Kaspersky Lab Files Lawsuit Over DHS Ban of its Products

Security firm petitions US District Court to rescind decision to prohibit its products on US federal government systems.

Dark Reading logo in a gray background | Dark Reading

Kaspersky Lab is fighting back against the Trump administration's recent ban of its security products in agency networks with a lawsuit filed today in US District Court for the District of Columbia (DC).

The Moscow-based security company is seeking the appeal of US Department of Homeland Security's September 13 Binding Operational Directive 17-01 that banned federal agencies from using Kaspersky Lab security products on their systems. The DHS policy prohibiting the use of Kaspersky Lab software came in the wake of concerns about potential ties between officials at Kaspersky Lab and Russian intelligence agenices, and required federal agencies running Kaspersky software to remove it.

Eugene Kaspersky, CEO of Kaspersky, said in an open letter today that DHS's directive violated his company's rights and constitutional due process, and harmed its revenue and reputation, so legal action was merited. He also called out "rumors" and media reports.

"The company did not undertake this action lightly, but maintains that DHS failed to provide Kaspersky Lab with adequate due process and relied primarily on subjective, non-technical public sources like uncorroborated and often anonymously sourced media reports and rumors in issuing and finalizing the Directive," he wrote. "DHS has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company. Therefore, it is in Kaspersky Lab’s interest to defend itself in this matter."

Kaspersky Lab argued its case under the Administrative Procedure Act.

Eugene Kaspersky noted that his company contacted DHS in mid-July to discuss any concerns with the company or its products, but the agency did not follow up on the company's offer to discuss its concerns.

"DHS confirmed receipt of Kaspersky Lab’s letter in mid-August, appreciating the company’s offer to provide said information and expressing interest in future communications with the company regarding this matter. Kaspersky Lab believed in good faith that DHS would take the company up on its offer to engage on these issues and hear from the company before taking any adverse action," the CEO said in the open letter. "However, there was no subsequent communication from DHS to Kaspersky Lab until the notification regarding the issuance of Binding Operational Directive 17-01 on September 13, 2017."

DHS in its decision to blacklist Kaspersky Lab software cited its concerns of Russian law requiring companies to cooperate with its intelligence agencies.

"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks," the Department of Homeland Security stated in its ban decision. "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security." 

According to the firm, it is calling for its due process and "repair the harm caused to its commercial operations, its U.S.-based employees, and its U.S.-based business partners."  

"Because Kaspersky Lab has not been provided a fair opportunity in regards to the allegations and no technical evidence has been produced to validate DHS's actions, it is in the company's interests to defend itself in this matter. Regardless of the DHS decision, we will continue to do what really matters: make the world safer from cybercrime," Eugene Kaspersky said in a statement.

Related Content:

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights