From: Lawfare
***
President Trump signed legislation in December 2017 banning Kaspersky products from use by Federal agencies. The legislation, Section 1634 of the National Defense Authorization Act for Fiscal Year 2018, codifies in law a somewhat narrower ban issued by the Department of Homeland Security (DHS) in September 2017. The Department of Homeland Security explained the ban as a consequence of its “concern[s] about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”
Kaspersky has lodged legal challenges in federal court against both bans. The cases raise interesting questions of administrative and constitutional law, but also invite a separate question about the adequacy of the federal government’s toolkit for dealing with cyber risks of the sort posed by Kaspersky. The bans are limited in direct scope to federal agencies, but the risks of using Kaspersky are clearly much broader than that. After all, the federal government is neither the only provider of critical services to Americans, nor the only custodian of sensitive data. Indeed, most critical infrastructure in the United States is privately owned or operated, and many private companies possess sensitive data that Russian intelligence might find useful to steal or exploit. Use of Kaspersky software by these non-federal entities raises national security risks too.
Leave a Reply