Kaspersky Lab has filed an appeal under the Administrative Procedure Act to enforce its constitutional due process rights and challenge the Binding Operational Directive prohibiting the use of the company’s products and solutions by U.S. government agencies. The company asserts that the DHS’s decision is unconstitutional and relied on subjective, non-technical public sources such as uncorroborated and often anonymously sourced media reports, related claims, and rumours. Furthermore, DHS has failed to provide the company adequate due process to rebut the unsubstantiated allegations underlying the Directive and has not provided any evidence of wrongdoing by the company.
The willingness of the company to cooperate with DHS’s review has been well documented. Given the company’s longstanding commitment to transparency, the trustworthy development of its technologies and services, and cooperation with governments and the IT security industry worldwide to combat cyber threats, Kaspersky Lab reached out to DHS in mid-July, offering to provide any information or assistance concerning the company, its operations, or its products. In mid-August, DHS confirmed receipt of the company’s letter, appreciating the offer to provide information and expressing interest in future communications with Kaspersky Lab regarding the matter. However, the next communication from DHS to Kaspersky Lab was notification regarding the issuance of Binding Operational Directive 17-01 on September 13, 2017.
As a result, DHS’s actions have caused undue damage to both the company’s reputation in the IT security industry and its sales in the U.S. It has unfairly called into question Kaspersky Lab’s fundamental principles of protecting its customers and combatting cyber threats, regardless of their origin or purpose. In filing this appeal, Kaspersky Lab hopes to protect its due process rights under the U.S. Constitution and federal law and repair the harm caused to its commercial operations, its U.S.-based employees, and its U.S.-based business partners.
“Because Kaspersky Lab has not been provided a fair opportunity in regards to the allegations and no technical evidence has been produced to validate DHS’s actions, it is in the company’s interests to defend itself in this matter. Regardless of the DHS decision, we will continue to do what really matters: make the world safer from cybercrime,” said Eugene Kaspersky, CEO of Kaspersky Lab.
As evidence of its commitment to trust, transparency, and accountability, Kaspersky Lab launched its Global Transparency Initiative on October 23, 2017. This Initiative will include an independent review of the company’s source code, software updates and threat detection rules; an independent review of internal processes to verify the integrity of the company’s solutions and processes; three transparency centers by 2020, in Asia, Europe and the U.S.; and increased bug bounty rewards up to $100k per discovered vulnerability in Kaspersky Lab products.