In an open letter, Kaspersky claimed that officials acted on "subjective, non-technical" sources of information, including "uncorroborated" reports, and that the efforts at reciprocity were largely one-sided. Kaspersky made "good faith" attempts at addressing concerns, according to the letter, but there was reportedly no significant opportunity to be heard before the DHS issued its directive.

The company is particularly upset that the DHS was worried about security risks that are true of antivirus tools as a whole, not any evidence that Kaspersky was up to no good. Many antivirus companies use the cloud to collect and process malware samples, for example, but these were treated as unique problems. As far as Kaspersky is concerned, the DHS issued its fateful directive simply because of the antivirus maker's Russian origins, facts be damned.

Whether or not Kaspersky has a case, it faces an uphill battle. It offered independent reviews of its source code in a bid to prove it's not a Russian government mole, but officials have said it wouldn't be enough to change their mind. Like it or not, it may have to go without US government contracts so long as there's even a mild suspicion that it might be working on the Russian government's behalf.