DHS sued over directive banning Kaspersky Lab products

Russian antivirus vendor Kaspersky Lab has sued the U.S. Department of Homeland Security in response to a recent directive banning federal agencies from using its products amid concerns surrounding its alleged ties to foreign intelligence.

Kaspersky sued DHS in D.C. federal court Monday over the Binding Operational Directive (BOD) issued Sept. 13 barring U.S. agencies across the board from using “products, solutions and services” supplied by the Moscow-based security firm.

The directive ordered agencies to purge its systems of Kaspersky products within 90 days, citing “ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”

Kaspersky has denied maintaining improper ties with Moscow, and the company’s lawsuit claims DHS rushed to judgement in violation of its Fifth Amendment right to due process.

“One of the foundational principles enshrined in the U.S. Constitution, which I deeply respect, is due process: the opportunity to contest any evidence and defend oneself before the government takes adverse action,” Eugene Kaspersky, the company’s founder, wrote in an open letter released Monday.

“Unfortunately, in the case of Binding Operational Directive 17-01, DHS did not provide Kaspersky Lab with a meaningful opportunity to be heard before the Directive’s issuance, and therefore, Kaspersky Lab’s due process rights were infringed,” Mr. Kaspersky added.

DHS did not immediately comment on Kaspersky’s lawsuit and the Justice Department declined to comment.

The DHS ban was issued earlier this year amid news reports implying improper connections between Kaspersky and the Russian government.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” DHS said in the directive banning Kaspersky products.

Subsequent reporting alleged that Russian intelligence exploited a security flaw in Kaspersky software in order to conduct international espionage, including at least one instance in which Russian hackers allegedly stole classified material from the home computer of a former U.S. National Security Agency employee.

About 15 percent of U.S. government agencies have since found Kaspersky software on their computer systems, Jeanette Manfra, the DHS assistant secretary for cybersecurity and communications, testified last month.