Roses are red, Kaspersky is blue: 'That ban's unconstitutional!' Boo hoo hoo Kaspersky Lab, the antivirus house, now claims that the US government's ban on its products amounts to punishment without trial. In court filings made late last year Kaspersky said it was intending to use the US Administrative Procedure Act to get the ban declared unconstitutional. Now, according to local reports, the Russian …
> ""The government will trot out the usual "National Security" line"
counting on it.
consider this: a foreign company sues your government over NOT buying its product
that pretty much sums it up."
Given that one of the aspects of the TPP that US businesses were pushing for was the ability to sue governments for instituting laws which unduly affected their profit margin, then I say more power to Kapersky for using the same tactic the US was pushing for, against the US.
How exactly does "the usual National Security line" allow them to ignore the constitution?
I mean, I get how it might be used to justify withholding evidence, but that's not the issue in this case. A bill of attainder is just flat-out unconstitutional, no matter how much evidence there is behind it.
@DougS, there are undoubtedly a lot of scum in Russia. Like the one whose email I was scrutinising just half an hour ago, in the vain hopes of finding someone I could plausibly report it to, trying to extract bitcoin from me. Since they claimed to be Ukrainian, I'm assuming they were at least patriotic Russians and quite possibly employed, indirectly, by the thug-in-chief himself.
But that doesn't mean every allegation against Russians should be considered "true". Particularly when the allegation takes the form of a law that would still be unconstitutional even if the claims were all 100% proven.
There are ways of dealing with rogue companies, but "passing a law against doing business with that particular company" is not a legitimate one.
"I'm continually surprised at the number of people who dismiss the possibility that Russia is interfering in US elections, hacking emails, etc. Russia is basically run by gangsters but somehow a lot of people seem to think they are squeaky clean!"
Well the first part is easy, as in the US election "interference". Twitter came out with the numbers, along with Facebook, and the number of "Russian" created bots were somewhere in the region of 0.5% of the total tweets/posts sent regarding the election during the election campaign. The effect was tiny, if there was any effect at all.
Also, we've had the release of the memo's that point to the Obama administration getting FISA warrants based on discredited information from that Steel chap. You know, the guy who came out saying Trump paid prostitutes to piss on a bed slept in by Obama? That story came from 4Chan, and Mr.Steel himself was paid to investigate these claims by the DNC. It's been said that the FISA warrants wouldn't have been issued if his evidence hadn't been given during the FISA hearings.
The hacking of the DNC emails, the Podesta emails, came from Podesta getting an email looking like it was from Google asking him to change his password. He forwarded it to his IT guy, who said it was "legitimate" - when in fact he meant to say "illegitimate". So the sophisticated email hacking Russia did was nothing more than what everyone gets these days - the equivalent of throwing shit at a wall and seeing what sticks. But the NSA, as well, have come out and said the download of internal DNC emails was localised, meaning someone inside the DNC leaked the emails. The transmission rates just wouldn't have been possible to get from a remote server.
Yeah, Russia is ran by gangsters. But you'd be a complete fool to believe America isn't being run by equally as bad - and inept in cases - gangsters.
Oh looky here, we have another one who gets all their news from only Trump approved sources.
Sorry, the FBI probe was started BEFORE the Steele dossier came out. That's been proven in open congressional testimony, not that Fox News is going to tell their viewers that because it conflicts with the storyline lie that the right wing is trying to spread that blames everything on Steele.
"Oh looky here, we have another one who gets all their news from only Trump approved sources."
Trump only likes Fox News. I've never, ever, listened to or seen Fox. What I've read has come from all over the place. Interviews on CNN, articles from The Guardian for example.
"Sorry, the FBI probe was started BEFORE the Steele dossier came out. That's been proven in open congressional testimony, not that Fox News is going to tell their viewers that because it conflicts with the storyline lie that the right wing is trying to spread that blames everything on Steele."
I never said the FBI probe was started after the Steele dossier came out. I said that the dossier helped the FBI with their FISA application. Those are two very different things.
But don't let your own bigotry get in the way of understanding plain English.
@phuzz: "violet" refers to any of a dozen or so species of flower which come in multiple varieties, and cover a wide variety of colours, including violet, darkish purples, blue, cream, and even some fairly raucous shades of orange and yellow.
So while they aren't *all* blue, some of them are, and a bunch of others are neither violet nor blue.
Overall, it's not really very informative.
