Multiple agencies have set Monday, July 16, as the deadline for the ban to be implemented in new procurements.
The Russian anti-virus company Kaspersky Lab is racing against time, trying to get a U.S. appeals court to pause a governmenwide ban on its products before a portion of it is implemented next week.
The Defense Department, General Services Administration and NASA set July 16 as the deadline in a Federal Register notice for all new procurements to contain language officially barring contractors and subcontractors from allowing Kaspersky products to touch any government systems.
That ban, which sprang from concerns Kaspersky could be used as a Kremlin spying tool, was ordered by Congress in the 2018 version of an annual defense policy bill.
The July 16 deadline represents a government effort to “accelerate changes to the status quo,” Kaspersky said in a legal filing Monday. That, in turn “accelerates the reputational and financial damage to Kaspersky Lab,” the company told the U.S. Court of Appeals for the D.C. Circuit.
The remedy, Kaspersky said, is for the appeals court to temporarily pause implementation of the congressional ban while it considers the case.
Kaspersky software has already been scrubbed from all government networks, according to government officials, because of an earlier order from the Homeland Security Department. The government has used that fact to argue that reversing the congressional ban wouldn’t make any difference to Kaspersky’s finances or reputation.
Kaspersky shot back in its Monday filing that just because “some irreparable harm is already ongoing does not mean that additional, broader harm is of no moment.”
Kaspersky’s underlying argument is that Congress unconstitutionally singled it out for punishment without allowing the company to defend itself—what’s known as a “bill of attainder.”
That argument failed before a U.S. district court judge who ruled that Congress’s goal wasn’t to punish Kaspersky but to protect U.S. information from Russian spies. Kaspersky is hoping to reverse that ruling at the appeals court level.
Monday’s filing seeks only a temporary halt to the congressional ban, not its reversal. Kaspersky repeated many familiar arguments, however, including that the government failed to account for the broader effects of the ban if U.S. companies believe Kaspersky is a Russian spying tool.
Congress could have avoided causing Kaspersky such broad reputational harm by passing a more generally applicable law, the Russian company said, for example prohibiting federal agencies from using “products or services of any cybersecurity software producer that has provided information to the FSB [a Russian intelligence agency], does business in Russia, has servers in Russia, or uses Russian networks.”
The government has also argued that barring Kaspersky products from federal contracts, which represent a tiny fraction of the company’s global cybersecurity business, hardly amounts to irreparable harm because the company has many other customers.
Kaspersky compared that claim in Monday’s filing to arguments in favor of a 1950s law barring communists from holding trade union positions and a 1860s law barring former Confederate soldiers from holding certain jobs.
Supporters of those laws, Kaspersky said, argued they were constitutional because they didn’t prevent confederates and communists from working altogether. The laws, however, were both ruled unconstitutional by the U.S. Supreme Court.