Two lawsuits filed by the Russian cybersecurity firm Kaspersky Lab were dismissed Wednesday, ending the Moscow-based company’s attempt to lift the U.S. government’s ban on its products.
Kaspersky filed the lawsuits after its products were banned from U.S. government systems in both a Binding Operational Directive from the Department of Homeland Security and the 2018 National Defense Authorization Act. That ban goes into effect on Oct. 1, 2018.
“The NDAA does not inflict ‘punishment’ on Kaspersky Lab,” Colleen Kollar-Kotelly, U.S. District Judge for the District of Columbia, wrote in her opinion. “It eliminates a perceived risk to the nation’s cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation.”
A Kaspersky spokesperson said they would pursue an appeal.
“Kaspersky Lab is disappointed with the Court’s decisions on its constitutional challenges to the U.S. Government prohibitions on the use of its products and services by federal agencies,” the spokesperson said. “We will vigorously pursue our appeal rights.”
The basis of Kaspersky’s lawsuit was that the bans were unconstitutional and caused undue harm to the company. The judge disagreed with that assertion.
“These defensive actions may very well have adverse consequences for some third-parties,” she wrote. “But that does not make them unconstitutional.”
Kollar-Kotelly said that “theoretical harm” to Kaspersky’s reputation is “‘too vague and unsubstantiated'” to warrant action.
The judge also waved off Kaspersky’s protests about its “right to sell to the government” as “worthless.”
“This asserted ‘right’ is worthless,” she wrote. “To ‘sell’ requires another to ‘buy.’ Because no government agency would buy Plaintiffs’ product in the period before October 1, 2018, Plaintiffs’ theoretical ‘right’ to sell has no value at all in the real world.”
In a statement following the decision, the company pointed to its new Global Transparency Initiative where some of the firm’s operations are moving to Switzerland and wherein they invite “concerned parties too review our various codebases.” The exact way that will work out remains to be seen.
You can read the full opinion below.