WEBVTT - Update: The Russian Cybersecurity Company Kaspersky Lab 0:00:00.200 --> 0:00:04.440 Hi, everyone, it's a Key This Week group bringing you 0:00:04.519 --> 0:00:07.960 an update on an episode that we first broadcast last summer. 0:00:08.560 --> 0:00:12.320 It was the result of a detailed investigation into Kaspersky Lab, 0:00:12.520 --> 0:00:16.320 one of Russia's largest tech companies in the businesses relationship 0:00:16.360 --> 0:00:18.960 with the Russian government. We're going to play you an 0:00:18.960 --> 0:00:22.520 excerpt of that original episode to refresh your memory. But 0:00:22.600 --> 0:00:25.560 stick around because we'll be back after that with an update. 0:00:30.720 --> 0:00:36.560 Like call hearing to order, like to welcome our witnesses. Today, 0:00:36.680 --> 0:00:42.720 Director of National Intelligence Dan Coates and may a group 0:00:42.800 --> 0:00:45.800 of U. S senators held the public hearing. It was 0:00:45.840 --> 0:00:49.120 about maybe the most divisive tech company that you've never 0:00:49.159 --> 0:00:53.680 heard of. Kaspersky Lab software is used by not hundreds 0:00:53.680 --> 0:00:58.320 of thousands, millions of Americans. Kaspersky Lab, that's Russia's top 0:00:58.400 --> 0:01:02.720 cyber security company. This is Marco Rubio, a Republican Senator 0:01:02.760 --> 0:01:05.640 from Florida. He's sitting behind a wooden daist with the 0:01:05.680 --> 0:01:09.039 rest of the Senate's Intelligence Committee, and he's questioning a 0:01:09.040 --> 0:01:12.360 panel of America's most senior intelligence officials. To each of 0:01:12.360 --> 0:01:14.440 our witnesses, I would just ask, would any of you 0:01:14.600 --> 0:01:19.479 be comfortable with Cospersky Lab software on your computers have 0:01:19.520 --> 0:01:25.320 resounding no for me. No Senator, no sir, No Senator, 0:01:25.560 --> 0:01:30.120 no sir. This software from Kaspersky Lab that none of 0:01:30.160 --> 0:01:34.160 these intelligence officials want on their computers. It's not just 0:01:34.200 --> 0:01:37.800 your run of the mill application. It's anti virus software 0:01:37.840 --> 0:01:41.800 that gets very deep access into our computers to protect 0:01:41.880 --> 0:01:45.800 us from hackers. Their software is installed all over the 0:01:45.880 --> 0:01:49.800 United States in the computers of not just US ordinary consumers, 0:01:49.840 --> 0:01:53.600 but also in the computers of banks, power plants, internet routers, 0:01:53.640 --> 0:01:56.520 and even portions of the U. S. Government. But the Senators, 0:01:56.880 --> 0:02:00.960 once again without mentioning details, seemed to be very concerned 0:02:00.960 --> 0:02:04.280 about the ties that the company has with Russia's own government, 0:02:04.800 --> 0:02:07.840 the very government that tried to influence and hack the U. S. 0:02:07.880 --> 0:02:11.600 Presidential elections last fall. Today, I'm going to give you 0:02:11.639 --> 0:02:16.000 a peek into Kaspersky's connections with people inside Russia's intelligence services, 0:02:16.480 --> 0:02:19.400 relationships the company has tried to keep secret. It's an 0:02:19.400 --> 0:02:22.079 investigation that we've been working on for about two years now. 0:02:22.520 --> 0:02:24.840 These are details that have never been reported on before. 