Wild violets come in many colours - white, pink, dark blue, pale blue, lavender, violet.....
try going out into the countryside and actually looking at what you're seeing
or try reading a book, such as this page
http://paintdrawer.co.uk/naturebooks/wild-flowers-the-wild-flowers-of-britain-and-northern-europe-by-marjory-blamey-fitter-fitter-9780006364573.jpg
"Wild violets come in many colours - white, pink, dark blue, pale blue, lavender, violet.....
try going out into the countryside and actually looking at what you're seeing"
You're right of course, but the only ones I see flowering at this time of year near me are purple (they're dog violets).
Specifically, they have the right to prepare the way for an enemy cyber attack on the US by deploying enemy enabled infrastructure.
If you ask me, Kaspersky might even end up in jail, if he insists of these rights.
Kaspersky cannot work on special projects for the FSB, be a personal friend to Putin and expect to be treated as not a risk Security is about reducing risks and getting rid of Kaspersky makes sense, from a risk management perspective. After all, if there is a cyber attack, and Kaspersky is involved, all those ignoring the warnings should go to jail.
A Russian spy who is within the jurisdiction of any US court has exactly the same rights as any other person within the jurisdiction of that court, including the protection of the constitution. Go read the 14th amendment.
By all means "treat Kaspersky as a risk". There are plenty of ways to do that. If the government sees fit it can declare Kaspersky Labs a proscribed organization, freeze its assets, deport or arrest any representatives it finds in the US, prevent them from entering the country (or leaving it, or travelling within it for that matter)...
But the government hasn't done any of those things. Instead it's passed a bill of attainder - a form of law explicitly forbidden by the constitution - not even the bill of rights, but the main text of the constitution itself. The politicians who drafted and voted for that law, and the president who signed it, should all be recalled/impeached for perjury, because they all took an oath to uphold the constitution, and they've all broken it.
But the government hasn't done any of those things. Instead it's passed a bill of attainder ...
No it hasn't. A bill of attainder is legislation which declares someone guilty of a crime without a trial.
The action by DHS is not legislation but an operational decision on which software to use, and justifies the decision by claiming Kaspersky's software is an information security risk. If publishing software which is an information security risk were a crime, Bill Gates would be serving several life sentences.
The National Defense Authorization Act also does not claim any criminal act on Kaspersky's part.
The worst they may say is that Kaspersky's software is not fit for purpose or does not meet government standards. Neither of those two is a crime; hence the bill of attainder argument is complete fallacy.
Is it better dead than red day?
If you had read the original report then you would know that the same content was leaked to china first but I guess the US worries that if they annoy them the way they do the Russians they will call in the debt and bankrupt them.
Personally I cannot fault Kaspersky for how they dealt with the NSA letting their contractors take their malware home with them, Kaspersky dealt with it exactly how an AV company is supposed to after a advanced user agreed to upload suspicious content for analysis it did just that and found they had the US malware arsenel.
There is no doubt in my mind that this ban is purely because they are associated with Russia and is an anticompetative slur.
I presume that Kaspersky will now just add all the US malware to their databases and then the only people who the NSA will be using them on will be their own, perhaps a bid to improve inter-agency communication?
If company X decides not to buy products from company Y, for any reason at all, is that unconstitutional?
So if government X decides not to buy products from company Y, is that unconstitutional?
This 'ban' doesn't apply to anyone apart from the US government itself. Crucially, it is not imposing the ban on anyone else.
...So if government X decides not to buy products from company Y, is that unconstitutional?...
Governments are a bit special - they run off taxpayer's money, so they have a duty to be fair.
However, they also have a duty to support the country that they run, so if they determine that a particular firm would be bad for the country in some way they should refuse to trade with it. Cruicially, they should have evidence for that - and it's probably no good enough to say that 'We politicians are trying to scare the country into war with Russia, and so a knee-jerk reaction against anything Russian is a good political move..."
First of all the classified information leaked because the NSA agent turned out to be a complete idiot. They used Kaspersky but apparently without bothering to go over the settings or simply totally ignoring the whole thing.
Shell theory: I think the NSA got so used to snooping and data slurping that it has become second nature to them, so the idea of a problem never occurred to this guy!
But second... Have we already forgotten the iron grip in which the US government placed Apple for refusing to share and/or apply a backdoor to their product in order to give the US government unrestricted access to their devices?.
That's not some wild rumor or hearsay, that's a proven fact, because even the president himself uttered how "unpatriotic Apple was" in his opinion.
So apparently it's perfectly fine to snoop when it's the US doing the snooping, but as soon as a nation which the US doesn't like could perhaps but not proven! do the same then it's time for some old fashioned mayhem and very selective criticism, because how dare they!
As said: what a bunch of hypocrites.
