U.S. Seeks to Dismiss Kaspersky Suit Against Legislative Ban
The government filed motions to dismiss two Kaspersky lawsuits Monday, challenging legal and administrative bans.
The Justice Department fired back at the anti-virus company Kaspersky Lab Monday, saying Congress wasn’t illegally meting out punishment when it barred the Russian firm from government contracts, but was making a perfectly legal move to protect national security.
Kaspersky claims that Congress violated the constitution by singling out a private entity for punishment—an action known as a “bill of attainder”—without sufficient evidence of actual wrongdoing and in a way designed to “inflict profound reputational injury.”
In its motion to dismiss that case, the government argues that Kaspersky is giving short shrift to the months of executive branch fact finding and congressional debate that preceded the legislative Kaspersky ban.
“By the time this legislation reached the floor, there was broad agreement among lawmakers and cybersecurity officials in the executive branch that the security risks posed by the use of Kaspersky products and services were intolerably high, and strong bipartisan support for taking preventive action against those risks,” the motion states.
Congress’s December Kaspersky ban followed months of concern that the Russian government might exercise outsized control over the company’s tools and use them to steal information from the U.S. government and companies.
By the time the law passed as part of an annual defense policy bill, the Homeland Security Department had already ordered civilian agencies to wipe Kaspersky from their systems in a binding operational directive.
Even if Congress had acted without extensive evidence, the government argues, the point of the bill of attainder prohibition isn’t that Congress can’t ever pass legislation that harms a private person or company – it’s that the goal of the legislation can’t be mere punishment.
In this case, the point of the Kaspersky ban wasn’t to hurt Kaspersky, the government argues, but to protect national security.
The government also filed a motion Monday to dismiss Kaspersky’s other lawsuit challenging the September Homeland Security ban.
That case similarly argues that Kaspersky “exaggerates the process to which it was constitutionally entitled” before the Homeland Security ban started “and undervalues the process it actually received.”
Kaspersky also no longer has a legal basis to challenge its administrative ban, the government argues, because reversing that prohibition would not undo the legislative ban.
Anti-virus is an especially powerful form of software because it has broad authority to browse through a computer’s files and to quarantine or remove files that might be infected with malware. That would make it an excellent tool for spies interested in browsing government documents.
The latest move in the government’s legal battle with Kaspersky comes as Sens. Marco Rubio, R-Fla, and Tom Cotton, R-Ark., are pushing for similar governmentwide bans against two Chinese telecom firms, Huawei and ZTE, which they argue might siphon data for the Chinese government.
Rep. Michael Conaway, R-Texas, has introduced a companion bill in the House.
Federal Communications Commission Chairman Ajit Pai is also aiming to block Huawei, ZTE and companies that work with them from federal contracts aimed at expanding telephone and wireless internet access.
Kaspersky has consistently denied sharing any information with Russian intelligence agencies. If it did share such information with any government, the company has argued, it would swiftly be out of business.
The U.S. government has provided no firm evidence of Kaspersky being used as a Russian hacking tool, but anonymously sourced news reports have suggested the anti-virus may have played a role in a major leak of NSA hacking tools from an employee’s home computer.
Kaspersky is unlikely to prevail in its lawsuit, a former cyber crime prosecutor has told Nextgov, but by publicly airing its case against the government, the company might retain more U.S. commercial customers.
As a result of the ban, Kaspersky’s U.S. retail sales fell 61 percent during the fourth quarter of the 2017 fiscal year compared with the same quarter the year before, the company said in an earlier legal filing. Results from the second half of the year showed a 50 percent decline in retail sales, Kaspersky said.