NordVPN Promotion

Home / Blogs

Court Finds Anti-Malware Provider Immune Under CDA for Calling Competitor’s Product Security Threat

Plaintiff anti-malware software provider sued defendant—who also provides software that protects internet users from malware, adware etc.—bringing claims for false advertising under the Section 43(a) of Lanham Act, as well as other business torts [Enigma Software Group v. Malwarebytes Inc., 2017 WL 5153698 (N.D. Cal., November 7, 2017)]. Plaintiff claimed that defendant wrongfully revised its software’s criteria to identify plaintiff’s software as a security threat when, according to plaintiff, its software is “legitimate” and posed no threat to users’ computers.

Defendant moved to dismiss the complaint for failure to state a claim upon which relief may be granted. It argued that the provisions of the Communications Decency Act at Section 230(c)(2) immunized it from plaintiff’s claims.

Section 230(c)(2) reads as follows:

No provider or user of an interactive computer service shall be held liable on account of —

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in [paragraph (A)].

Specifically, defendant argued that the provision of its software using the criteria it selected was an action taken to make available to others the technical means to restrict access to malware, which is objectionable material.

The court agreed with defendant’s argument that the facts of this case were “indistinguishable” from the Ninth Circuit’s opinion in in Zango, Inc. v. Kaspersky, 568 F.3d 1169 (9th Cir. 2009), in which the court found that Section 230 immunity applied in the anti-malware context.

Here, plaintiff had argued that immunity should not apply because malware is not within the scope of “objectionable” material that it is okay to seek to filter in accordance with 230(c)(2)(B). Under plaintiff’s theory, malware is “not remotely related to the content categories enumerated” in Section 230(c)(2)(A), which (B) refers to. In other words, the objectionableness of malware is of a different nature than the objectionableness of material that is obscene, lewd, lascivious, filthy, excessively violent, harassing. The court rejected this argument on the basis that the determination of whether something is objectionable is up to the provider’s discretion. Since defendant found plaintiff’s software “objectionable” in accordance with its own judgment, the software qualifies as “objectionable” under the statute.

Plaintiff also argued that immunity should not apply because defendant’s actions taken to warn of plaintiff’s software were not taken in good faith. But the court applied the plain meaning of the statute to reject this argument—the good faith requirement only applies to conduct under Section 230(c)(2)(A), not (c)(2)(B).

Finally, plaintiff had argued that immunity should not apply with respect to its Lanham Act claim because of Section 230(e)(2), which provides that “nothing in [Section 230] shall be construed to limit or expand any law pertaining to intellectual property.” The court rejected this argument because although the claim was brought under the Lanham Act, which includes provisions concerning trademark infringement (which clearly relates to intellectual property), the nature of the Lanham Act claim here was for unfair competition, which is not considered to be an intellectual property claim.

By Evan D. Brown, Attorney

Evan focuses on technology and intellectual property law at the law firm of Neal & McDevitt. He maintains a law and technology focused blog at evan.law and is a Domain Name Panelist with the World Intellectual Property Organization deciding cases under the UDRP.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion