230 bars false advertising claim against antimalware provider

Enigma Software Group USA LLC v. Malwarebytes Inc., No. 5:17-cv-02915, 2017 WL 5153698 (N.D. Cal. Nov. 7, 2017)

Malwarebytes and Enigma compete in the anti-malware software market.  When Malwarebytes’s software detects an unwanted program, it displays a notification and asks the user if she wants to remove the program from her computer. Enigma alleged that, in 2016, Malwarebytes started to misleadingly identify Enigma’s software as a potential threat, in order to interfere with Enigma’s customer base and to retaliate against Enigma for a separate lawsuit Enigma filed against a Malwarebytes affiliate.  Enigma sued for false advertising under state and federal law, as well as tortious interference. The court found all claims barred by § 230(c)(2) of the Communications Decency Act, specifically subsection (B): “No provider or user of an interactive computer service shall be held liable on account of … any action taken to enable or make available to information content providers or others the technical means to restrict access to material [that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected].”

Zango, Inc. v. Kaspersky, 568 F.3d 1169 (9th Cir. 2009), indicated that “companies that provide filtering tools,” such as Kaspersky, are eligible for immunity under § 230(c). It found that Kaspersky qualified as a service provider, and “has ‘made available’ for its users the technical means to restrict items that Kaspersky has defined as malware.” Thus, Kaspersky qualified for immunity under § 230(c)(2)(B) “so long as the blocked items are objectionable material under § 230(c)(2)(A).” Kaspersky properly classified malware as “objectionable” material.

Enigma argued that Zango was distinguishable because malware, as defined by Malwarebytes’s criteria, wasn’t material that is “obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable” because it is “not remotely related to the content categories enumerated.” Zango did not address whether an anti-malware provider has discretion to decide what is “objectionable” because that argument was waived.  However, Zango clearly held that § 230(c)(2)(B) immunity applies to “a provider of computer services that makes available software that filters or screens material that the user or the provider deems objectionable.” Thus, Zango was factually indistinguishable.

Enigma then argued that Malwarebytes was entitled to § 230(c)(2)(B) immunity only if it acted in “good faith.” Subsection (A) protects “any action voluntarily taken in good faith” to restrict access to objectionable material, but subsection (B) has no good-faith requirement.  The court refused to imply one; Congress knew how to put one in if it wanted, especially given that subsection (B) includes an explicit reference to subsection (A) with respect to the types of material to which immunity applies.

Finally, Enigma’s Lanham Act claim didn’t entitle it to use the IP exclusion; a false advertising claim is not a trademark claim for §230 purposes.