Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Businesses United States Politics Technology

Kaspersky Lab Sues Trump Administration Over Software Ban (reuters.com) 185

Moscow-based anti-virus company Kaspersky Lab sued the Trump administration in U.S. federal court on Monday, arguing that the American government has deprived it of due process rights by banning its software from U.S. government agencies. From a report: The lawsuit is the latest effort by Kaspersky Lab to push back on allegations that the company is vulnerable to Kremlin influence. The Department of Homeland Security in September issued a directive to U.S. civilian agencies ordering them to remove Kaspersky Lab from their computer networks within 90 days. The order came amid mounting concern among U.S. officials that the software could enable Russian espionage and threaten national security. The ban was codified last week when President Donald Trump signed legislation banning Kasperky Lab from use across civilian and military agencies.
This discussion has been archived. No new comments can be posted.

Kaspersky Lab Sues Trump Administration Over Software Ban

Comments Filter:
  • by bobbied ( 2522392 ) on Monday December 18, 2017 @02:01PM (#55763257)

    Trump is only preventing Federal agencies from using Kaspersky Lab's offerings, he's not keeping them from selling to other US customers. You can still buy their products in the USA. I realize that this Federal ban does cut into their market share, but how will suing fix this?

    How do they have a lawsuit? Can I now sue the Federal Government if they refuse to use *my* software product?

    You cannot sue city hall, Kaspersky Lab's needs to file that suit in the circular file marked "trash" because it's going to be dumped by the courts eventually and turn into a waste of good money.

    • by OzPeter ( 195038 )

      Trump is only preventing Federal agencies from using Kaspersky Lab's offerings, he's not keeping them from selling to other US customers. You can still buy their products in the USA.

      Playing devil's advocate here (and not having read TFA .. surprise surprise).

      If Trump's order rescinds existing contracts then Kaspersky may have a valid claim when suing city hall.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Uninstall the product. Pay off the contracts. Find another AV product. Move on.

      • by bsDaemon ( 87307 )

        Trump didn't issue an order. He signed H.R. 2810, "National Defense Authorization Act for Fiscal Year 2018" into law. That means Congress did it, not Trump. The relevant bit is section 1634, entitled "Prohibition on use of products and services developed or provided by Kaspersky Lab.", which is under Subtitle C, "Cyberspace-related matters".

        (a)Prohibition
        No department, agency, organization, or other element of the Federal Government may use, whether directly or through work with or on behalf of another de

        • Seeing as how the bill calls identifies and punishes Kaspersky by name, it might be possible to argue that it was a bill of attainder. Which would make it explicitly unconstitutional.
          • Then civil asset forfeiture is basically marque and reprisal, turning police into privateers. Some how, while seemingly correct, I donâ(TM)t see that argument working out in this day and age. Perhaps we shall see.

            • Funny you should phrase it that way - the first use of civil forfeiture in the US (as best I recall) was for the seizure of a pirate ship. While I completely agree with your assessment of the practice now, it isn't related to bills of attainder. Those are laws that single out and punish a specific person (or presumably, group). Like if Congress passed a bill saying, "The person using the alias 'bsDaemon' is hereby stripped of all rights and possessions, and shall be immediately taken into custody and loc
    • by Anonymous Coward

      But they'll find a liberal, PC judge who will rule in their favor. And somewhere there is an illegal immigrant with ties to Kaspersky who will claim the ban discriminates against him.

      • Re: (Score:3, Funny)

        by Anonymous Coward

        As opposed to a Mac judge who will wonder why they have antivirus in the first place.

        • Re: (Score:3, Funny)

          by Anonymous Coward

          Meanwhile the Linux Judge is still trying to install his AMD Catalyst drivers.

    • I'll concede that I haven't read Trump's order, so I'll ask. Is the government failing to pay for previously agreed to contracts/purchases or is this their way of disqualifying Kaspersky from future contracts and purchases?

      If the government paid and met all previously agreements, I don't understand the theory under which Kaspersky is suing.

      LK

      • They are claiming that the government didn't give them "due process" with the federal ban. Tell me, what "process" are they entitled too here?
        • by Megol ( 3135005 )

          "to"

          In a country with secret courts? None.

          • Tell me, what "process" are they entitled [to] here?

            In a country with secret courts? None.

