[00:00:00] Speaker 00:
Case number 18-5176 at L, Kaspersky Lab, Inc.

[00:00:05] Speaker 00:
at L, Appellates versus United States Department of Homeland Security at L. Mr. Christensen for the Appellates, Mr. Yellen for the Appellates.

[00:00:48] Speaker 05:
Good morning, Your Honors.

[00:00:51] Speaker 05:
May it please reserve two minutes for rebuttal?

[00:00:54] Speaker 05:
Sure.

[00:00:54] Speaker 05:
May it please the Court, Scott Christensen, for Appellants Kaspersky Lab, Inc.

[00:00:59] Speaker 05:
and Kaspersky Labs Limited.

[00:01:02] Speaker 05:
The question before this Court really amounts to whether Congress can legislate a specific, complete, and permanent ban on a company that prevents judicial review of the executive branch's own sweeping ban.

[00:01:17] Speaker 05:
Section 1634A of the National Defense Authorization Act banishes Kaspersky Lab from providing any goods or services to the federal government without end and without recourse.

[00:01:30] Speaker 05:
That is punishment.

[00:01:32] Speaker 05:
That statutory section was introduced one year ago today.

[00:01:35] Speaker 04:
Wait a minute, you said by itself, just by its nature, it's punishment without context?

[00:01:40] Speaker 04:
Yes, Your Honor.

[00:01:41] Speaker 04:
What if it's done preventively?

[00:01:42] Speaker 04:
What if no one's ever done anything to be punished for?

[00:01:45] Speaker 04:
I beg your pardon?

[00:01:46] Speaker 04:
If it's done preventively and there's no act that's being punished, why is it punishment?

[00:01:50] Speaker 05:
Oh, it can be punishment as the Supreme Court has recognized even for prospective acts.

[00:01:56] Speaker 05:
So even if it's anticipating some difficulty in the future, it can be considered punishment following Brown, following selective service at the Supreme Court.

[00:02:06] Speaker 04:
So there's no preventive measure that can be taken.

[00:02:08] Speaker 05:
No, Your Honor, Congress can certainly pass laws of general applicability that can prevent problems in the future when Congress is prohibited.

[00:02:21] Speaker 03:
What would a narrower law look like here?

[00:02:24] Speaker 05:
I beg your pardon?

[00:02:24] Speaker 03:
What would a narrower law look like here?

[00:02:27] Speaker 04:
I think you want a broader law.

[00:02:29] Speaker 05:
Yeah, I think the problem is the narrow law.

[00:02:33] Speaker 03:
What would a broader law have looked like?

[00:02:35] Speaker 05:
A broader law that we've argued would be a less burdensome law would be one in which Congress said that

[00:02:48] Speaker 05:
Anyone who sought to be a federal contractor could not do business in Russia or could not have servers in Russia.

[00:02:57] Speaker 05:
Anyone who wanted to provide cybersecurity services as a federal contractor could not maintain servers in Russia.

[00:03:07] Speaker 03:
Congress's concern about this company was broader than just that its servers were in Russia.

[00:03:12] Speaker 03:
It was that its headquarters were in Russia and that it had relationship with Russian intelligence.

[00:03:19] Speaker 03:
Is there any other company like that?

[00:03:24] Speaker 05:
There are almost every other large cybersecurity company.

[00:03:28] Speaker 03:
Any other Russian company like that?

[00:03:30] Speaker 05:
There's no other Russian company that I know of.

[00:03:32] Speaker 04:
Would you be satisfied with a ban that said no Russian company, maybe a contractor?

[00:03:41] Speaker 05:
I think not, Your Honor, unless, again, that would not be balanced with the non-punitive purposes for the law.

[00:03:53] Speaker 04:
If there's only one party, and the parties can't be named, and so a larger class is substituted, but there's no one else in the class, that certainly doesn't do much for you, does it?

[00:04:09] Speaker 04:
We have this fiction in state legislation all the time, right, in which, you know, cities more than two million population are prevented for allowed to do this or that, and there's only one such city.

[00:04:21] Speaker 04:
So, are you relying on that formality?

[00:04:24] Speaker 05:
No, Your Honor.

[00:04:25] Speaker 05:
Looking to this Court's decision in Fordage,

[00:04:28] Speaker 05:
The court said that the selectivity or scope of a statute may indicate punitiveness where the differential treatment of the affected party or parties cannot be explained without resort to inferences of punitive purposes.

[00:04:42] Speaker 04:
And preventative purposes are not possible as an explanation here?

[00:04:46] Speaker 05:
Preventative purposes can be equally punitive to retributive purposes according to the Supreme Court's decision in Brown

[00:04:55] Speaker 04:
Can you read the passage from that?