As I understand the US government claim, in part, is that the information the Kaspersky AV uploaded became available to the Russian government. I am not aware whether they took a position on whether that was because Kaspersky cooperated with the Russian government or simply that the Russian government penetrated Kaspersky's infrastructure obtained it without Kasperdky's knowledge or consent. From the perspective of US government agencies, the difference would be immaterial.
If it is a "proven fact" that the US government put Apple in an "iron grip"for refusing to share and/or apply a backdoor to their product in order to give the US government unrestricted access to their devices" it should be easy to give a reference. That cannot mean the well known case of the iPhone used by the December 2, 2015 San Bernardino shooter, since the order given to Apple in that case required no such thing. Anyone who thinks otherwise may see the original order at
https://www.justice.gov/usao-cdca/file/825001/download
This order arguably required a back door to the specific iPhone and required that if Apple implemented the government's proposed solution, it "be coded with a unique identifier of the phone so that the SIF would only load and execute on the 'SUBJECT DEVICE'."
The US intelligence bods are now warning people against buying Huawei phones. I might believe the FBI, CIA and NSA a bit more if they hadn't spent quite so much time and effort doing precisely what they're accusing the Chinese government of doing:
https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html
"I might believe the FBI, CIA and NSA a bit more if they hadn't spent quite so much time and effort doing precisely what they're accusing the Chinese government of doing"
keep in mind, there's a whole lot of "shake-up" going on at the top of those 3 organizations right now.
Also worth pointing out: The former head of the CIA (under Obaka) voted COMMUNIST back in the 70's...
https://en.wikipedia.org/wiki/John_O._Brennan
(OK he says it was a protest vote - but it's funny to mention it anyway)
Once these organizations get some forced re-organization, maybe some of the hypcritical nonsense will stop? That might include not using Windows, either. BSD is home-grown and open source, use that!
Otherwise, it's been my observation that unscrupulous people tend to LOUDLY accuse others of doing the SAME things THEY do, and that goes MEGA-TUPLE for POLITICS.
If the US Govornment doesn't want to buy tech from a firm that is not on native soil that sounds like a reasonable security measure to me. It's probably stupid, until it isn't. . . Not to say a US tech firm could not be exploited by a foreign government, but I'm guessing we could react somewhat faster if they were here in CONUS. But hey, it's a free country *you* can buy whatever you want, from wherever you want.
If you live in the UK, you can howl to the appropriate places as you see fit to allow whatever you might want your government to use. If you don't live in the US, then it's not your concern, get over yourself.
All that said Kaspersky is as awful as McAfee. I'm liking Cylance thus far, Sophos was getting way too flakey and fat. YMMV.
This must be intentional flame war comment stuff. Do people really lack enough cynicism and experience to believe that the Russian government, or the US governent for that matter would not try and exploit something like an AV program installed on machines if it so desired? Really?
"All that said Kaspersky is as awful as McAfee", I disagree I would say, having used both, that McAfee is incomparably inferior and having worked with McAfee for years in corporate environments I would say that it created more problems than it solved.
As to the US Gov not wanting it to be run on state equipment, that in itself is not a problem but the public slur of suggesting that Kaspersky was acting inappropriately was and cannot be seen as anything other than anticompetative.
If the US Gov had some real evidence to back up their claims against Kaspersky then they would have banned the software completely from the US but clearly they do not so the Gov is again using the "better dead than red" to distract the US public from the fact that the US spy agencies fked up yet again. That so many people posting here buy the spiel is a sad reminder of just how much the US public and the NSA deserve each other.
that they detect the USA badware, unlike all the other AV's out there. This is so unlikely that it's a near sure thing that the other AV's have put in some kind of ability for the TLAs to get past them, probably demanded by the US government (if you can call this government). Kaspersky rightly refuses to do this, just like some other companies don't want to put in crypto backdoors.
The committed the fatal sin of showing the world that US badware is detectable by at least one AV, but not others. NSA and pals can't have that - people might think and stuff.
What other badware do all the other AV's miss? Is it like there's a special magic key for US badware, or what? I thought that at least many of them worked by behavior at some level - hey - something's sending a lot of data out of your box - for example. So will the other AV's now also miss badware that's just the less-professional non-state criminals?
So far the only country agnostic anti-malware I know of is Emsisoft. They even flipped the bird to the German government for insisting on white-listing their own country's spyware. They are also the ONLY anti-malware that can find all the MPAA's DRM spyware in my entertainment system - the only reason I quit using them, was because they eventually made it impossible to successfully put such processes in an exclusion zone. I couldn't play my Blu-ray or watch HDTV on cable as long as Emsisoft was on my PC, so I had to get rid of it. Sad really, because they must be the best!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