0:02:39.360 --> 0:02:43.840 Hi am Akio, and I'm Jordan Robertson, and this week Undecrypted, 0:02:44.040 --> 0:02:46.720 we're going to be introducing you to Kaspersky Lab and 0:02:46.760 --> 0:02:51.560 its founder and CEO, Eugene Kaspersky in Russia. Eugene is 0:02:51.600 --> 0:02:54.640 a celebrity entrepreneur, one of the few really big names 0:02:54.680 --> 0:02:58.120 in Moscow's tech industry. He's built a huge business across 0:02:58.160 --> 0:03:00.720 the U S and Western Europe, which together make up 0:03:00.720 --> 0:03:04.840 more than half the company sales. Kaspersky himself has publicly 0:03:04.919 --> 0:03:07.799 denied working with the Russian government, and he's offered to 0:03:07.840 --> 0:03:11.400 answer senators questions and to make the company's source code 0:03:11.480 --> 0:03:14.360 available to the US government to show that there's no 0:03:14.440 --> 0:03:18.040 cause for concern. But after listening to this episode, I 0:03:18.080 --> 0:03:22.040 think you'll understand why the US government thinks Kaspersky may 0:03:22.080 --> 0:03:25.840 be vulnerable to Russian government influence. Now, none of this 0:03:25.919 --> 0:03:28.840 is meant to suggest that Kaspersky has actually used its 0:03:28.880 --> 0:03:32.440 connections with the Russian government for malicious purposes. We do 0:03:32.520 --> 0:03:35.360 not have any basis for believing that. But the combination 0:03:35.480 --> 0:03:39.280 of having relationships with people in Russian intelligence, as well 0:03:39.280 --> 0:03:42.680 as the ability to closely monitor large swaths of our 0:03:42.760 --> 0:03:48.360 digital infrastructure, is making American officials nervous. Plus will please 0:03:48.440 --> 0:03:52.000 some tape that has never been aired before of using 0:03:52.080 --> 0:03:56.839 Kaspersky himself talking candidly on the record about his relationship 0:03:56.920 --> 0:04:12.000 with some Russian government officials. Stay with us. So. Eugene 0:04:12.040 --> 0:04:16.000 Kaspersky was educated at a KGB sponsored cryptography institute, and 0:04:16.040 --> 0:04:19.239 he later worked for Russian military intelligence. But the reason 0:04:19.279 --> 0:04:22.040 he's famous is for his company, Kaspersky Lab. It was 0:04:22.080 --> 0:04:24.839 a company he started twenty years ago in the early 0:04:24.960 --> 0:04:28.320 days of anti virus security software, and it's made him 0:04:28.360 --> 0:04:31.200 a rich man. It's also made him the target of 0:04:31.240 --> 0:04:35.000 some of these congressional and intelligence community attacks. Right he's 0:04:35.080 --> 0:04:37.320 viewed at home in Russia kind of the way we 0:04:37.360 --> 0:04:41.159 think about Mark Zuckerberg right here in the US. He is. 0:04:41.520 --> 0:04:44.280 Eugene is a boisterous, barrel chested guy in his fifties. 0:04:44.520 --> 0:04:46.600 I've met him a few times, and everyone who's met 0:04:46.640 --> 0:04:48.800 him will tell you the same thing. He's the life 0:04:48.800 --> 0:04:52.120 of the party. He's gregarious, quick with a joke, and 0:04:52.200 --> 0:04:54.520 you just get the sense that this guy knows stuff 0:04:54.560 --> 0:04:57.400 that others don't like. He's plugged into places not a 0:04:57.400 --> 0:05:01.000 lot of other people are, and his company a Spersky Lab, 0:05:01.080 --> 0:05:04.600 has a big reputation too. I can tell you that 0:05:04.960 --> 0:05:09.479 in Moscow here that's Oleg Demodov, a Russian cyber warfare 0:05:09.520 --> 0:05:12.720 expert with the p i R Center, an international security 0:05:12.720 --> 0:05:17.240 research organization based in Moscow. Kaspersky Lab has been regarded 0:05:17.600 --> 0:05:24.680 is probably the most successful company in Russian information security 0:05:24.800 --> 0:05:28.719 cyber security sector, and that success all came from the 0:05:28.800 --> 0:05:32.919 anti virus software that the company sells. Kaspersky makes deals 0:05:32.920 --> 0:05:35.880 with retailers and PC makers to install it software on 0:05:35.960 --> 0:05:38.840 the devices, in some cases even before you buy it, 0:05:39.320 --> 0:05:42.479 and this part of Kaspersky's business is very large. It's 0:05:42.480 --> 0:05:45.360 what the company is most known for. I sense a butt, 0:05:46.080 --> 0:05:49.920 but Kaspersky's technology is also pervasive in less obvious places. 