[00:04:57] Speaker 04:
Yes.

[00:05:00] Speaker 05:
It was, in fact, in the Supreme Court's rejection in Brown of its prior decision in doubt

[00:05:19] Speaker 05:
This is 381 US at 458.

[00:05:25] Speaker 05:
The Supreme Court in Brown said it would be archaic to limit the definition of punishment to retribution.

[00:05:32] Speaker 05:
Punishment serves several purposes, retributive, rehabilitative, deterrent, and preventative.

[00:05:39] Speaker 05:
One of the reasons society imprisons those convicted of crimes is to keep them from inflicting future harm, but that does not make imprisonment any less the punishment.

[00:05:49] Speaker 04:
No one goes to prison without having done something.

[00:05:53] Speaker 04:
Correct.

[00:05:54] Speaker 04:
Nobody goes to prison without having committed a crime.

[00:05:56] Speaker 05:
Nobody goes to prison without having gone through a judicial trial that's safeguarded by all of the constitutional protections.

[00:06:03] Speaker 04:
Fair enough.

[00:06:04] Speaker 04:
The point is that when something is in that context that you just read, the preventive purpose is, which we often rethink of as disabling the person from committing another crime while they're at least for the duration of their jail time.

[00:06:18] Speaker 04:
It's not that they're just put in jail as a preventive matter.

[00:06:21] Speaker 05:
Right.

[00:06:21] Speaker 05:
And so there would have to be an inference that they've committed some wrong in the past, which is precisely the problem with Congress finding that.

[00:06:31] Speaker 04:
No, no.

[00:06:32] Speaker 04:
If prevention were limited to that, yes, but prevention can be undertaken without a crime having been committed.

[00:06:38] Speaker 04:
I mean, just in the ordinary course of life, right?

[00:06:40] Speaker 04:
One can prevent something without there having been an instance previously.

[00:06:46] Speaker 03:
You keep saying this is Congress is punishing Kaspersky, but we don't.

[00:06:53] Speaker 03:
To answer that question, we have to look to see what Congress's objective is in passing the law, don't we?

[00:07:01] Speaker 03:
Like in Nixon, you know,

[00:07:04] Speaker 03:
Yes, it was focused on Nixon, but Congress had a legitimate reason for passing law, which happened to have an impact on Nixon.

[00:07:12] Speaker 03:
And isn't that this case?

[00:07:14] Speaker 03:
Congress is attempting to protect the integrity of the U.S.

[00:07:18] Speaker 03:
government's computer systems.

[00:07:20] Speaker 03:
So that's its objective.

[00:07:22] Speaker 03:
Now, true, it does have a negative impact on Kaspersky, but that's a consequence of Congress exercising its legitimate authority to protect its computer systems, isn't it?

[00:07:35] Speaker 05:
You had two responses, Your Honor.

[00:07:37] Speaker 05:
They go to two different tests that this court looks to.

[00:07:40] Speaker 05:
One, the motivational.

[00:07:41] Speaker 03:
Don't give me tests.

[00:07:42] Speaker 03:
Yeah, understood.

[00:07:43] Speaker 03:
Just to answer my question, however you describe which test we apply with a functional test, that's what this is.

[00:07:49] Speaker 03:
We have to balance Congress's professed purpose against the impact on that.

[00:07:57] Speaker 05:
There's nothing in section 1634A itself that says what Congress's purpose is.

[00:08:03] Speaker 05:
the senator who introduced section 1634 described its purpose as, quote, to ban Kaspersky software from all of the federal government.

[00:08:15] Speaker 03:
Would you agree then that if we thought there was a sufficient basis for us to accept the notion that Congress has legitimately, has attempted to protect computer systems, if we think there's enough evidence here to support that, that then it's not a bill of attainder?

[00:08:33] Speaker 03:
Does your case turn on the fact that basically you claim this one senator was key to it?

[00:08:41] Speaker 03:
Do you see my point?

[00:08:42] Speaker 05:
No, Your Honor, because again, if you look at the scope of the statute that was passed, if the court assumes that the purpose for section 1634A is the protection of national security, there is still a significant imbalance

[00:09:01] Speaker 05:
between that non-punitive purpose and the burden that's imposed on Kaspersky Lab by being prevented from offering any products or services to you.

[00:09:10] Speaker 03:
Is there any case that says there's a narrow tailoring requirement in bill of attainder analysis?

[00:09:15] Speaker 05:
Yes.

[00:09:16] Speaker 05:
What I was just quoting from was the Forage decision at 351 F.

