The Department of Justice on Monday defended the government’s decision to ban products sold by Russian software vendor Kaspersky Lab, arguing in federal court filings in favor of dismissing lawsuits brought on the firm’s behalf.
Justice Department attorneys filed motions in D.C. federal court Monday challenging separate lawsuits initiated by Kaspersky’s lawyers in response to both a Department of Homeland Security directive and congressional legislation banning its products.
The DHS issued a binding operational directive (BOD) in September ordering civilian agencies to purge its networks of Kaspersky products, and Congress codified that prohibition by approving the National Defense Authorization Act (NDAA) for Fiscal Year 2018, an annual spending bill signed into law by President Trump in December that contains a provision barring federal entities from using the company’s hardware, software or services.
Attorneys for Kaspersky argued the policies unlawfully singled out their client’s U.S. offices, and that the prohibitions have damaged the company’s reputation. The Justice Department countered that the bans were proper, however, since U.S. officials have determined that using Kaspersky Lab products may pose a risk to national security.
“By the time this legislation reached the floor, there was broad agreement among lawmakers and cybersecurity officials in the executive branch that the security risks posed by the use of Kaspersky products and services were intolerably high, and strong bipartisan support for taking preventive action against those risks,” the Justice Department argued in a motion filed Monday to dismiss Kaspersky’s lawsuit against the defense-bill provision.
“Rescinding the BOD would leave the NDAA ban in place, which means agencies still would be required to remove and stop using Kaspersky products, and there still would be law branding the company’s software as a security risk,” the DOJ responded to Kaspersky’s attempt to overturn the DHS directive. “Nothing of practical value would come from a favorable ruling, and whatever value Kaspersky attaches to the prospect of being legally permitted to sell software to the U.S. government during the brief period between the rescission of the BOD and the date the NDAA’s categorical ban kicks in (October of this year) does not amount to a redressable Article III injury.”
Kaspersky Lab said in a statement that the firm maintains that both measures “lack sufficient basis, are unconstitutional and rely upon subjective, non-technical public sources, such as uncorroborated and often anonymously sourced media reports, related claims and rumors.
“Furthermore, in taking either action, the government has failed to provide any evidence of wrongdoing by the company,” Kaspersky Lab said in a statement.
The DHS said in issuing the directive banning Kaspersky products that it was concerned about its alleges ties to the Russian government.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” DHS said in explaining the directive.
Kaspersky previously said that U.S. sales of the company’s products dropped by 61 percent after the DHS announced its directive, and that returns of Kaspersky products increased by nearly 2,300 percent during the fourth quarter of 2017 over one year earlier.