The U.S. government's decision to ban Kaspersky Lab security software prompted both criticism and praise from the security industry, ignited a flurry of concern from consumers over their own Kaspersky purchases and drew a sharp rebuke from the Kremlin.
The directive weighed on an already strained relationship with Moscow, including allegations that Russia interfered in the U.S. presidential election. Kremlin Press Secretary Dmitry Peskov said the decision in general throws “a shadow “over the image of our American counterparts as reliable partners," the TASS news agency reported.
“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” according to a DHS statement issued Wednesday.
Calling the U.S. government's action “a pity,” Peskov said it "centers around unfair competition, violation of all international trade rules and, of course, aims to undermine the positions of the Russian companies that are competitive on the world scene."
But Eric O'Neill, national security strategist at Carbon Black, noted that “Unlike the United States, Russian intelligence services can presumably compel a Russian company to provide information that will assist Russian espionage efforts.”
Calling Kaspersky “an upstanding cybersecurity company” that hasn't been shown to have “ever complied with any such request” or even received such a request, O'Neill maintained “our heightened level of concern against Russian attacks drives many of these decisions.”
While O'Neill said he didn't place the fault with either Kaspersky or the U.S. government for the directive, which “may appear extreme,” he said the blame “should be laid directly at the feet of Russian Intelligence,” which “doesn't play by any rule book” and whose spies employ brazen tactics.
“The Russia government has waged a silent war against the United States for years, most recently in attempting to influence our 2016 election,” said O'Neill. “As traditional spies have evolved into hackers and spy agencies have focused on cyber penetrations, Russian intelligence has led the charge.”
Although he would like “to think that Kaspersky would take the same stand against a Russian request for information that Apple did when the FBI asked them to break encryption,” the former FBI agent said he didn't “fault the United States government for their lack of trust in a company that survives in a political culture much different from ours.”
Apple spurned attempts by the federal government pressure the company to include what amounted to a backdoor in its products. U.S. software companies might find themselves in the same boat as Kaspersky abroad, though, if those attempts are successful in the future. “It is not even controversial to know that other governments will taking the same steps against US software manufacturers if they are forced to include encryption backdoors,” said Venafi CEO Jeff Hudson.
“U.S. government officials are pressuring software companies to implement encryption backdoors because they think it will help them catch potential terrorists. At the same time, they banned security software from a Russian company for use in the U.S. government because they are concerned about security backdoors. They want to have it both ways which is understandable.”
But the net result, he said, “is that the entire internet will become completely untrustable -- there will be back doors everywhere and governments and bad guys will use them at will. We have to hold ourselves to a higher standard and lead the way to show the rest of the world the right way to secure the internet.”
As news of the government's ban spread, concern grew among consumers who have purchased the software, particularly after reports that Best Buy had scratched Kaspersky from its offerings.
In a statement released after the ban was announced, Kaspersky Lab said Russian laws and policies, which it said were being misinterpreted, applied to telecom companies and internet service providers (ISPs) and not to Kaspersky since it didn't offer communication services.
“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it's disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,” the statement said. “The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.”
Earlier in September as demands for a ban intensified, the company noted that Kaspersky wanted the chance to plead its case with Congress. "CEO Eugene Kaspersky has repeatedly offered to meet with government officials, testify before the U.S. Congress and provide the company's source code for an official audit to help address any questions the U.S. government has about the company, but Kaspersky Lab has only received a general reply from one agency at this time,” the firm said at the time. “The company simply wants the opportunity to answer any questions and assist all concerned government organizations with any investigations, as Kaspersky Lab ardently believes a deeper examination of the company will confirm that these allegations are completely unfounded.”
It looks like the company will get that opportunity. Eugene Kaspersky has accepted an invitation to testify before the House Science, Space and Technology Committee on Sept. 27.
“I appreciate and accept the invitation to testify before the U.S. House of Representatives Committee on Science, Space, and Technology, and if I can get an expedited visa, I look forward to publicly addressing the allegations about my company and its products,” Kaspersky told Reuters, though in July he expressed concern to NBC News "about some unexpected problems” if he visited the U.S.