Russian anti-virus maker Kaspersky Lab is suing the U.S. government for its decision to ban the company’s software in federal agencies and departments, according to an open letter written by company founder Eugene Kaspersky.
Citing a lack of due process and insufficient evidence relating to the Department of Homeland Security’s Binding Operational Directive (BOD) 17-01, Kaspersky is claiming the U.S. government violated the Administrative Procedures Act and the Fifth Amendment. The Administrative Procedures Act controls how administrative agencies can propose and establish regulations, requiring organizations to provide “substantial evidence” for their decisions if questioned by a U.S. court.
In September, DHS ordered civilian agencies to remove Kaspersky Lab from their computers within 90 days via the directive. Although the process had been ongoing for some time, the ban was then codified into law last week when U.S. President Donald Trump signed the National Defense Authorization Act (NDAA).
The lawsuit represents Kaspersky Lab’s greatest effort to challenge allegations that the firm has acted as an intelligence collection tool for Russian spy agencies.
Over the last several months, multiple reports published by The Washington Post, Wall Street Journal, New York Times and CyberScoop, among others, documented Kaspersky Lab’s relations to the Kremlin. Citing unnamed former U.S. intelligence officials, The Washington Post and Wall Street Journal reported that Kaspersky Lab’s anti-virus engine was once leveraged to collect secret, classified documents from a former NSA employee’s personal computer.
Kaspersky Lab has consistently denied any improper relationship with Russian intelligence.
While Kaspersky Lab has downplayed the financial impact of the BOD on its business, court documents and a public letter mention that “reputational and commercial” damages were caused by the regulation.
“Kaspersky Lab hopes to protect its rights under the U.S. Constitution and U.S. federal law, receive adequate due process, and repair the reputational and commercial damage caused by Binding Operational Directive 17-01,” Kaspersky wrote. “DHS has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company.”
Although it’s not clear why, Kaspersky’s letter also disclosed personal communication between the company and senior DHS official Jeanette Manfra, who had responded to the company’s initial request for information regarding the ban. Kaspersky Lab claims the department declined to engage in a subsequent conversation where the company could have provided evidence to counter press reports.
“DHS confirmed receipt of Kaspersky Lab’s letter in mid-August, appreciating the company’s offer to provide said information and expressing interest in future communications with the company regarding this matter,” Mr. Kaspersky stated. “Kaspersky Lab believed in good faith that DHS would take the company up on its offer to engage on these issues and hear from the company before taking any adverse action. However, there was no subsequent communication from DHS to Kaspersky Lab until the notification regarding the issuance of Binding Operational Directive 17-01 on September 13, 2017.”
Documents filed in the U.S. District Court for the District of Columbia concerning Kaspersky Lab’s lawsuit can be viewed below: