The US government's decision to ban Kaspersky Lab security software prompted both criticism and praise from the security industry, ignited a flurry of concern from consumers over their own Kaspersky purchases and drew a sharp rebuke from the Kremlin.
The directive weighed on an already strained relationship with Moscow, including allegations that Russia interfered in the US presidential election. Kremlin press secretary Dmitry Peskov said the decision in general throws “a shadow “over the image of our American counterparts as reliable partners," the TASS news agency reported.
“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” according to a DHS statement issued Wednesday.
Calling the US government's action “a pity,” Peskov said it "centres around unfair competition, violation of all international trade rules and, of course, aims to undermine the positions of the Russian companies that are competitive on the world scene."
But Eric O'Neill, national security strategist at Carbon Black, noted that “Unlike the United States, Russian intelligence services can presumably compel a Russian company to provide information that will assist Russian espionage efforts.”
Calling Kaspersky “an upstanding cyber-security company” that hasn't been shown to have “ever complied with any such request” or even received such a request, O'Neill maintained “our heightened level of concern against Russian attacks drives many of these decisions.”
While O'Neill said he didn't place the fault with either Kaspersky or the US government for the directive, which “may appear extreme,” he said the blame “should be laid directly at the feet of Russian Intelligence,” which “doesn't play by any rule book” and whose spies employ brazen tactics.
“The Russia government has waged a silent war against the United States for years, most recently in attempting to influence our 2016 election,” said O'Neill. “As traditional spies have evolved into hackers and spy agencies have focused on cyber-penetrations, Russian intelligence has led the charge.”
Although he would like “to think that Kaspersky would take the same stand against a Russian request for information that Apple did when the FBI asked them to break encryption,” the former FBI agent said he didn't “fault the United States government for their lack of trust in a company that survives in a political culture much different from ours.”
Apple spurned attempts by the federal government pressure the company to include what amounted to a backdoor in its products. U.S. software companies might find themselves in the same boat as Kaspersky abroad, though, if those attempts are successful in the future. “It is not even controversial to know that other governments will taking the same steps against US software manufacturers if they are forced to include encryption backdoors,” said Venafi CEO Jeff Hudson.
“US government officials are pressuring software companies to implement encryption backdoors because they think it will help them catch potential terrorists. At the same time, they banned security software from a Russian company for use in the U.S. government because they are concerned about security backdoors. They want to have it both ways which is understandable.”
But the net result, he said, “is that the entire internet will become completely untrustable - there will be back doors everywhere and governments and bad guys will use them at will. We have to hold ourselves to a higher standard and lead the way to show the rest of the world the right way to secure the internet.”
As news of the government's ban spread, concern grew among consumers who have purchased the software, particularly after reports that Best Buy in the US had scratched Kaspersky from its offerings.
In a statement released after the ban was announced, Kaspersky Lab said Russian laws and policies, which it said were being misinterpreted, applied to telecom companies and internet service providers (ISPs) and not to Kaspersky since it didn't offer communication services.
“Kaspersky Lab has never helped, nor will help, any government in the world with its cyber-espionage or offensive cyber efforts, and it's disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,” the statement said. “The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.”