[00:09:20] Speaker 05:
3rd, 1120.

[00:09:23] Speaker 05:
I'm sorry, 1221, where the court said, where there is a significant imbalance between the magnitude of the burden imposed and the purported non-punitive purpose, that can be considered punishment.

[00:09:35] Speaker 03:
Well, but in fordage, there was a different way to accomplish it, right?

[00:09:40] Speaker 03:
It was a simple way to have protected the child without it.

[00:09:43] Speaker 03:
branding Fordage as a child abuser.

[00:09:46] Speaker 05:
And there is a much less burdensome way for Congress to achieve its national security interests.

[00:09:55] Speaker 03:
Well suppose Congress had said you can't buy, it prohibits the government from buying from Fordage any antiviral software.

[00:10:08] Speaker 03:
That's it.

[00:10:09] Speaker 03:
In other words, you could sell other products, but just not that one.

[00:10:11] Speaker 03:
Would that satisfy you?

[00:10:14] Speaker 05:
That would be a more difficult case for us, but I don't think it would satisfy us because of the reputational aspersions that Congress had cast on a cybersecurity company.

[00:10:24] Speaker 03:
But what's the reputational aspersion there?

[00:10:27] Speaker 03:
Simply saying we're trying to protect the government, the integrity of the government's computers.

[00:10:33] Speaker 03:
Right, by branding... You're not saying Kaspersky did anything wrong.

[00:10:39] Speaker 03:
They're just saying there's potential concern here.

[00:10:42] Speaker 05:
Yes, by Congress saying that the cybersecurity company is a cyber threat to the United States.

[00:10:47] Speaker 04:
Well, that it's potentially under the thumb of the Russian government.

[00:10:52] Speaker 05:
There was no evidence even relied upon by

[00:10:57] Speaker 05:
the Department of Homeland Security that Kaspersky Lab is under the thumb of the Russian government.

[00:11:02] Speaker 04:
No, no, I said potentially, because of its connections to Russia.

[00:11:05] Speaker 05:
Right, but those connections are rather speculative on the record that even the Department of Homeland Security has provided.

[00:11:17] Speaker 01:
I thought you conceded in your brief that the purpose of the legislation was to address national security vulnerability.

[00:11:24] Speaker 01:
There isn't any question about that.

[00:11:26] Speaker 05:
Right.

[00:11:26] Speaker 05:
And if the purpose is national security, then again, there is a significant imbalance between that non-punitive purpose and the burden that's imposed on Kaspersky Lab.

[00:11:36] Speaker 01:
Why, because of the perceived reputational?

[00:11:39] Speaker 01:
Yes, Your Honor, and by the... Are you suggesting that they will lose all other business opportunities because of this action?

[00:11:45] Speaker 05:
That's quite possible, Your Honor.

[00:11:48] Speaker 05:
As the Supreme Court recognized in Lovett, the case on which we relied, the bar in that case, quote, stigmatized their reputation and seriously impaired their chance to earn a living, unquote, which is the same effect on Kaspersky Lab here.

[00:12:11] Speaker 03:
Let me ask you just a question about, and take you back to your test for a minute, and Fortich.

[00:12:16] Speaker 03:
So Fortich says that the primary test we look at is a functional test, right?

[00:12:24] Speaker 05:
Yes, Your Honor.

[00:12:24] Speaker 03:
So if we think this passes that test, can you still prevail?

[00:12:32] Speaker 03:
I mean, do we have to look at the others at all?

[00:12:34] Speaker 05:
Yes, Your Honor.

[00:12:35] Speaker 05:
I mean, because I think we passed both the historical test and the motivational test.

[00:12:41] Speaker 05:
I've already cited to the court.

[00:12:44] Speaker 03:
I didn't see, I thought when I read your reply brief, you kind of abandoned any reliance on the motivational test.

[00:12:49] Speaker 03:
Is that wrong?

[00:12:51] Speaker 05:
I don't think that's correct, Your Honor, because we've cited the difficulty here is that the motivational test is usually discerned by looking at the legislative history.

[00:13:00] Speaker 05:
There's nothing that one would traditionally think of as legislative history to look at here.

[00:13:06] Speaker 05:
There are no congressional reports

[00:13:08] Speaker 05:
no hearing committee hearing reports.

[00:13:11] Speaker 05:
We have only the statement of the sponsor of this legislation that was stuck in one year ago today in must pass legislation that passed four days later.

[00:13:24] Speaker 05:
And the statement of that sponsor before it passed called Kaspersky lab a quote-unquote threat, an alarming national security vulnerability, claimed that Congress had serious doubts about the company, and said that she would introduce legislation, quote, to ban Kaspersky software from all of the federal government and repeated it four days later or days later when the legislation passed the Senate.

