The Justice Department filed motions in district court Monday to dismiss two lawsuits brought by Russian cybersecurity and anti-virus provider Kaspersky Lab. It is the latest move in a protracted legal battle.
All U.S. federal agencies have been prohibited from using any hardware, software, or devices developed by Moscow-based Kaspersky, following President Donald Trump’s signing of the annual National Defense Authorization Act (NDAA) on Dec. 12, 2017.
Kaspersky claims that by prohibiting the use of its products, Congress has violated the Bill of Attainder Clause of the Constitution, which prohibits the singling out of a private entity for punishment without sufficient evidence of wrongdoing. But in the motion filed by Assistant Attorney General Chad Readler, the Justice Department argues that Kaspersky has neglected to consider the weeks of congressional meetings and debates that preceded the decision to prohibit the company’s products.
Lawmakers have had concerns about Kaspersky since at least April 2017, when the Senate Intelligence Committee ordered an investigation of the company’s ties to the Russian government, and former CIA Director Mike Pompeo acknowledged the agency’s involvement in the matter “at the director level.”
“By the time this legislation reached the floor, there was broad agreement among lawmakers and cybersecurity officials in the executive branch that the security risks posed by the use of Kaspersky products and services were intolerably high, and strong bipartisan support for taking preventive action against those risks,” the motion reads.
The Justice Department also argues that Congress acted out of national security concerns in prohibiting Kaspersky products. “Antivirus software needs unfettered file access to scan for malicious code, and updates are critical to ensure the software keeps apace with new and evolving threats,” the motion states.
The same access that allows anti-virus programs to protect computer systems can also be used maliciously. “The powerful features and elevated privileges that make antivirus software effective make it a tempting attack platform for intelligence services and dangerous if its access and privileges are exploited,” the motion continued.
Because Kaspersky is headquartered in Moscow, and keeps its servers there, the risk of the Russian government’s influence over the company is high, some cybersecurity and U.S. intelligence officials claim. These experts fear that Russian intelligence could use the company’s anti-virus program as a platform for targeted espionage.
A second motion filed by the Justice Department Monday seeks to dismiss a similar lawsuit by Kaspersky challenging the Department of Homeland Security’s own ban on their products. The DHS ban is more limited than the NDAA measure as it is only applicable to the anti-virus product within civilian agencies.
DHS ordered agencies to wipe Kaspersky from their systems in September 2017 through a Binding Operational Directive (BOD).
If a dismissal of the court case were to occur, it would mean that neither Kaspersky nor U.S. government employees would be called to testify. This would be seen as a win by the Justice Department, who is looking to avoid disclosing any sources or methods for how they learned about the alleged risks associated with Kaspersky Lab.
Kaspersky Lab has consistently denied any wrongdoing.