Kaspersky Lab has upped its legal fight with the U.S. government, filing another lawsuit related to a ban against its products tucked within the 2018 National Defense Authorization Act.
Based on court documents filed Monday in U.S. District Court for the District of Columbia, the Russian company says the ban is unconstitutional. Kaspersky’s lawyers say that under the Constitution’s Bill of Attainder Clause, Congress is forbidden “from enacting laws which impose individualized deprivations of life, liberty, and property and inflict punishment on individuals and corporations without a judicial trial.”
The 2018 NDAA instituted a government-wide ban on use of Kaspersky products. Signed by President Donald Trump in December, the ban would go into place on Oct. 1, 2018.
“Kaspersky Lab believes that these provisions violate the U.S. Constitution by specifically and unfairly singling out the company for legislative punishment, based on vague and unsubstantiated allegations without any basis in fact,” the company said in a statement sent to CyberScoop. “No evidence has been presented of any wrongdoing by the company, or of any misuse of its products … We continue to offer our full cooperation to government agencies and others with cybersecurity concerns collaboratively and openly through our Global Transparency Initiative.”
The move comes after Kaspersky Lab separately challenged the Department of Homeland Security in court over a Binding Operational Directive (BOD) that specifically banned the use of Kaspersky Lab’s anti-virus engine in civilian agencies due to national security concerns. Most recently, the company requested an injunction in court, which seeks to postpone DHS’s ongoing efforts to push Kaspersky Lab’s software out of government.
In comparison to the NDAA, the BOD was independently instituted by DHS through different authorities which are arguably more easily challengeable in court.
Some in the government have argued that Kaspersky’s decision to dispute the BOD appeared to be unwarranted, given the superseding impact of the NDAA. With Monday’s filing, the company has shown a willingness to buck the governments’ entire legal argument. By suing the government writ large, Kaspersky is calling out whether the U.S. Constitution allows for Congress to base laws on incidents for which the company claims there is insufficient, publicly available evidence to back up.
The Washington Post, New York Times and Wall Street Journal have all reported in recent months, citing anonymous U.S. intelligence officials, that Russian intelligence agencies have leveraged Kaspersky Lab’s anti-virus engine to remotely steal confidential intelligence documents from targeted computers where the software is already installed.
Lawmakers and senior Trump administration officials say Kaspersky Lab poses national security risks to American businesses and government agencies.
Over the last year, the FBI has organized confidential briefings for private U.S. technology companies and critical infrastructure providers in order to turn them away from using on Kaspersky software.
Kaspersky’s full complaint is below.