[00:13:51] Speaker 04:
Am I mistaken in thinking there had been a hearing?

[00:13:56] Speaker 04:
There was never a hearing.

[00:13:58] Speaker 04:
Not on this bill, but on Kaspersky.

[00:14:00] Speaker 05:
There were multiple hearings over many months on questions of cybersecurity, and Russia in particular, at which questions were asked about Kaspersky lab.

[00:14:14] Speaker 05:
Mainly questions asked of witnesses whether they would put it on their own computer.

[00:14:18] Speaker 05:
Some government witnesses said no, they wouldn't.

[00:14:20] Speaker 05:
Some of the government's witnesses said they would.

[00:14:23] Speaker 05:
But there were no hearings, Your Honor, on Section 1634 or Section 1634A in particular.

[00:14:31] Speaker 04:
That's not really material if the Congress has before it the materials that support the decision or the legislation.

[00:14:39] Speaker 05:
I think that's what I'm saying, Your Honor, is that the materials that Congress had before it don't support the scope, breadth, and permanence of the legislation that was passed.

[00:14:50] Speaker 04:
Well, I guess I thought you were saying that there's no legislative history on this bill except the sponsor's statement when she introduced it.

[00:14:57] Speaker 04:
But in fact, I'm saying there seems to be quite a bit related in prior hearings.

[00:15:03] Speaker 05:
There's a legislative record in which for a few questions and a few answers, there's discussion of Kaspersky lab.

[00:15:10] Speaker 01:
Implicit in your argument is your view of imbalance, which I think is interesting.

[00:15:17] Speaker 01:
It's obviously self-serving, but I don't know why it's correct.

[00:15:20] Speaker 01:
You think the magnitude of the burden is significantly

[00:15:26] Speaker 01:
greater than the non-punitive purpose.

[00:15:29] Speaker 01:
And I must say, intuitively, I think that's wrong, given the world in which we live and given the concerns, our national concerns about Russian intrusion into our national affairs.

[00:15:44] Speaker 01:
I mean, it's a self-serving argument, but I don't want you to think that because you state it and because you say there are reputational consequences, one can react to that by saying, so what?

[00:15:56] Speaker 01:
That's the consequence that you pay if you put our nation in jeopardy.

[00:16:05] Speaker 01:
So where is the imbalance?

[00:16:06] Speaker 05:
The imbalance is with the permanence and the inescapability of the prohibition on all uses.

[00:16:12] Speaker 01:
It's permanent for now.

[00:16:13] Speaker 01:
If results, if the situation changes going forward, we don't have the faintest idea what the responses will be.

[00:16:21] Speaker 05:
If section 1634A said that, Judge Edwards, that this would be a different case.

[00:16:25] Speaker 01:
Well, no, that's just the fact of life in legislation.

[00:16:27] Speaker 01:
Legislation can always be modified or rescinded.

[00:16:31] Speaker 05:
That fact did not preclude the Supreme Court from finding that equally broad and permanent bans or bills of attainder in the cases involving prohibitions on Confederates serving as priests or as attorneys or communists serving in treaty.

[00:16:45] Speaker 01:
Yeah, but you started in those cases with the significant imbalance that almost everyone would agree was there.

[00:16:50] Speaker 01:
I don't think everyone would begin to agree with you that there is an obvious and significant imbalance here.

[00:16:57] Speaker 01:
And you run past that very quickly, as if it's so.

[00:17:01] Speaker 01:
And I just want you to understand in looking at this case as a judge, why is that so?

[00:17:06] Speaker 01:
Given the real world consideration, it seems so to me at all.

[00:17:12] Speaker 05:
I understand, Your Honor.

[00:17:13] Speaker 03:
I see my time is running.

[00:17:14] Speaker 03:
Let me just ask you sort of a big picture question.

[00:17:17] Speaker 03:
If you just read all the Supreme Court cases that have found something to be a bill of attainder and forage, if you look at all of them together, there's four Supreme Court cases, two from the Civil War period, two from the Cold War.

[00:17:35] Speaker 03:
And those all found bill of attainders, but they were all situations, they all involved human beings.

[00:17:40] Speaker 03:
you know, a flesh and blood person.

[00:17:43] Speaker 03:
And they all involve situations where, you know, the legislature thought the person was untrustworthy or subversive.

[00:17:49] Speaker 03:
And then you have Fortich, which is another bill of attainder with an individual who, you know, the whole statute rested on the proposition that Fortich was a child abuser.

