failed to demonstrate that the ban was an unconstitutional legislative punishment.

“Kaspersky failed to adequately allege that Congress enacted a bill of attainder. The court noted the nonpunitive interest at stake: the security of the federal government’s information systems. The law is prophylactic, not punitive,” the appeals court said in its ruling. “While Kaspersky is not the only possible gap in the federal computer system’s defenses, Congress had ample evidence that Kaspersky posed the most urgent potential threat and Congress has “sufficient latitude to choose among competing policy alternatives.” Though costly to Kaspersky, the decision falls far short of “the historical meaning of legislative punishment.” Relying just on the legislative record, Kaspersky’s complaint fails to plausibly allege that the motivation behind the law was punitive.”

Kaspersky’s appeal against the US government ban rejected

In September 2017, the U.S. Department of Homeland Security (DHS) issued bindingoperational directive BOD 17-01, ordering government departments and agencies to stop using products from Kaspersky Lab due to concerns about the company’s ties to Russian intelligence. The ban was reinforced a few months later when President Donald Trump signed the National Defense Authorization Act (NDAA) for FY2018.

Kaspersky filed a lawsuit in mid-December 2017, arguing that the ban is unconstitutional and that the company should have been given the opportunity to respond before the DHS’s directive was issued.

In January 2018, the company filed an injunction in an effort to expedite the appeal and in February it filed a new lawsuit challenging the NDAA.

A Washington judge rejected both lawsuits in May, saying that the government had a right to institute the ban in order to protect its systems. The judge argued that the ban does not inflict punishment on Kaspersky.

The security company filed an appeal shortly after and that appeal has now been rejected as well.

“The DC Circuit Court’s decision is disappointing, but the events of the past year that culminated in this decision were almost expected, and not just by our company, but by the cybersecurity industry in general,” said Eugene Kaspersky, founder and CEO of Kaspersky Lab.

“We’re sure that the issues involved in our litigation go far beyond technical aspects of US constitutional law; they include real-world problems concerning everyone: a progression of protectionism and balkanization in a world of understated cyberrivalry and highly sophisticated international cyberthreats.”

“Regardless of whether we decide to pursue further legal action in response to today’s decision from the DC Circuit Court, we’ll remain committed to providing the best cybersecurity solutions for our customers globally and saving the world from cyberthreats,” he added.

Kaspersky Lab recently launched a Transparency Center in Switzerland as part of its Global Transparency Initiative, whose goal is to maintain and regain trust.

Kaspersky has been having problems in Europe as well, with the European Parliament, Lithuania, the Netherlands, and the UK either banning the company’s products or recommending against their use.

Related: Twitter Bans Ads From Kaspersky Lab

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.