A US District Court Judge Wednesday ruled that a ban on Kaspersky Lab products by the US government set to take effect 1 October is constitutional and tossed two lawsuits filed by the Russia-based security firm.
Calling “worthless” the company's claim that it has the “right to sell to the government,” Colleen Kollar-Kotelly, US District Judge for the District of Columbia, wrote that “it was rational” for Congress – when presented with the facts that “Russia had committed malicious cyber-activities against the United States” and that Kaspersky is a Russian company beholden to Russia's laws and whose founder, Eugene Kaspersky, has ties to Russian intel, and its products, which are used by the federal government to prevent cyber-attacks, could be exploited – “to conclude on the basis of this information that barring the federal government's use of Kaspersky Lab products would help prevent further Russian cyber-attacks.”
President Donald Trump in December signed into law the National Defense Authorization Act for Fiscal Year 2018 (H.R.2810), which contained a section prohibiting federal use of products and services from Russia-based cyber-security firm Kaspersky Lab.
According to the law, the ban takes effect on 1 October, 2018. Additionally, within 180 days of the passing of the act, the Secretary of Defence must present a report to relevant Congressional committees detailing the findings from a review of procedures for removing Kaspersky products from federal government networks.
Those actions might “very well have adverse consequences for some third-parties," Kollar-Kotelly said. "But that does not make them unconstitutional."
Last September, the Department of Homeland Security also issued a binding order forbidding the use of Kaspersky Lab security software. The order gave federal agencies three months to inventory and remove the software.