Government Contracts Appeal of NDAA 2018 Bar of Kaspersky Labs Denied
Monday, January 7, 2019

Appeal of NDAA 2018 Bar of Kaspersky Labs Denied

By Government Contracts Editorial Staff

The Court of Appeals for the District of Columbia Circuit affirmed a district court’s dismissal of a suit challenging a provision of the National Defense Authorization Act for Fiscal Year 2018 because barring the government from using Kaspersky Lab’s products and services was not a punitive bill of attainder. Acting on concerns Russia could exploit the plaintiffs’ cybersecurity products that defended government computer systems, Congress included in the NDAA FY 2018 (PL 115-91) §1634, which prohibits the government from using any hardware, software, or services developed or provided by Kaspersky Lab, any related entity, or any entity of which Kaspersky Lab had majority ownership. The plaintiffs asserted §1634 violated the Constitution’s bill of attainder clause (US Const Art I, §9, Cl 3). The district court concluded the plaintiffs failed to plausibly allege §1634 constituted a bill of attainder and granted the government’s motion to dismiss for failure to state a claim.

Reasonable and Balanced Response. On appeal, the court reiterated the basic elements of a prohibited bill of attainder: that it applies with specificity and imposes punishment. Because the government conceded §1634 applied with specificity to the plaintiffs, the court focused on applying the Supreme Court’s three tests to distinguish permissible burdens from impermissible punishments: whether the statute furthers nonpunitive legislative purposes (functional test), whether the statute falls within the historical meaning of legislative punishment (historical test), and whether the legislative record “evinces a congressional intent to punish” (motivational test) (468 US 841). Here, “[g]iven the not insignificant probability that [the plaintiffs’] products could have compromised federal systems and the magnitude of the harm such an intrusion could have wrought, Congress’s decision to remove [the plaintiffs] from federal networks represented a reasonable and balanced response.” Therefore, under the functional test, §1634 was prophylactic, not punitive. Section 1634 also fell far short of “the historical meaning of legislative punishment” because it applied to a corporate entity and represented “no more than a customer’s decision to take its business elsewhere,” which differed greatly from “the stain of a ‘brand of infamy or disloyalty,’” which “matters most to flesh-and-blood humans.” Finally, the plaintiffs failed to offer evidence that Congress had punitive intent. (Kaspersky Lab, Inc., et al. v. Dept. of Homeland Security, et al., CA-DC, 62 CCF ¶81,532).

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More