Kaspersky Lab Sues U.S. Department Of Homeland Security Over Government Sales Ban
Kaspersky Lab filed a lawsuit Monday challenging the Trump administration's ban on the use of the company's cybersecurity software within federal agencies.
The Moscow-based company alleges that the U.S. Department of Homeland Security's decision is unconstitutional and relied on subjective, non-technical sources such as uncorroborated media reports, repeated claims and rumors. DHS further failed to provide Kaspersky with adequate due process to rebut the allegations, and hasn't produced any evidence of wrongdoing, according to the company.
"DHS has harmed Kaspersky Lab's reputation, negatively affected the livelihoods of its U.S.-based employees and U.S.-based business partners, and undermined the company's contributions to the broader cybersecurity community," wrote CEO Eugene Kaspersky in an open letter posted Monday.
The Department of Homeland Security didn't immediately respond to requests for comment on Kaspersky's lawsuit.
Kaspersky said it reached out to DHS in July and offered to provide information and assurance concerning the company, its operations, and its products. DHS acknowledged receipt of Kaspersky's letter in August, the company said, but took no further action until issuing a directive in September stipulating that civilian federal government agencies remove Kaspersky's software within 90 days.
Although Kaspersky was allowed to initiate a review of the directive, Eugene Kaspersky said the procedure didn't afford the company due process under U.S. law since Kaspersky didn't have the opportunity before the directive was issued to see and contest the information which the DHS had been relying on.
"Genuine due process provides you with the opportunity to defend yourself and see the evidence against you before action is taken; it doesn't ask you to respond once action is already underway," Eugene Kaspersky said in the open letter.
Last week, President Trump signed a broader defense policy spending bill that bans Kaspersky's software from both civilian and military networks. The legislation came after months of pushback against Kaspersky over alleged ties to the Russian government, which the company has vehemently denied.
"Dissuading consumers and businesses in the United States and abroad from using Kaspersky Lab products solely because of its geographic origins and without any credible evidence … does little to address information security concerns related to government networks," Eugene Kaspersky said.
Kaspersky alleges that the DHS's actions have damaged the company's reputation in the IT security industry, as well as its sales in the United States. Kaspersky announced earlier this month that the company would shut its Arlington, Va.-based office due to the U.S. government's sales ban.
Although only a relatively small percentage of Kaspersky's U.S. revenue comes from software licenses held by federal government entities, Eugene Kaspersky said that DHS's actions have had a "disproportionate and unwarranted" negative impact on the company's consumer, commercial, state and local, and education business interests in the United States and globally.
"[Kaspersky's] presence in Russia and the CIS [former Soviet Republic] region, its technical knowhow, and its linguistic expertise uniquely position the company to advance the fight against malware and protect its customers from cyber threats," said Eugene Kaspersky in the open letter.
Having a presence in and around Russia has enabled Kaspersky to share cyber threat information and vulnerability research with various U.S. government entities focused on cybersecurity, including agencies within the DHS, according to Eugene Kaspersky.
The company said in November that an internal investigation found its servers received confidential National Security Agency files from an employee's computer. However, Kaspersky said that had happened as part of an investigation into malicious code on the machine and wasn't a result of cooperation with Russia.
CEO Eugene Kaspersky ordered that the classified data be deleted from the computer, the company said at the time.