[00:18:03] Speaker 03:
I mean, those are so different from this situation.

[00:18:07] Speaker 03:
where what you have is the United States Congress, which obviously has authority over what the government buys, what services the government buys, making a judgment based on the evidence it had before it that it didn't want the U.S.

[00:18:28] Speaker 03:
government agencies to buy this product because of its threat to the integrity of computers.

[00:18:33] Speaker 03:
It's just a totally different situation, isn't it?

[00:18:36] Speaker 03:
It's hard to fit this case into that.

[00:18:40] Speaker 03:
I mean, you can take these four tests, I'm sorry, three tests, and you can take the language of the tests, you can make them come out your way by how you describe it.

[00:18:51] Speaker 03:
But when you step back and look at the big picture,

[00:18:54] Speaker 03:
This just isn't anything like those cases.

[00:18:56] Speaker 05:
I would respectfully disagree, Your Honor, in that in the post-Civil War cases, you had situations in which legislatures, federal and state, considered certain persons disloyal and unworthy of serving in particular functions, or they would pose a threat to national security.

[00:19:17] Speaker 05:
And the Supreme Court recognized that

[00:19:19] Speaker 05:
prohibitions even from some employment.

[00:19:22] Speaker 03:
It was all based on their behavior and what they had done.

[00:19:27] Speaker 03:
individuals.

[00:19:29] Speaker 05:
It's equally based on behavior here, and as this court has assumed in Bell South and its sister circuits have concluded in other cases, the bill of attainder clauses apply to corporations.

[00:19:40] Speaker 05:
No question about that.

[00:19:41] Speaker 03:
I agree with that.

[00:19:43] Speaker 03:
I was just making the point that, I agree, I wasn't making the point that it doesn't apply to corporations.

[00:19:49] Speaker 03:
It does.

[00:19:51] Speaker 03:
It's just making the point that

[00:19:54] Speaker 03:
It's really hard to fit this case into what those cases look like.

[00:19:58] Speaker 03:
This looks much more like a USC Nixon case or something.

[00:20:05] Speaker 05:
Anyway.

[00:20:07] Speaker 05:
I see my time has run.

[00:20:09] Speaker 05:
I can address that if you wish.

[00:20:10] Speaker 05:
No, that's okay.

[00:20:11] Speaker 03:
Well, yeah, do you want to say something about that?

[00:20:13] Speaker 05:
Well, Nixon was quite distinct from this in that there was no need to single out anyone else.

[00:20:21] Speaker 05:
He was, as the Supreme Court recognized, a legitimate class of one because there was no other president

[00:20:28] Speaker 05:
who had entered into an agreement to destroy his presidential records, all the other presidential records.

[00:20:33] Speaker 03:
Well, Congress obviously thought this was a company of a class of one, a Russian-based company with headquarters and servers in Russia with deep connections to Russian intelligence.

[00:20:45] Speaker 03:
And you haven't identified any other company like that.

[00:20:48] Speaker 05:
We have, Your Honor, in our reply brief, we've listed every – we've – because this case was deciding at the pleading stages, we have not had the opportunity to engage in discovery.

[00:20:58] Speaker 05:
But we've cited in our reply brief several in-depth reports performed by Reuters that show that all the other major cybersecurity companies that provided their source code to the FSB are using Russian telecommunications networks.

[00:21:10] Speaker 03:
But those are American-based companies, correct?

[00:21:12] Speaker 05:
Americans or other based companies.

[00:21:13] Speaker 03:
American companies, but they weren't headquartered.

[00:21:15] Speaker 03:
in Moscow and they didn't have the deep relationship that Kaspersky has with Russian intelligence.

[00:21:20] Speaker 05:
The headquarters based in Moscow is not cited by the government as a basis for its decision and the deep connections, the so-called deep connections to Russian intelligence

[00:21:32] Speaker 05:
our speculation.

[00:21:33] Speaker 05:
Most what the government has pointed to is that Eugene Kaspersky graduated from a school 30 years ago that was in part funded by the Russian military.

[00:21:42] Speaker 05:
He served in the Russian military and he has friends who are still in the Russian intelligence and military community.

[00:21:49] Speaker 05:
Okay.

[00:21:50] Speaker 04:
Excuse me one second.

[00:21:52] Speaker 04:
Am I correct in thinking that

[00:21:57] Speaker 04:
that you have agreed that the revenue effect of the ban is less than 1% of Kaspersky's revenue?

[00:22:07] Speaker 05:
No, Your Honor, for the reasons I gave to Judge Edwards, because the revenue effect bleeds over into private customers, who once they see the federal government... Now that's speculative, but the actual banks by the US government accounts for how much?

