Kaspersky Sues US Government Over Antivirus Ban

Kaspersky announced that it launched a lawsuit against the Trump administration arguing that the U.S. government’s ban of its software lacked due process and evidence of harm.

Kaspersky's Ban On U.S. Federal Networks

This September, the Department of Homeland Security (DHS), issued a directive to civil agencies to stop using Kaspersky software within 90 days after concerns that the antivirus may help the Russian government in infiltrating U.S. networks and stealing sensitive information.

The government previously accused Kaspersky of stealing classified information from a national security whistleblower called Reality Winner. Kaspersky admitted that it got the documents in a routine scan of Winner’s personal computer, but it said it immediately deleted those files once it learned what they were. It also offered to allow independent parties to review its antivirus’ source code, but the government didn’t think that was sufficient.

Last week, the new National Defense Authorization Act of 2018 included a clause that would ban any Kaspersky or Kaspersky-associated software from being used in the U.S. federal government. Guilty or not, this seems to have left Kaspersky no choice but to sue the U.S. government in order to save its reputation (and revenue).

Kaspersky’s Open Letter

Along with the lawsuit, Kaspersky also wrote an open letter to the U.S. government. The company argued that it has not been given the opportunity to defend itself properly before its technology was banned from use on federal networks. This has harmed its reputation and revenue, and Kaspersky believes that such actions violated the U.S. Constitution, more specifically the right to due process.

The company said that the U.S. government relied mainly upon uncorroborated media reports, not evidence, to support its conclusion that the Kaspersky antivirus is a security risk for U.S. federal networks.

Kaspersky also noted that although the revenue it obtained from licensing its software to U.S. federal agencies was only a small percentage of its revenue, the ban on its software had a disproportionate negative effect both in the U.S. as well as globally.

Kaspersky is now suing the U.S. government to try and repair that damage to its sales as well as its reputation (presuming the U.S. court will find Kaspersky innocent).

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • svan71
    WTF scan puts a users data in the AV providers hands?
    Reply
  • svan71
    Kaspersky admitted that it got the documents in a routine scan of Winner’s personal computer
    Reply
  • NewbieGeek
    Stupid. If the government doesn't want to use a piece of software for whatever reason... It shouldn't be forced to use that software... The government has the authority to chose what software to use and what software not to use.
    Reply
  • IndignantSkeptic
    What I want to know is why they even had to delete their copies of this guy's files. If their software was doing its job, then they wouldn't even need to delete those files because they wouldn't even have had them. Whether they are doing it for the Russian government or not, they are not allowed to just take copies of other people's files! Am I being naive?
    Reply
  • TJ Hooker
    20497449 said:
    Stupid. If the government doesn't want to use a piece of software for whatever reason... It shouldn't be forced to use that software... The government has the authority to chose what software to use and what software not to use.
    I can only assume the lawsuit will be with regard to the accusations (or insinuations) that Kapersky was engaging in espionage/colluding with the Russian government. Maybe alleging slander or libel, resulting in damages to Kapersky's reputation and therefore profits. Because you're right, suing the government just for not using your software doesn't make any sense.
    Reply
  • bigpinkdragon286
    This raises the question in my mind of whether the government documents in question somehow triggered Kaspersky's antivirus to suspect they had possibly malicious code in them. Virus sample submission back to anti-virus software vendors seems pretty typical and I personally wouldn't consider possession of the documents by Kaspersky to be outside of the normal operation for this type of security software, provided the right set of circumstances.

    The government could very well be the instigator here, embedding things in their files to see where they end up.
    Reply
  • therealduckofdeath
    No matter if the document was containing suspect code, Kaspersky is in no right to just yank files for testing in Russia without asking permission. A permission they'd never been granted in this case. That is the reason the US doesn't trust them. They have admittedly taken US government documents to servers based in Russia.
    Reply
  • justmy2cents
    I mean.. kaspersky is cloud-based antivirus. Isn't it normal practice for cloud-based AV to automatically upload questionable file based on their heuristics for further investigation? I don't think kaspersky is the only one that doing this. There's many more other AV that depends on cloud-based protection
    Reply
  • bigpinkdragon286
    20497758 said:
    No matter if the document was containing suspect code, Kaspersky is in no right to just yank files for testing in Russia without asking permission. A permission they'd never been granted in this case. That is the reason the US doesn't trust them. They have admittedly taken US government documents to servers based in Russia.
    By installing and using Kaspersky, the operator of the computer is bound by the licensing terms, which can include automatic sample submission. Are there reputable antivirus offerings that don't have some sort of sample submission? The permission is also often tacitly expressed by the use of default settings. In this case, we don't even know if the user was ever presented the opportunity to enable or disable such a feature, so we can only assume whether Kaspersky had been explicitly granted permission. Furthermore, if users are ignorant of what the software they are installing is going to do, is it really the fault of the software developer? In some cases I would say, sure, when the behavior can't be known by the user, but there are far more cases of plain laziness or ignorance on the part of the user.

    The user in this case, Reality Winner, took documents from her work facility, which she wasn't supposed to do. This doesn't exactly strike me as the behavior of the most stellar computer user or employee. It isn't as though Kaspersky breached any sort of high security measures to acquire the documents. The initial breach seems to have been via sneaker net.

    Finally, cloud based software solutions have to be expected to be hosted and operate, in the cloud, which means it can be anywhere in the world. Since Kaspersky Lab is headquartered in Moscow, it doesn't strike me as a far fetched idea that perhaps their cloud based servers are somewhere in say, Russia.

    If you want cloud based antivirus software, but don't want it based in Russia, don't use Kaspersky. If however you choose to use Kaspersky, you don't exactly have a lot of room to complain when a document that triggers automatic sample submission ends up in Russia. I think ultimately it boils down to the poor decisions made by the NSA agent.
    Reply
  • therealduckofdeath
    bigpinkdragon286, is it explicitly stated that files are transferred abroad? Being a "cloud service" doesn't mean it's stored abroad at any instance and I presume that, since Kaspersky apparently were on the OK list before this there is a good chance they've sold their service without disclosing where the customer's data is sent.
    Reply