Lawyers for the government and the Russian anti-virus company have filed their last briefs before arguing before a judicial panel in September.
The government’s legal battle with a Russian software company is speeding toward its climax after the anti-virus firm Kaspersky Lab filed its final legal papers in the appeals case Monday.
There are no other filings scheduled in the case before oral arguments Sept. 14, which could bring a close to the nearly year-long conflict that has pitted the government’s cybersecurity and national security concerns against Kaspersky’s arguments about fairness in government contracting.
The case was sparked by two separate 2017 actions—one by the Homeland Security Department and the other by Congress—that collectively banned Kaspersky anti-virus software from all federal government and contractor systems.
Both bans were based on concerns that Kaspersky might be compelled to assist the Russian government with digital intelligence operations.
Kaspersky’s broad argument against the congressional ban, which it repeated Monday, is that Congress misused its authority to single out an individual company for punishment.
A federal district court agreed in May with the government’s argument that Congress’s goal wasn’t to punish Kaspersky but to protect national security.
Kaspersky’s final filing mostly treads familiar ground, including comparing a government argument justifying the ban because it doesn’t prevent Kaspersky from offering commercial anti-virus services to 19th and 20th century U.S. laws barring communists and former Confederate troops from certain jobs.
The filing also takes aim at a government claim that Congress’ conclusion Kaspersky poses a national security threat to government systems doesn’t suggest Congress is condemning the company more broadly.
Indeed, it's hard to read the congressional ban as anything other than a complete condemnation of Kaspersky, which is sure to affect its commercial sales, the company states.
“If Congress passed a law banning the federal government from using any airplanes manufactured by Wright Bros., Inc., because Congress stated the planes posed a national security risk," the company argues, "common sense dictates that airlines would not purchase Wright Bros. planes in the same quantity and passengers would avoid airlines that flew Wright Bros. planes.”
The case comes amid a broader push by Congress and the executive branch to rid government supply chains of software that might be vulnerable to nation-state and criminal hacking.
A major defense policy bill that President Donald Trump signed Monday bars contracts involving the Chinese companies Huawei and ZTE.
The Homeland Security Department has launched a major supply chain review, which includes investigating numerous companies with questionable foreign ties.
The department is also pushing for a much broader mandate to restrict companies from competing for federal contracts before they’re awarded, including because of questionable suppliers or subcontractors.
One lesson from the Kaspersky ban, according to the department’s top cybersecurity and critical infrastructure official Chris Krebs, is that government needs to be able to respond more nimbly to cyber supply chain threats without the lengthy administrative process Homeland Security currently uses.