            Do you mean Russia or the US - oh, wait ...

        • by Somebody Is Using My ( 985418 ) on Monday December 18, 2017 @03:53PM (#55764069) Homepage

          I am not a lawyer.

          However, it was explained to me that the problem is that Kaspersky was singled out specifically, rather than failing to make the cut due to certain considerations. It's one thing to say "the government may only buy software from vetted software companies that are not also doing business in Russia" versus naming the company directly even though the end result may be the same. It's like how you can't make laws to single out individuals.

            The current ruling means that even if Kaspersky corrects everything that the government doesn't like about them (e.g., moves out of Russia, replaces all their programmers, opens their source-code, whatever), they are still out of the running for government contracts solely because they are Kaspersky, and it is this that the company is claiming is unlawful. The law prevents this because otherwise the government could simply forbid certain otherwise qualified companies (usually because someone in the government has stock in company X and doesn't want company Y to be able to compete).

          Or so I was told. Hopefully somebody with a better understanding of both this ruling and the law will be able to clarify the issue.

          • by AmiMoJo ( 196126 )

            Also, naming them directly has probably hurt world wide sales, so they will argue that it was unjustified and seek reparations.

            • I don't know if you can sue the government for slander/libel, but arguing that a 5th Amendment 'taking' took place might work.
      • Historically, government officials have thrown business to their friends and associates regardless of the value to the government, and we've tried putting restrictions on that. Therefore, we have laws on procurement that reduce the problem somewhat (and create other problems, law being a blunt instrument). The DoD may be violating them (or not, I'm not a lawyer), and, if so, that's grounds for a lawsuit.

    • by swb ( 14022 ) on Monday December 18, 2017 @03:34PM (#55763933)

      I think it's not just that the Federal government has banned it, I think the mere presence of that ban is having a chilling effect. I know a guy who works for a fuel supplier to an energy utility and they are being told to rip out all Kaspersky products by the utility and supposedly the utility is being told this by the Feds.

      Even if this is only partly true, I'd guess its being repeated in other areas. Eventually even if still buying their products isn't illegal or officially banned for anyone other than Federal agencies, this will fan out and ruin its reputation.

      I'm of mixed opinions on this. I don't think Kaspersky was proactively engaged in a conspiracy to commit espionage, but I think they are uniquely positioned to be influenced by the FSB in ways that creates an existential risk.

      My guess is Eugene Kaspersky thought he could retain Russia as a major office (good talent, a market unto itself, etc) and be a global software player without those two things being in conflict. Turns out maybe he should have relocated and left Russia behind.

      • by Pieroxy ( 222434 )

        I think they are uniquely positioned to be influenced by the FSB

        You mean just like any American company with the NSA?

      • What you describe isn't "due process" but more like defamation. Problem is defamation is hard to get a judgment for in the USA, AND this lawsuit doesn't claim it.

        I think their lawsuit is just a PR ploy at best, or a hail Mary attempt at worst. Either way, it's going to be a loss...

      • Why do you care about the FSB? They are a domestic intelligence service. Foreign espionage is not their job.

    • by rastos1 ( 601318 )

      Can I now sue the Federal Government if they refuse to use *my* software product?

      If the government is shopping for a product and your product does meet the criteria, then IMHO: yes, you should be able to sue them for excluding you specifically from the bidding process. It works like that over here (on the other side of the pond). There are some limits such as no unpaid taxes, etc. But in general anyone can compete.

      • But I don't have a right to force the government to buy my product if they don't find my product suited for it's purpose or if it carries unacceptable risks.

        The reasons for Kaspersky Labs removal from consideration is pretty clear. They remain a subsidiary of a Russian company and carry an unacceptable amount of risk of being exploited by foreign intelligence services. Given the pervasive nature of the product and where it would likely be installed, the concern is a valid one, thus the prohibition is vali

        • The reasons for Kaspersky Labs removal from consideration is pretty clear.

          Sure. How does it play with procurement law?

          I don't think Kaspersky Labs has a case here in the USA.

          IANAL, and I suspect you aren't either. Some of these laws can get incredibly confusing.

        • by rastos1 ( 601318 )

          The reasons for Kaspersky Labs removal from consideration is pretty clear.

