Kaspersky Lab is fighting back against the Trump administration's recent ban of its security products in agency networks with a lawsuit filed today in US District Court for the District of Columbia (DC).
The Moscow-based security company is seeking the appeal of US Department of Homeland Security's September 13 Binding Operational Directive 17-01 that banned federal agencies from using Kaspersky Lab security products on their systems. The DHS policy prohibiting the use of Kaspersky Lab software came in the wake of concerns about potential ties between officials at Kaspersky Lab and Russian intelligence agenices, and required federal agencies running Kaspersky software to remove it.
Eugene Kaspersky, CEO of Kaspersky, said in an open letter today that DHS's directive violated his company's rights and constitutional due process, and harmed its revenue and reputation, so legal action was merited. He also called out "rumors" and media reports.
"The company did not undertake this action lightly, but maintains that DHS failed to provide Kaspersky Lab with adequate due process and relied primarily on subjective, non-technical public sources like uncorroborated and often anonymously sourced media reports and rumors in issuing and finalizing the Directive," he wrote. "DHS has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company. Therefore, it is in Kaspersky Lab’s interest to defend itself in this matter."
Kaspersky Lab argued its case under the Administrative Procedure Act.
Eugene Kaspersky noted that his company contacted DHS in mid-July to discuss any concerns with the company or its products, but the agency did not follow up on the company's offer to discuss its concerns.
"DHS confirmed receipt of Kaspersky Lab’s letter in mid-August, appreciating the company’s offer to provide said information and expressing interest in future communications with the company regarding this matter. Kaspersky Lab believed in good faith that DHS would take the company up on its offer to engage on these issues and hear from the company before taking any adverse action," the CEO said in the open letter. "However, there was no subsequent communication from DHS to Kaspersky Lab until the notification regarding the issuance of Binding Operational Directive 17-01 on September 13, 2017."
DHS in its decision to blacklist Kaspersky Lab software cited its concerns of Russian law requiring companies to cooperate with its intelligence agencies.
"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks," the Department of Homeland Security stated in its ban decision. "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security."
According to the firm, it is calling for its due process and "repair the harm caused to its commercial operations, its U.S.-based employees, and its U.S.-based business partners."
"Because Kaspersky Lab has not been provided a fair opportunity in regards to the allegations and no technical evidence has been produced to validate DHS's actions, it is in the company's interests to defend itself in this matter. Regardless of the DHS decision, we will continue to do what really matters: make the world safer from cybercrime," Eugene Kaspersky said in a statement.