WASHINGTON (CN) – A Russian cybersecurity firm banned by the U.S. government over its alleged ties to the Kremlin claims in a federal complaint that the move lacked due process.
Represented by the firm Baker & McKenzie, Moscow-based Kaspersky Lab brought the complaint on Dec. 18 through subsidiaries based in the United Kingdom and Woburn, Massachusetts.
Two weeks earlier, the Department of Homeland Security formalized a directive compelling banning the use of Kaspersky products by all federal agencies, after determining that Kaspersky’s products posed a “threat, vulnerability and risk to U.S. government information systems.”
Though Kaspersky denies that it has ties to Russian intelligence agencies, it does not dispute that Russian spies obtained classified hacking tools used by the U.S. National Security Agency because they were stored on a personal computer that was also running Kaspersky’s antivirus program.
Kaspersky has faced scrutiny on Capitol Hill but claims in Monday’s complaint that the government denied it a meaningful opportunity to be heard.
It says Homeland Security has no conclusive evidence that Kaspersky breached any U.S. government information systems, and that the claims of exigent circumstances do not justify depriving Kaspersky of its constitutional right to due process.
“Defendants had ample time and opportunity to afford plaintiffs the due process to which they were entitled prior to the issuance of the BOD [binding operational directive], and actively misled Plaintiffs regarding the status of their pre-BOD deliberations,” the complaint states.
With more than 400 million users around the world, Kaspersky notes that “active licenses held by federal agencies have a total value (to [Kapersky]) of less than USD $54,000.”
This represents just 0.03 percent of Kaspersky Lab’s annual sales in the United States, but Kapersky says it has a substantial interest in the “continued ability to sell its product to the U.S. government, inclusive of the right to be free of disparagement prejudicing commercial and enterprise customers.”
Homeland Security’s directive had three prongs: “(1) identify Kaspersky Lab-branded products on all federal informational systems within 30 days, (2) develop a detailed plan to remove and discontinue the present and future use of all Kaspersky Lab-branded products within 60 days, and (3) unless directed otherwise by DHS based on new information, start actual removal within 90 days.”
Kaspersky says the directive violated the Administrative Procedure Act as well as its Fifth Amendment rights.
“The debarment of Plaintiffs and the damage caused was immediate and complete upon the issuance of the BOD,” the complaint states. “The process for identification, removal, and discontinuation had been initiated immediately upon issuance, all government agencies were prejudiced against Plaintiffs’ software at that time, and the process could therefore not have been adequately unwound.”
A representative from the Department of Justice declined to comment on Kaspersky Lab’s lawsuit against Department of Homeland Security.