          1. the reason should be "you are security threat, you act maliciously, you represent interests of a foreign power, ..." it should not be "you are Kaspersky".

          2. apparently the reasons are not clear to everyone - and so the court will have to decide whether they are valid or not. I find that reasonable.

    • Can I now sue the Federal Government if they refuse to use *my* software product?

      Depends on why they refused your software product. If the selection of something else, or nothing if they didn't get a replacement, was done according to law, you're going to lose. (You can sue for anything, and many things even won't be thrown out by the first judge to see them.) If they violated the law in not choosing your software, go ahead. You have a good chance of winning, although I'm not completely sure what you'

  • This feels terrible. (Score:5, Interesting)

    by Gravis Zero ( 934156 ) on Monday December 18, 2017 @02:01PM (#55763259)

    I'm not one to defend what the current administration/congress does but banning the use of software on government and government contractors' computers that is suspected to be under the control of a foreign government seems well within the scope of the law.

    Frankly, if they banned Microsoft's shoddy products then you wouldn't need to bother with Kaspersky.

    • Frankly, if they banned Microsoft's shoddy products then you wouldn't need to bother with Kaspersky.

      It would also be helpful if people were better trained not to follow click-bait and suspicious links.

      • Frankly, if they banned Microsoft's shoddy products then you wouldn't need to bother with Kaspersky.

        It would also be helpful if people were better trained not to follow click-bait and suspicious links.

        The training is pretty good. It would be helpful if people employed some critical thinking skills instead of just blind clicking.

    • by mysidia ( 191772 )

      Banning the use of software on government and government contractors' computers that is suspected to be under the control of a foreign government seems well within the scope of the law.

      Not without cause for REASONABLE suspicion it's not. If there was reasonable basis for suspecting the software is a risk, then the details should be communicated to each agency, and their IT department should take care of it internally, AND the intelligence agencies responsible for internal security of the govern

    • This is well within the governments national security powers.

      Just like they can prevent foreign companies from buying strategic companies in the US including even requiring that prior transactions be unwound and returned to the US. The governments powers in regard to national security are expansive and the supreme court has shown a definite historical tendency to defer to the government where national security concerns are raised.

      The chances of success in this suit are very limited, Kaspersky is wasting mon

    • I would agree, but then there are these little gems in the order:

      1: Kaspersky-branded products means information security products, solutions, and services supplied, directly or indirectly, by AO Kaspersky Lab or any of its predecessors, successors, parents, subsidiaries, or affiliates

      2: This directive does not address Kaspersky code embedded in the products of other companies.

      This is nothing but a coordinated campaign to destroy Kasperskys business. Maybe we should be asking why.

      Notification of Binding Operative Direction 17-01 [federalregister.gov]

  • by MitchDev ( 2526834 ) on Monday December 18, 2017 @02:05PM (#55763297)

    What the F are they smoking?

    There is no right to have people buy your products...

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      People aren't the issue here. Sales to the federal government are. Kasperksy has a US subsidiary. The US subsidiary is a US citizen to the extent the Supreme Court has said corporations are citizens. The US subsidiary has due process rights under the US constitution. Trump saying the US subsidiary cant sell its software to the US government because its actually a hostile arm of the KGB or whatever the exact accusation is doesn't fly without due process. The US subsidiary is entitled to it's day in court. At

      • Trump is not saying they cannot SELL they can still sell this stuff... He's only saying that the Federal government may not BUY the software.

        If you want to run out and buy or sell copies of this software, it's still perfectly legal for citizens or companies to do so.

        This lawsuit is bogus, frivolous and a waste of time and money. Nobody's due process rights have been violated here.

        At best, this is but a PR stunt....

        • It's not Trump saying so, Congress passed a bill explicitly naming and banning Kaspersky. That brings up the 5th Amendment Takings clause, the 14th's due process clause, and may even be arguable as a bill of attainder.
          • Congress only dictated that the government may not purchase this company's products. They didn't ban the company from doing business or take any of their property away, only made it illegal for the federal government to purchase this companies products. Sucks that it's their biggest customer, but if congress doesn't have the right to decide where the money the budget gets spent, what rights does congress have here?

