The US Government appears to have withdrawn an invitation extended to Eugene Kaspersky, the head of Kaspersky Lab, to testify before Congress after the company's products were banned from use by US Government agencies.
The invitation was issued on 14 September, a a day after the ban was promulgated by the US Department of Homeland Security
The appearance by Eugene was initially supposed to be on 27 September. But that meeting never eventuated and a hearing of the panel in question, the Subcommittee on Oversight Hearing, is now slated for 25 October.
However, there is no slot allotted to the head of Kaspersky Lab at the hearing, the subject of which is "Bolstering the Government’s Cybersecurity: Assessing the Risk of Kaspersky Lab Products to the Federal Government".
{loadposition sam08}Listed to appear before the panel are:
- Donna Dodson, associate director and chief cyber security adviser, Information Technology Laboratory; chief cyber security adviser, National Institute of Standards and Technology;
- David Shive, chief information officer, US General Services Administration;
- James Norton, president, Play-Action Strategies; adjunct professor, Johns Hopkins University; and
- Sean Kanuck, director, Future Conflict and Cyber Security, International Institute for Strategic Studies.
Kaspersky Lab has come under heightened suspicion of colluding with Russian intelligence following the US presidential elections in 2016.
During the first half of October, three reports in the three main US mainstream newspapers made serious allegations about the company and this may, in part have contributed to the decision not to have Eugene testify before the panel.
A report in The Wall Street Journal on 11 October hinted that Kaspersky Lab could have made available its source code to the Russian Government.
Prior to that, a report in The Washington Post on 10 October claimed that Israeli Government information security professionals had found NSA hacking tools in Kaspersky Lab's system when it gained access to the company's servers in 2014.
And The New York Times claimed on 11 October that Russian Government employees had used Kaspersky's anti-virus software to search for the code names of US intelligence programmes, while Israeli intelligence officials looked on.
Kaspersky Lab was asked whether there has been any official contact from the US Government regarding the apparent change.
A company spokesperson responded: "We have seen the reports that the Committee has rescheduled its hearing. It has not communicated this to Kaspersky Lab. If the Committee proceeds with a rescheduled hearing we look forward to being provided the opportunity to address their concerns directly."
This quote from @kaspersky is solid gold.https://t.co/vTPlUm73fT pic.twitter.com/A4tUhbEo54
— Jake Williams (@MalwareJake) October 18, 2017
Meanwhile, in another blog post overnight, Eugene again denied any wrongdoing on the part of the company. However, as when iTWire put direct questions to him a week ago, he did not deal directly with the accusations made in the three articles by the WSJ, NYT and WP cited above.
However, a point made by the Kaspersky Lab team in a blog post on 16 October is worth citing here. In a Q and A, the team asked this query: "Is it true that Kaspersky Anti-Virus collects data from your computer?"
The response ran thus (emphasis mine): "Yes, it is true, but it doesn’t collect personal data such as documents and photos. Our products, much like antivirus software from most other companies, have a cloud protection component. It quickly reacts to any new threats and protects all of our users quite literally within a minute. We call this Kaspersky Security Network (KSN). As KSN works, the antivirus may actually transfer files to the cloud, but only if they’re related to malicious or suspicious files. More detail about this may be found here.
"And you can turn KSN off when installing the product or at any time after installation in the protection settings. If you like to develop cyber weapons on your home computer, it would be quite logical to turn KSN off — otherwise your malicious software will end up in our antivirus database and all your work will have been in vain. Our corporate customers can choose to use KPSN, our Private Security Network, instead, which provides the same level of protection, but does not transmit data to Kaspersky Lab’s servers."