0:05:50.240 --> 0:05:54.479 The company boasts some four million users worldwide, but according 0:05:54.520 --> 0:05:57.320 to one person familiar with how the company counts users, 0:05:57.680 --> 0:06:00.680 as many as two hundred million of those probably don't 0:06:00.720 --> 0:06:04.920 know it. That's because of undisclosed licensing agreements that put 0:06:04.960 --> 0:06:08.520 the Kaspersky Lab anti virus system in things like Internet 0:06:08.560 --> 0:06:12.640 routers that power large corporate networks and even critical US infrastructure. 0:06:15.200 --> 0:06:19.120 Kaspersky was founded in Moscow, but has quickly expanded its 0:06:19.160 --> 0:06:22.679 business to other markets. More than half of Kaspersky Labs 0:06:22.680 --> 0:06:24.840 revenue last year came from the U S and Europe, 0:06:25.000 --> 0:06:28.159 according to the research company I d C. And Eugene 0:06:28.160 --> 0:06:31.440 knows it's critically important that his clients in the West 0:06:31.720 --> 0:06:35.599 do not associate him too closely with his government, which 0:06:35.640 --> 0:06:39.279 of course has been actively hacking political operatives across the 0:06:39.360 --> 0:06:42.520 US and Europe. Yes, but I do need to emphasize 0:06:42.800 --> 0:06:45.159 it's not just Russian companies that have to work with 0:06:45.200 --> 0:06:47.760 the Russian government. I don't think there's a tech company 0:06:47.760 --> 0:06:49.880 in the world that can just refuse to cooperate with 0:06:49.920 --> 0:06:53.839 its home government. Right. The Edwards Snowden revelations showed a 0:06:53.960 --> 0:06:56.640 pretty cozy relationship between the n s A and a 0:06:56.680 --> 0:06:59.960 lot of American tech companies, So it wouldn't be super 0:07:00.040 --> 0:07:02.520 rising at all to people in the industry if Kaspersky 0:07:02.600 --> 0:07:04.599 Lab had to keep some amount of contact with the 0:07:04.640 --> 0:07:08.120 Russian government, complying with legal requests for information and that 0:07:08.200 --> 0:07:11.200 kind of thing. Those sorts of requests are very routine 0:07:11.400 --> 0:07:16.920 and happened here in the US. Two. But then there's 0:07:16.960 --> 0:07:19.960 the stuff that you've discovered in your reporting with our 0:07:19.960 --> 0:07:24.720 cybersecurity reporter Michael Riley. Right, our reporting shows that Kaspersky 0:07:24.760 --> 0:07:27.960 has maintained a much closer working relationship with Russia's main 0:07:28.000 --> 0:07:32.680 intelligence agency, the FSB, than Eugene Kaspersky has publicly admitted. 0:07:33.160 --> 0:07:37.240 We found evidence that Kaspersky Lab developed custom security technology 0:07:37.400 --> 0:07:40.800 that the FSB asked for. Plus we've uncovered some joint 0:07:40.840 --> 0:07:44.800 projects between the company and Russian intelligence. Coming up, we'll 0:07:44.920 --> 0:07:49.000 hear the details on Jordan's and Mike's investigation. That's right 0:07:49.040 --> 0:07:57.920 after the short break. Before the break, we were just 0:07:58.000 --> 0:08:01.240 about to hear the details of your stigation, Jordan with 0:08:01.320 --> 0:08:04.760 Mike that highlighted some of the work that Kaspersky has 0:08:04.840 --> 0:08:08.280 done for the FSP. So let's hear these details. So, 0:08:08.400 --> 0:08:11.560 my colleague Mike Riley and I recently reviewed internal emails 0:08:11.560 --> 0:08:14.960 from October two thousand nine, suggesting that at least back then, 0:08:15.360 --> 0:08:18.480 Kaspersky Lab had a close working relationship with the FSB. 0:08:18.920 --> 0:08:22.280 Now remember that's the main intelligence agency in Russia, right, 0:08:22.360 --> 0:08:25.920 And what did that relationship look like? These emails actually 0:08:25.920 --> 0:08:29.520 come from Eugene Kaspersky himself discussing a project with his 0:08:29.600 --> 0:08:32.520 senior staff. The emails show that even back in two 0:08:32.520 --> 0:08:36.480 thousand nine, so again eight years ago, Kaspersky was making 0:08:36.520 --> 0:08:40.320 custom software to protect the government's own network from any 0:08:40.360 --> 0:08:45.480 kind of external hack. And that doesn't sound that unusual, right, Well, 0:08:45.600 --> 0:08:47.800 It's one thing to make the software and sell it 0:08:47.840 --> 0:08:51.120 to the government, but the emails also discussed another type 0:08:51.120 --> 0:08:55.080 of operation. Kaspersky Lab's own employees appear to have been 0:08:55.160 --> 0:08:59.480 physically accompanying Russian agents on these raids to locate people 0:08:59.520 --> 0:09:02.600 thought to be launching hacks or cyber attacks against the government. 0:09:02.840 --> 0:09:06.400 So not just tracking these hackers down from their offices, 0:09:06.440 --> 0:09:10.280 but actually riding along on the cop cars. Correct. Have 0:09:10.400 --> 0:09:14.040 you heard of this kind of thing ever happening before? No? Never. 0:09:14.160 --> 0:09:16.720 We talked to lots of cybersecurity experts, and I've never 0:09:16.760 --> 0:09:20.040 spoken to one who's accompanied a federal law enforcement agent 0:09:20.080 --> 0:09:23.080 on an arrest. It's very common for private sector security 0:09:23.080 --> 0:09:26.040 companies here in the US to provide data on criminal 0:09:26.080 --> 0:09:29.640 hackers to the FBI, which then makes the arrest right 0:09:29.840 --> 0:09:32.520 And and what else did you find? Those emails, which 0:09:32.600 --> 0:09:35.120 I should remind everyone were written in two thousand nine, 0:09:35.559 --> 0:09:39.280 mentioned two Kaspersky Lab employees by name. One of them 0:09:39.440 --> 0:09:41.880 was the Caspersky employee going out on those raids with 0:09:41.920 --> 0:09:45.880 the FSP agents. In December, the Russian government arrested that 0:09:45.960 --> 0:09:49.240 man on treas and charges for alleged connections to get 0:09:49.280 --> 0:09:59.800 this U S intelligence for a company that claims to 0:10:00.040 --> 0:10:04.400 have no connections to the Russian government, having employees ride 0:10:04.480 --> 0:10:08.479 along on these raids sounds very much like a connection. 0:10:09.080 --> 0:10:11.000 And as luck would have it, Mike and I actually 0:10:11.000 --> 0:10:13.760 broached some of these subjects with Eugene Kaspersky back in 0:10:15.120 --> 0:10:17.520 for a profile we did on the company for Bloomberg 0:10:17.559 --> 0:10:21.200 Business Week. Eugene Kaspersky agreed to let us record the interview, 0:10:21.480 --> 0:10:24.160 which was all on the record, and Jordan's this was 0:10:24.240 --> 0:10:28.520 the first time that you confronted Eugene Kaspersky with information 0:10:28.600 --> 0:10:33.040 you'd obtained back then about his ties to Russian officials. Well, 0:10:33.080 --> 0:10:35.600 I'll play you this bit first. This is where Eugene 0:10:35.679 --> 0:10:39.600 Kaspersky suggests that his company's interactions with law enforcement, both 0:10:39.600 --> 0:10:45.120 in Russia and in other countries around the world, happened routinely. Well, actually, 0:10:45.120 --> 0:10:48.400 we're in Dutch, was both us everywhere on the world. 0:10:48.920 --> 0:10:53.160 We're in Dutch with the cyber police and cybersecurities. Uh 0:10:53.200 --> 0:10:56.600 and in the Russia the cyber police is for their 0:10:56.760 --> 0:10:59.640 low levels other crime and there were serious effects like 0:10:59.679 --> 0:11:02.520 kind of not yet. For example, this level is a 0:11:02.920 --> 0:11:06.280 FSB department which is kind of deches right side side, 0:11:07.280 --> 0:11:09.920 So of course we worked very close to them because 0:11:10.480 --> 0:11:13.240 there's so much crime in Russia. But after quite openly 0:11:13.280 --> 0:11:15.320 talking about the work that he does with the FSB, 0:11:15.880 --> 0:11:18.720 Eugene Kaspersky reverts to this favorite punch line of his, 0:11:19.280 --> 0:11:21.679 which is at he's closer to the FBI in America 0:11:21.880 --> 0:11:24.440 than he is with Russian authorities. So there are rumors 0:11:24.440 --> 0:11:28.120 about our various special links. And in creaming we'll have 0:11:28.720 --> 0:11:30.600 I let's say that, of course we have in touch 0:11:30.640 --> 0:11:34.439 with these guys, but I think that in Israel, in 0:11:34.440 --> 0:11:38.679 in the United States, we have much better connection this 0:11:40.160 --> 0:11:44.200 love of enforcement. And in this interview in Mike and 0:11:44.240 --> 0:11:46.840 I asked Eugene about this thing we heard about where 0:11:46.840 --> 0:11:49.120 he goes to the banya with members of the Russian 0:11:49.120 --> 0:11:53.960 military and Russian intelligence is a Russian sauna, that's right, 0:11:54.480 --> 0:11:57.199 And we wanted to ask specifically about this because if 0:11:57.200 --> 0:12:00.080 it's true, that would suggest he has friendly relations and 0:12:00.120 --> 0:12:03.480 ships with people in Russian intelligence. When I go to Banna, 0:12:03.640 --> 0:12:06.840 it's like a difference not only from the company, but 0:12:06.880 --> 0:12:10.079 we don't talk about business. There are some most friends. 0:12:10.320 --> 0:12:14.640 FSB military generals are some of these training or military personnel, 0:12:15.480 --> 0:12:17.880 and therefore they we have a one guy there. It's 0:12:17.920 --> 0:12:21.880 a friend of us. Uh, he's a retired as he's 0:12:21.880 --> 0:12:26.240 simply there because well, actually he was responsible for certification. 0:12:27.040 --> 0:12:29.440 So to get a military contract like the New States 0:12:29.480 --> 0:12:31.120 and the Europe and the rest of the same, you 0:12:31.240 --> 0:12:34.600 have to positiveification. So we went touch with that man 0:12:34.720 --> 0:12:46.360 for long years. So Kaspersky is wide business network in 0:12:46.400 --> 0:12:49.880 the US, combined with a working relationship with the Russian 0:12:49.920 --> 0:12:53.880 government is what's making officials here in the US nervous. 0:12:53.920 --> 0:12:57.760 For them, even the possibility of Kaspersky's platform being used 0:12:57.760 --> 0:13:01.120 as a backdoor into computers, fire walls, and routers around 0:13:01.120 --> 0:13:04.079 the world is terrifying, although we don't have evidence that 0:13:04.160 --> 0:13:06.920 the company ever tried to do this. And in a statement, 0:13:07.080 --> 0:13:11.520 Democratic Senator Jeane Schaheen called the ties between Kaspersky and 0:13:11.559 --> 0:13:15.160 the Kremlin quote alarming, and she said it's because of 0:13:15.200 --> 0:13:19.040 that that the Congress and the administration thinks quote Kaspersky 0:13:19.160 --> 0:13:24.800 lap cannot be trusted to protect critical infrastructure, particularly computer systems, 0:13:24.920 --> 0:13:28.160 vital to our nation's security. We also saw news of 0:13:28.200 --> 0:13:31.320 a Senate bill that will ban the Department of Defense 0:13:31.360 --> 0:13:35.960 from using Kaspersky software. We recently reported at Bloomberg that 0:13:36.040 --> 0:13:39.800 Russia is threatening some kind of retaliation if this bill 0:13:39.880 --> 0:13:43.200 goes through. We don't have details on what kind of 0:13:43.240 --> 0:13:46.360 measures that could entail, but the threat from Russia shows 0:13:46.400 --> 0:13:48.960 just how important this one company could become. And by 0:13:49.000 --> 0:13:52.240 the way, we ask Kaspersky Lab for comment on our 0:13:52.280 --> 0:13:57.520 story today, they said, quote, Kaspersky Lab has always acknowledged 0:13:57.600 --> 0:14:01.720 that it provides appropriate products and services to governments around 0:14:01.720 --> 0:14:06.000 the world to protect those organizations from cyber threats, but 0:14:06.120 --> 0:14:10.000 it does not have any unethical ties or affiliations with 0:14:10.120 --> 0:14:17.160 any government, including Russia. With the U S relationship with 0:14:17.240 --> 0:14:20.840 Russia where it is now just tensions being higher than 0:14:20.880 --> 0:14:24.240 they have in a really long time. Do you think 0:14:24.280 --> 0:14:27.680 a company like Kaspersky Lab even stands a chance in 0:14:27.720 --> 0:14:30.720 the federal government market. I think Kaspersky Lab is going 0:14:30.760 --> 0:14:33.840 to find it very, very hard to penetrate the US 0:14:33.920 --> 0:14:36.640 federal market, and they've all but acknowledged that this really 0:14:36.680 --> 0:14:40.000 isn't a market they're pursuing. However, on the consumer side, 0:14:40.360 --> 0:14:42.800 their software is actually really good at what it does, 0:14:42.840 --> 0:14:46.040 and it has the endorsement of a lot of cybersecurity professionals, 0:14:46.080 --> 0:14:49.320 so on that side, they still see potential for very 0:14:49.440 --> 0:14:52.840 very big growth, but really what's happening here is just 0:14:53.120 --> 0:14:56.560 as the US doesn't buy missiles and other weapons systems 0:14:56.880 --> 0:14:59.520 from foreign countries, we're starting to see the same thing 0:14:59.560 --> 0:15:02.920 play out in the cybersecurity market, where if your security 0:15:02.960 --> 0:15:06.480 software is made by made in a country that is 0:15:06.520 --> 0:15:10.000 considered an adversary, you may not have great success here 0:15:10.000 --> 0:15:23.840 in the U. S Okay, so Jordan's it is now mayen. 0:15:24.360 --> 0:15:27.600 Since we first ran that episode last year, the Trump 0:15:27.640 --> 0:15:32.160 administration has banned the federal government from using Kaspersky software. 0:15:32.800 --> 0:15:35.520 A lot's happened. Walk us through some of the highlights. 0:15:36.000 --> 0:15:40.960 As no federal agency is allowed to use Kaspersky Lab 0:15:41.320 --> 0:15:44.040 software anywhere on its networks. Now, that doesn't mean there's 0:15:44.080 --> 0:15:47.240 no Kaspersky Lab software anywhere on those networks Already, It's 0:15:47.320 --> 0:15:50.840 used in some very small parts of those organizations. So 0:15:51.400 --> 0:15:53.920 as though the government is supposed to be getting rid 0:15:53.960 --> 0:15:56.760 of all of that software. Uh, it's been several years 0:15:56.760 --> 0:15:59.200 now since we've been hearing this drumbeat of concerns from 0:15:59.280 --> 0:16:02.880 national security officials here in the US that Caspersky Lab 0:16:02.960 --> 0:16:06.160 could be a backdoor mechanism for the Russian government to 0:16:06.200 --> 0:16:11.440 spy on American citizens, American businesses, American government organizations and uh, 0:16:11.480 --> 0:16:16.640 and last year a pretty bombshell type of storyline emerged, 0:16:17.080 --> 0:16:22.000 you know, that involved Kaspersky Labs software apparently being used, 0:16:22.280 --> 0:16:26.400 according to National security officials, at the hands of Russian 0:16:26.440 --> 0:16:31.960 intelligence services, to spy on American citizens computers and look 0:16:32.000 --> 0:16:35.200 for classified material on those computers. And in one case, 0:16:35.240 --> 0:16:38.600 apparently they found an n S A contractor who had 0:16:38.640 --> 0:16:42.640 taken classified materials home to his home computer. The Caspersky 0:16:42.720 --> 0:16:46.400 Lab software, according to the reporting, flagged on that software, 0:16:46.560 --> 0:16:50.920 and UH, the Cospersky Lab software was able to retrieve 0:16:51.080 --> 0:16:54.320 that classified material from that analyst computer who wasn't supposed 0:16:54.360 --> 0:16:56.000 to have it on his computer in the first place. 0:16:57.160 --> 0:16:59.720 And then there's the report we saw just the other 0:16:59.760 --> 0:17:05.560 week that U S Intelligence officials are considering officially sanctioning Kaspersky. 0:17:05.680 --> 0:17:07.879 Tell us what that means, tell us why that is 0:17:07.920 --> 0:17:11.560 different from what's already happened. Sure, so what we're seeing now. 0:17:11.560 --> 0:17:14.480 Anytime you see these stories about, you know, federal officials 0:17:14.560 --> 0:17:18.040 mulling a ban on something, whether it's Kaspersky Lab software 0:17:18.040 --> 0:17:22.560 out of Russia or Huawei and Zte hardware and mobile 0:17:22.600 --> 0:17:24.960 phones out of China, you know what the government is 0:17:25.000 --> 0:17:28.560 typically doing is restricting the use of those technologies on 0:17:28.960 --> 0:17:31.360 federal networks. I mean, that's what the federal government can 0:17:31.359 --> 0:17:34.520 most directly control in the case of Kaspersky Lab. Again, 0:17:34.520 --> 0:17:37.960 as of Kaspersky is banned from all federal networks, that's 0:17:38.240 --> 0:17:40.520 kind of the logical step for a federal government that's 0:17:40.520 --> 0:17:44.600 concerned about a technology. Sanctioning Kaspersky Lab would be a 0:17:44.600 --> 0:17:48.119 whole other level. What's sanctioning Kaspersky Lab would mean is 0:17:48.160 --> 0:17:52.080 that no US business would be legally allowed to do 0:17:52.160 --> 0:17:54.840 business with Kaspersky Lab. That would be a fine, herble 0:17:55.359 --> 0:17:59.239 punishable offense. So if Kaspersky were to be sanctioned by 0:17:59.280 --> 0:18:03.280 the US, that would effectively wipe out all of Kaspersky's 0:18:03.359 --> 0:18:06.920 US sales. That would be devastating for the company instantly. Yeah, 0:18:06.920 --> 0:18:08.720 I mean, as all of this has gone on, you know, 0:18:08.800 --> 0:18:13.000 Kaspersky has lost over the past year, especially significant clients 0:18:13.040 --> 0:18:15.199 in the US. Best Buy has stopped selling them at 0:18:15.200 --> 0:18:17.920 their retail stores. Uh, you know, and other large big 0:18:17.960 --> 0:18:21.199 box retailers have done the same. But still it's it 0:18:21.240 --> 0:18:24.639 hasn't been illegal to buy the software, and many, many people, 0:18:24.680 --> 0:18:27.920 millions of people have Kaspersky software in the US. I 0:18:27.920 --> 0:18:30.040 mean Let's not forget it was only you know a 0:18:30.119 --> 0:18:32.440 little over a year ago that you walk into any 0:18:32.480 --> 0:18:35.000 best buy in the country and you would see Kaspersky 0:18:35.080 --> 0:18:38.520 Labs software all over the shelves. And anytime you bought 0:18:38.600 --> 0:18:40.840 a new computer and went to the geek squad to 0:18:40.840 --> 0:18:43.520 have it set up. So you know, Kaspersky paid a 0:18:43.520 --> 0:18:46.159 pretty penny on for their marketing in the US. And 0:18:46.240 --> 0:18:48.520 the reason is the U s was is there. Big 0:18:48.640 --> 0:18:50.800 was their biggest market. But if they were to be 0:18:50.800 --> 0:18:53.680 formally sanctioned and all of that business were to dry up, 0:18:53.960 --> 0:18:56.200 you know, the big box retailers are gone, but any 0:18:56.240 --> 0:18:59.920 consumer business they had left in the US at any 0:19:00.040 --> 0:19:02.399 small business, uh, you know, sales they had left in 0:19:02.400 --> 0:19:05.280 the US, those are evaporate instantly, and you're talking about 0:19:05.280 --> 0:19:07.760 wiping out potentially, I don't know fift of the company. 0:19:07.880 --> 0:19:10.879 And you know recently the Chinese tech companies Huawei and 0:19:10.960 --> 0:19:15.040 Zte you just mentioned them earlier, have come under similar scrutiny. 