            IF congress had banned the company from doing business or actually taken their property with

            • Thing is, according to United States vs. Lovett [wikipedia.org], this is a bill of attainder. The Supreme Court held that the law in question specified a person, imposed some sort of punishment (they couldn't be hired by the Federal Government), and wasn't due to judicial action. In this case, a specifically named company is barred from selling to the Federal government by statute rather than judicial action, which looks awfully similar.

              There's ways this law could work, as long as it doesn't mention Kaspersky. It cou

              • After reading about this, I suppose that might work. However, if the law the defunded ACORN wasn't upheld as a bill of attainder, this won't be..

                Kaspersky isn't having any property confiscated nor are they being punished for some wrong doing. They are only being deprived of FUTURE revenue though sales of products to one specific customer. If ACRON lost it's federal funding though a law that made it illegal and that's not a bill of attainder, then this isn't either.

                I suppose they may make it though the

                • Regarding ACORN, I'm not familiar with the details but Congress can grant or cancel funding for specific non-profits. Kaspersky, on the other hand, is being told they can't bid on open government contracts anymore. Whether that's improper or not may rest on the wording of the laws describing the bidding process.
                  • Oh they can bid, they just cannot win... Just like ACORN can apply for grants, but won't be given any.

      • This is the correct answer.

        So far, accusations have only reached the threshold of "allegation."

        The next step calls for motions of discovery, depositions, exhibits and expert witnesses.

        The lawsuit itself is harmless.

        Due process will prevail.

        Nothing to see here.

    • What the F are they smoking?

      There is no right to have people buy your products...

      I'm not sure about the USA, but in many countries you do have the right not to be unfairly excluded from the procurement process.

  • I don't run any anti-virus software on any of my computers (Mac, Linux, Chromebook).
    Why would I want to use this Kaspersky software? Does it run on any of my computers? Do I need to buy a new computer?

    • by Anonymous Coward

      Answers in order:
      NO.
      NO.
      NO.
      Go back to sleep now.

  • by bigmacx ( 135216 ) on Monday December 18, 2017 @02:21PM (#55763435)

    place? Sheesh, let's see, our government uses closed source SECURITY software from a company located in a (hostile?) foreign country and everyone in the US doesn't automatically think it's a Bad Idea?

    And yes I know there's a lot of software made outside of the US by non-US companies that are likely used in the US gov't, but security, especially closed-source, software should not be one of those.

    • IIRC, they just removed Kaspersky from the list of potential suppliers. That is, they actively forbid any future government contracts to Kaspersky, but that didn't mean Kaspersky had ever gotten any before.

    • by Megol ( 3135005 )

      I didn't know the US is a hostile foreign country to the US. The things one learn...

      • by bigmacx ( 135216 )

        Please elaborate. I fail to see the relevancy to my post. Do you think Kaspersky is a US company?

    • place? Sheesh, let's see, our government uses closed source SECURITY software from a company located in a (hostile?) foreign country and everyone in the US doesn't automatically think it's a Bad Idea?

      I agree with you, but let's not get distracted from the real issue here. First of all, any organization is free to audit the Kaspersky software. This was even true before this incident.

      The real issue here is that an idiot NSA developer took his work home with him and put it on his personal laptop.

      According to Kaspersky, its security package running on the PC detected Pho's copies of the NSA exploits as new malicious software, and uploaded the powerful spyware to its cloud for further analysis by its researchers.

      [...]

      Kaspersky Lab has denied any wrongdoing in the matter or illicit ties to Russian intelligence. The security vendor also pointed out Pho's machine was infected with loads of malware, meaning any miscreant could have stolen Uncle Sam's cyber-weapons.
      source [theregister.co.uk]

      In other words, the NSA seems incapable of keeping its top secret information secret. That employee should never have been able to download source code from the NSA.

      He was a developer, not a system administrator. T

  • by BellyJelly ( 3772777 ) on Monday December 18, 2017 @02:37PM (#55763579)
    Kaspersky anti-virus or Intel AMT?
  • They sponsor Scuderia Ferrari. Seb Vettel and Kimi Raikkonen don't mind. Neither do I.
  • They should - as soon as the story broke - have moved their servers outside Russia and the reach of Putin, just to eliminate any possibility of interference. They didn't do that, which could be interpreted as unwillingness or similar, possibly due to legal pressure within Russia, keeping the rumor of (forced?) surveillance intact.

He who has but four and spends five has no need for a wallet.

Working...