[00:22:25] Speaker 05:
I think we don't dispute with the judge.

[00:22:30] Speaker 05:
I think she said one-tenth of one percent.

[00:22:32] Speaker 05:
It concluded in her brief, but the primary effect that we pled, since this case was decided at the pleading stage, which I haven't been able to address, but this case was decided at the pleading stage, we have pled the reputational injury, and it was inappropriate for the judge to have relied on those facts.

[00:22:55] Speaker 05:
Okay, thank you.

[00:22:56] Speaker 05:
Thank you.

[00:23:07] Speaker 02:
Good morning, Your Honors.

[00:23:07] Speaker 02:
May it please the Court?

[00:23:09] Speaker 02:
I'm Louis Yellen from the Department of Justice.

[00:23:11] Speaker 02:
I'm here today on behalf of the federal defendants.

[00:23:15] Speaker 02:
Your Honors, there's no real question that federal computers are vulnerable to Russian cyber attack.

[00:23:22] Speaker 02:
and Congress enacted legislation to address that vulnerability.

[00:23:27] Speaker 02:
The statute that Congress enacted addresses the vulnerability in general terms, and it addresses a specific vulnerability that Congress identified and thought needed immediate action.

[00:23:40] Speaker 02:
There was no punitive nature to the statute.

[00:23:43] Speaker 02:
It was a regulatory statute to protect federal computers

[00:23:47] Speaker 02:
That is the basis for a proper holding.

[00:23:50] Speaker 03:
What's the basis for banning everything the company makes, as opposed to just this risky software product?

[00:23:57] Speaker 02:
Your Honor, as the cases have said in Legion, there is no requirement that the

[00:24:07] Speaker 02:
Congress in a bill of attainder analysis, legislate as narrowly as possible.

[00:24:12] Speaker 02:
Congress could reasonably believe, based on the evidence that was before it, that a complete ban was essential to protect the national security of the United States computers.

[00:24:24] Speaker 02:
The question is not whether, in fact,

[00:24:26] Speaker 02:
That determination is true.

[00:24:28] Speaker 02:
The question is whether Congress reasonably could have believed that it was true.

[00:24:33] Speaker 02:
It could, based on the evidence it received, the 115th Congress, and that's sufficient to uphold the statute against a bill of attainder challenge.

[00:24:43] Speaker 02:
Your Honor, the basic premise of our argument I've just provided, and we've given details in our brief, I want to be responsive to any questions the Court has, but I don't have affirmative points that I feel are needed.

[00:24:56] Speaker 03:
What's your response to Mr. Christensen's argument that Congress should have just passed a much broader statute that captured the characteristics of this company and any other that fell into it?

[00:25:07] Speaker 02:
Two questions, Your Honor.

[00:25:09] Speaker 02:
First of all, the jurisprudence absolutely clearly does not require that.

[00:25:15] Speaker 02:
If I may read three sentences from the Nixon case and then point to specific aspects of the statute.

[00:25:21] Speaker 03:
Well, as you just pointed out, Nixon's kind of unique.

[00:25:25] Speaker 03:
Nixon was the only person, the only president who had the tapes.

[00:25:28] Speaker 03:
And I think there's an analogy.

[00:25:30] Speaker 03:
It wasn't anybody else.

[00:25:30] Speaker 03:
There was no other category.

[00:25:31] Speaker 03:
You couldn't, I guess they could have passed a law which says, instead of mentioning Nixon, they could have said any president threatened with impeachment, the tapes of any president threatened, who resigned under threat of impeachment.

[00:25:46] Speaker 03:
That's precisely right.

[00:25:48] Speaker 03:
We would have caught all other presidents with tapes.

[00:25:51] Speaker 02:
That's precisely right.

[00:25:53] Speaker 02:
As Judge Ginsburg's colloquy with opposing counsel suggested, Congress could have used that fiction and used general terms to identify a specific individual or entity that it had reason to take regulatory steps against.

[00:26:07] Speaker 02:
The jurisprudence simply does not require that.

[00:26:10] Speaker 02:
And Nixon absolutely clearly recognizes that when Congress legislates to address a very specific problem, that is simply not a bill of attainder in virtue of its specificity.

[00:26:21] Speaker 04:
I think you said at the outset that the bill, this section,

[00:26:26] Speaker 04:
They included both, or the Congress made both general and specific.

[00:26:31] Speaker 02:
Yes, Your Honor.

[00:26:32] Speaker 02:
What's the general?

[00:26:33] Speaker 02:
Both Section 1633 and Section 1634C.

