Kaspersky Suits Tossed, Fed Bans Will Continue

A Washington D.C. court has dismissed Kaspersky Lab's lawsuits against the U.S. government over two different rules banning Kaspersky products from federal systems. From a report: Both a federal law passed as part of last years National Defense Authorization Act (NDAA,) and a binding operational directive (BOD) issued by the Department of Homeland Security, prohibit federal agencies from using Kaspersky products. Both portrayed Kaspersky, a Moscow based company, as a national security risk. Kaspersky sued to prevent the two rules from coming into place, claiming the NDAA was a form of unlawful punishment against a specific company known as a bill of attainder. The judge reasoned that "The NDAA does not inflict 'punishment' on Kaspersky Lab. It eliminates a perceived risk to the Nation's cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation." Because the NDAA ruling remains in effect, the judge ruled the BOD case was more or less a moot point. Further reading: Who's Afraid of Kaspersky?, and US Government Can't Get Controversial Kaspersky Lab Software Off Its Networks.

Okay, I get this, but....

[mark-t]

FTA:

The perceived threat:Lawmakers and DHS have publicly said the national security threat from Kaspersky products stems from Russian law. Antivirus programs and other security programs often upload files to a security firm's server in the course of analyzing them for threats. By law, Kaspersky would have to honor Russian official requests for the data.

Couldn't Kaspersky sidestep this issue by *not* uploading any content? Or is this ban in effect because they could theoretically upload, even if they don't?

That being the case, wouldn't it stand to reason that they should simultaneously prohibit *ALL* software written by any agency outside of the US which might have similar laws with regards to data collection, and not just single out Kaspersky labs?