0:19:15.200 --> 0:19:18.240 The Pentagon just announced that it's banning the sale of 0:19:18.359 --> 0:19:22.399 z t E and Wawi phones a military bases. And uh, 0:19:22.520 --> 0:19:25.280 presumably this is because US officials are worried that the 0:19:25.400 --> 0:19:28.920 Chinese government could order these companies to create backdoors to 0:19:29.000 --> 0:19:32.439 spy in Americans. What do you make of all this 0:19:32.640 --> 0:19:36.400 of these growing bands on foreign devices and services. Is 0:19:36.960 --> 0:19:40.160 the US soon only going to be using US design, 0:19:40.359 --> 0:19:43.960 US manufactured devices. You know, it's a double edged sword. 0:19:44.000 --> 0:19:46.600 It's like the trade wars we're seeing with steel and 0:19:46.680 --> 0:19:49.520 you know and other goods. Uh. You know, the federal 0:19:49.560 --> 0:19:52.760 government is absolutely within its authority to say, you know, 0:19:52.840 --> 0:19:56.359 technologies like Kaspersky Lab, if they have concerns about that company, 0:19:56.480 --> 0:20:00.000 have no place on a federal government network. Totally appropriate 0:20:00.080 --> 0:20:04.520 and totally understandable that the federal government would take steps 0:20:04.560 --> 0:20:08.159 to secure federal networks. When you move into the private sector, however, 0:20:08.240 --> 0:20:10.840 it gets a little trickier because you know, companies like 0:20:10.920 --> 0:20:15.040 Kaspersky in Whahwei and zte, you know, to the extent 0:20:15.160 --> 0:20:18.800 that they exist in the US marketplace at all, you know, 0:20:18.840 --> 0:20:20.960 they tend to live at the lower end. They live 0:20:21.040 --> 0:20:23.600 at the end of you know, small businesses that may 0:20:23.600 --> 0:20:25.680 not have a lot of money to pay for the 0:20:25.760 --> 0:20:28.840 high end security software or in the case of Whahwei 0:20:28.840 --> 0:20:31.919 and zte, you know, they would exist in the realm 0:20:31.960 --> 0:20:35.520 of kind of maybe regional internet carriers, small internet companies 0:20:35.840 --> 0:20:38.640 that may not have the money to buy cutting edge 0:20:38.640 --> 0:20:41.920 Cisco networking equipment or whatever. So to the extent those 0:20:41.960 --> 0:20:44.919 companies had a market presence at all in the US, 0:20:45.320 --> 0:20:47.719 you know, it wasn't at the big federal agencies. It 0:20:47.760 --> 0:20:50.760 wasn't at you know, large internet providers. It wasn't at 0:20:50.800 --> 0:20:53.480 big companies in the first place. And any time you 0:20:53.480 --> 0:20:56.159 get into the realm of regulating what the private sector 0:20:56.240 --> 0:20:58.960 can and can't buy, you get into really tricky territory 0:20:59.000 --> 0:21:01.960 because the other countries, the target countries, can do exactly 0:21:01.960 --> 0:21:04.800 the same to your companies. It's got to make American 0:21:04.840 --> 0:21:09.160 companies like Apple and Microsoft really nervous. Absolutely. I mean, 0:21:09.200 --> 0:21:11.960 you know, it's like if you split apart parts of 0:21:11.960 --> 0:21:14.040 the tech business that would be most affected by things 0:21:14.080 --> 0:21:16.480 like this, You're exactly right, it would be a company 0:21:16.480 --> 0:21:18.760 like Apple, say, you know, that does a ton of 0:21:18.800 --> 0:21:21.000 business in China and needs to do more business in 0:21:21.080 --> 0:21:24.919 China to to continue to further its growth. Uh. You know, 0:21:25.000 --> 0:21:28.240 the US government should tread very carefully in regulating what 0:21:28.280 --> 0:21:39.639 the private sector does and doesn't buy. And that's it 0:21:39.720 --> 0:21:43.199 for this week's episode of Decrypted. Thanks for listening. We 0:21:43.240 --> 0:21:44.800 always like to know what you think of the show, 0:21:45.160 --> 0:21:47.640 and which topics you want us to cover in future episodes. 0:21:48.359 --> 0:21:53.239 Right to us at decrypted at Bloomberg dot net. This 0:21:53.280 --> 0:21:58.040 episode was produced by Pogut, Cary, Liz Smith, Magnus Hendrickson, 0:21:58.440 --> 0:22:03.360 and Tofur Foreheads. Francesca Levy is head of Bloomberg Podcast. 0:22:03.480 --> 0:22:06.880 We'll see you next week.