[00:26:39] Speaker 02:
Section 1633 requires all, requires the executive to develop a policy concerning cybersecurity.

[00:26:47] Speaker 02:
Section 1634C requires a review and report regarding procedures for removing suspect programs on federal computers.

[00:26:58] Speaker 02:
Section 34A is the provision that's at issue here, and it is directed specific to Kaspersky products on U.S.

[00:27:09] Speaker 02:
computers.

[00:27:09] Speaker 02:
And that's because Congress had before it evidence that Kaspersky products pose a unique threat to federal government computers.

[00:27:18] Speaker 02:
So Congress, just as in Nixon, legislated generally to protect the government against a general threat and specifically with respect to a specific threat that Congress perceived.

[00:27:29] Speaker 04:
So 1633 could be the basis for an executive branch determination that some additional companies should be off limits?

[00:27:38] Speaker 02:
Without question.

[00:27:39] Speaker 03:
Yes, your honor.

[00:27:42] Speaker 03:
So just to follow up on a question that Judge Ginsburg asked a little while ago.

[00:27:48] Speaker 03:
Since there were no hearings on this bill, right?

[00:27:51] Speaker 03:
What?

[00:27:53] Speaker 03:
When we write our opinion one way or another here, what sources of evidence can we look to to understand the purposes of Congress here?

[00:28:04] Speaker 03:
What are the documents we can look to at the stage of the litigation?

[00:28:09] Speaker 02:
Yes, your honor.

[00:28:09] Speaker 02:
I think the court need look no further than the statute and the structure of the statute that I just described to just excuse me to Judge Ginsburg.

[00:28:16] Speaker 02:
The general and specific legislation shows Congress's purpose and I think is on its face obvious that Congress had a proper regulatory purpose in mind.

[00:28:26] Speaker 02:
That said, I also think it's entirely proper to consider the broader legislative record that was before the 115th Congress.

[00:28:34] Speaker 02:
The question is not one of statutory interpretation where courts look to legislative history when they do look to legislative history regarding a particular statute.

[00:28:44] Speaker 02:
The question is what Congress's purpose was in enacting a statute for bill of attainder inquiry.

[00:28:50] Speaker 02:
The question is what Congress's purpose was.

[00:28:53] Speaker 02:
So while I think it might not be proper

[00:28:54] Speaker 02:
though I certainly wouldn't want to concede the fact, to look to legislation that was being considered or hearings considered by Congress long ago, the 115th Congress, the Congress that enacted this statute, had multiple hearings with testimony from multiple executive branch officials about Russian cyber attacks in general and about the risk that Kaspersky software, antivirus software on U.S.

[00:29:22] Speaker 02:
computers

[00:29:23] Speaker 02:
poses specifically, and this court's decision in Fortich, in fact, I would say, I believe all of this court's bill of attainder cases look more generally to the context of legislation, and I think it's a fair description to say the hearings and testimony and even correspondence between members of Congress and agencies seeking information is relevant to the inquiry about what the 115th Congress's purpose was in enacting this legislation.

[00:29:53] Speaker 01:
But didn't the district court look to non-public documents with respect to the APA disposition?

[00:30:02] Speaker 02:
With respect to the APA disposition?

[00:30:05] Speaker 01:
So just to make sure I'm following you Judge Edwards, you're referring to the- There's some legislative materials that you can make the argument there, public legislative materials, but I think there was some materials that district court relied on that were not public.

[00:30:16] Speaker 02:
In making the bill of attainder analysis, Your Honor, or making the decision concerning the directive?

[00:30:23] Speaker 02:
In concerning the bill of attainder analysis in this statute, I think that's not correct, Your Honor.

[00:30:28] Speaker 02:
The directive?

[00:30:30] Speaker 02:
I also don't believe that's right, Your Honor.

[00:30:32] Speaker 02:
The court in the directive, the principal holding, was that the matter was not justiciable because

[00:30:38] Speaker 02:
1634 is a broader statute than the directive itself and the court held that it could not provide any remedy even if it ruled in favor of Kaspersky on the directive itself.

[00:30:54] Speaker 03:
Can we rely on the materials that the Homeland Security Secretary relied on?

[00:31:03] Speaker 02:
Manfred and all those?

[00:31:05] Speaker 02:
To a certain extent, Your Honor, the Congress had testimony from Homeland Security officials.

[00:31:11] Speaker 02:
about Homeland Security's directive.

[00:31:14] Speaker 02:
The Manfra, Assistant Secretary Manfra, testified before Congress about the rationale that DHS had used to issue its directive, and I think it... But the district court, I think, cited Manfra's declaration, not Manfra's testimony.

