The cybersecurity firm Kaspersky denied Friday that it is a security threat after the U.S. Commerce Department banned the use of its software in the United States.
The Moscow-based company — whose CEO Eugene Kaspersky is Russian — said in a statement that the Commerce Department’s decision would not affect its ability to sell and promote its cyber security products and training in the U.S.
Kaspersky said the government had based its decision on the “geopolitical climate and theoretical concerns” rather than independently verifying if there was a risk.
The government says Kaspersky’s Russian connections mean the company poses an “undue or unacceptable risk to U.S. national security or the safety and security.”
The company conducts much of its business in Russia and, as a Russian citizen who lives in that country, Eugene Kaspersky himself is subject to Russian law, the Commerce Department said in a decision dated June 14 that was posted on the Federal Register.
The department said it had considered Kaspersky’s objections to the initial findings of its investigation into whether its products or services posed a threat and found that the decision to ban its software was “well supported.”
Aside from the company’s obligation to abide by Russian laws and decisions, its software can be exploited to identify sensitive U.S. citizens’ data and make it available to Russian government actors, the department said.
“The risks to U.S. national security addressed in this Final Determination stem not from whether Kaspersky’s products are effective at identifying viruses and other malware, but whether they can be used strategically to cause harm to the United States,” it said.
Kaspersky boasts one of the world’s most popular consumer antivirus products and a research unit widely respected for routinely exposing elite hacking groups.
In 2019, The Associated Press found that an undercover operative had targeted several cybersecurity experts in an apparent effort to gather intelligence about critics of Kaspersky.
The company says it cannot deliberately obtain sensitive data on Americans and that its operations and employees in Russia can only access aggregate or statistical data not attributable to a specific person. It said the main impact of the U.S. government’s decision would be to benefit cybercrime, while also diminishing the freedom of consumers and organizations to choose the cyber protection they want.
“We look forward to what the future holds, and will continue to defend ourselves against actions that seek to unfairly harm our reputation and commercial interests,” it said.