Kaspersky files injunction challenging government’s software ban

Kaspersky Lab filed an injunction in court on Wednesday in an attempt to block the Trump administration’s order that bans its products from being used on federal systems, after the government deemed that Kaspersky antivirus software posed a “security risk.”

The Department of Homeland Security (DHS) in September issued a directive that removed as well as banned software developed by the Moscow-based firm, citing concerns about the firm’s ties to the Russian government.

The company, which has repeatedly maintained that it operates independently of the Kremlin, argued that it did not receive proper notice about the order or a chance to contest the underlying evidence used to reach the ban decision. 

{mosads}

“DHS did not provide Plaintiffs prior notice of the [Binding Operational Directive (BOD)], nor a prior opportunity to contest the purported evidence underlying it,” the court document reads.

“Plaintiffs filed this action seeking rescission of the BOD, and now move for a preliminary injunction to stem the continuing significant damage to Kaspersky Lab’s reputation and the loss of sales resulting from the BOD,” it continued.

DHS said in September that the company’s software posed “information security risks” because they “provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.”

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” DHS said in its statement.

Agencies and departments had a December deadline to remove the Kaspersky products. The cybersecurity firm said the debarment has damaged their reputation, which has consequentially impacted their business.

DHS said their decision was based on information already available in the public view — like newspaper reports and congressional testimonies. Media reports have detailed at least one occasion in which the Russian intelligence apparatus used Kaspersky antivirus software to identify and then steal classified information.

The company, however, is challenging the bureau’s use of “open source” data, stating that they used “often anonymous, and uncorroborated media stories and other self-serving public statements” to reach its decision.

The department additionally said it gave Kaspersky the opportunity to address or mitigate the concerns raised in the directive through a written response, but the company said this process failed the minimum standards of due process.

“At the very least, the Fifth Amendment required DHS to give Plaintiffs notice and a meaningful opportunity to contest DHS’s ‘evidence’ before issuance of the BOD. No such notice or opportunity was afforded to Plaintiffs,” Kaspersky asserted, arguing that the debarment violated its “Fifth Amendment rights, by depriving Kaspersky Lab of a constitutionally protected liberty interest without due process of law.”

The company, which provides anti-virus software to more than 400 million customers worldwide, also captured the attention of Capitol Hill lawmakers last year after top intelligence officials told the Senate Intelligence Committee in May they would not be comfortable using Kaspersky software on their computer systems.

Kaspersky has repeatedly pushed back on the claim that they are tied to the Russian government, describing the U.S. government’s assertions as “completely unfounded” at the time of the DHS decision.

The Department of Justice declined to comment on the matter because the case is active.