[00:31:32] Speaker 02:
So two points about that, Your Honor.

[00:31:35] Speaker 02:
To the extent that I believe that the Manfra declaration is the only instance that Kaspersky has identified of something not absolutely clearly in the legislative record here, and to the extent that was error, it was harmless error for the reasons we point out in our brief.

[00:31:51] Speaker 04:
What about Gentilly?

[00:31:54] Speaker 02:
I beg your pardon, Your Honor?

[00:31:54] Speaker 04:
Gentilly?

[00:31:56] Speaker 04:
Declaration?

[00:31:57] Speaker 02:
I don't remember that being relied on, Your Honor.

[00:31:59] Speaker 02:
If this is critical for the court's analysis, I'd be happy to follow up.

[00:32:03] Speaker 02:
I'm sorry, I just don't recall the reliance there.

[00:32:06] Speaker 02:
We do explain that the Manfred Declaration point to which the district court relied was entirely duplicative of other evidence Congress had before it.

[00:32:19] Speaker 02:
in the first place and in the second place, it wasn't, the district court did not rely on it to support its affirmative case, that is, its holding, but to respond to an argument, a counter-argument that Kaspersky had itself raised.

[00:32:35] Speaker 04:
Rather than sort through that, wouldn't it be more appropriate, or at least more direct, for this court to look to the record without regard to that?

[00:32:46] Speaker 02:
I think that's entirely right, Your Honor.

[00:32:48] Speaker 02:
I think it's perfectly fine.

[00:32:49] Speaker 02:
The review here is de novo.

[00:32:51] Speaker 02:
That's exactly right, Your Honor.

[00:32:52] Speaker 02:
And I think, I beg your pardon.

[00:32:54] Speaker 04:
Well, insofar as counsel for the company has maintained that the court heard in relying on some non-public sources,

[00:33:03] Speaker 04:
The question before us, I think, is not whether that was correct or not, but whether we can come to a conclusion without regard to that.

[00:33:12] Speaker 02:
Yes, Your Honor, that's entirely accurate.

[00:33:14] Speaker 02:
Our brief at 36 and also 9 through 13 identifies the purely legislative material that the 115th Congress considered.

[00:33:23] Speaker 02:
That legislative material is more than sufficient to support a conclusion that Congress reasonably determined that Kaspersky poses a unique threat

[00:33:32] Speaker 02:
and required very specific legislation to respond to that unique threat.

[00:33:41] Speaker 03:
Thank you, Your Honor.

[00:33:42] Speaker 03:
Okay, thank you.

[00:33:44] Speaker 03:
Did Mr. Christensen have anything else?

[00:33:49] Speaker 03:
Okay, you can take a minute if you'd like it.

[00:33:53] Speaker 05:
Thank you, Your Honor.

[00:33:55] Speaker 05:
The in answer to the Judge Edwards question that we were just talking about and Judge Ginsburg's question, the district court did improperly rely on the summary judgment record in a what the district court called a separate and distinct

[00:34:12] Speaker 05:
administrative procedure act case and use those facts to judge the plausibility of the allegations in the bill of attainder case which was on but now the case is here de novo so the errors of the district court are only informative

[00:34:28] Speaker 05:
So the question before this court is whether Kaspersky Lab plausibly alleged a bill of attainder claim in its complaint, and for reasons cited in our briefs, we did.

[00:34:40] Speaker 05:
If this court is persuaded that Kaspersky Lab should prevail on its procedural arguments, we would also ask the court to consider the request for a stay since Section 1634A goes into effect in two weeks.

[00:34:56] Speaker 04:
Suppose for a moment that the court does not agree with your position on the NDAA.

[00:35:07] Speaker 04:
Is there any reason for us to deal with the with the BOD?

[00:35:11] Speaker 05:
We've we've alleged and briefed your honor that the district court did not consider a procedural claim for relief in the BOD complaint that in addition to this why wouldn't it be moot or at least without any incremental injury to you if you've lost on the first point?

[00:35:30] Speaker 05:
If there's no relief that the court could offer, it may be.

[00:35:34] Speaker 04:
That would be the problem.

[00:35:36] Speaker 05:
But if the NDAA stands, the NDAA is broader.

[00:35:39] Speaker 05:
Section 1634A is broader than the binding operational directive.

[00:35:46] Speaker 05:
And if the Section 1634A were to stand, then it would eclipse the binding operational directive.

[00:35:54] Speaker 04:
I'll make that clear.

[00:35:55] Speaker 04:
Thank you.

[00:35:56] Speaker 03:
Okay, thank you.

[00:35:57] Speaker 03:
The case is submitted.