Thursday, March 14, 2019

False advertising & TM fail as workarounds to 230 for software blocking

PC Drivers Headquarters, LP v. Malwarebytes Inc., 2019 WL 1061739, No. 18-cv-05409-EJD (N.D. Cal. Mar. 6, 2019)

PC Drivers alleged that Malwarebytes’ malware detection software wrongfully categorized PC Drivers’ “technical support” software as malware or a “Potentially Unwanted Program” (PUP), generating claims under the Lanham Act and for business disparagement, tortious interference with contractual relations, negligence and gross negligence, unfair competition, promissory estoppel, and declaratory relief. The court (after transfer from Texas where Malwarebytes already did well) granted Malwarebyte’s motion to dismiss based on § 230(c)(2)(B) of the CDA, but granted leave to amend.

Malwarebytes offers a free version of its software and then upsells premium versions, promoting them by allegedly identifying and quarantining alleged PUP and malware and their official websites. In 2016, Malwarebytes categorized PC Drivers’ DRIVER SUPPORT and ACTIVE OPTIMIZATION software products with a negative PUP rating and as a security risk to Malwarebytes’ customers. PC Drivers customers who received Malwarebytes’ warnings were allegedly deceived into removing PC Drivers’ software. Despite PC Drivers’ allegedly providing Malwarebytes with evidence of its compliance with industry standards and other anti-malware vendor certifications, Malwarebytes refused to change the rating.  A Malwarebytes staff member also posted “Removal instructions for Driver Support” on Malwarebytes’ message board forum, including allegedly false and misleading comments about PC Drivers’ products. Similar comments came from a post on another site by a person who allegedly (on information and belief) receives monetary or in-kind benefits from Malwarebytes for each sales lead or software download generated from his post.

All this allegedly resulted in trademark “misappropriation,” infringement, and dilution, and “diminution in the value of PC Drivers as a going concern.”

Malwarebytes sought and received CDA immunity from some of the non-trademark claims. The CDA states that “No provider or user of an interactive computer service shall be held liable on account of ... (B) any action taken to enable or make available to information content providers or others the technical means to restrict access to [material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected].” This could be evaluated on a motion to dismiss, taking all PC Drivers’ factual assertions as true.

PC Drivers argued that section 230(c)(2) immunity didn’t cover “stealing” click advertising services paid for by PC Drivers and making false and disparaging statements about PC Drivers’ Products. The “theft” was described as:

When a Malwarebytes free version software user opens a search engine in his own web browser and searches for DRIVER SUPPORT or ACTIVE OPTIMIZATION, PC Drivers’ ads or website links bearing the Marks will prominently appear in the search engine results. However, instead of going directly to PC Drivers’ official website when clicking these links, it redirects consumers to the Malwarebytes website for the purpose of executing a Malwarebytes sale. The result is that Malwarebytes obtains the benefits of a potential paying customer based on the acquisition costs paid by PC Drivers.

But the CDA immunizes “any action” as long as it was “taken to enable or make available to information content providers or others the technical means to restrict access to material.” The alleged redirection was “clearly” such an action. When a Malwarebytes user navigates to or a PC Drivers advertisement, Malwarebytes identifies the domain as associated with a PUP and then directs the user to a Malwarebytes page notifying them that the site was blocked “due to PUP.” Id. It also informers the user: “Learn about PUP. If you don’t want to block this website, you can exclude it from website protection by accessing Exclusions.” “The statute does not contain qualifiers, conditions, or exceptions for ‘actions’ that have the secondary effect of depriving PC Drivers of the benefits of the page-click advertising it purchased from a third party.”

As for the allegedly false and disparaging statements, they were found in Malwarebytes’ online explanation for the basis of its classification of Driver Support as a PUP: “Malwarebytes has determined that Driver Support is a ‘system optimizer.’ These so-called ‘system optimizers’ use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it would remove these problems.”  This stated basis wasn’t necessarily an “action taken to enable or make available” the technical means to restrict access to objectionable material. It was premature to rule on §230 immunity for that statement.  By contrast, screenshots and instructions for removing Driver Support were “actions” taken to “make available ... the technical means to restrict access to” objectionable material.

PC Drivers argued that Malwarebytes did more than necessary to make available technical means to restric access to material by blocking access to PC Drivers’ website even to its paying customers and by making it hard to allow users to readily un-PUP individual sites, constituting tortious interference with contractual relations. The court disagreed.  These were all functions that flowed from Malwarebytes’ making available the technical means to restrict access, regardless of details of operation. Even if PC Drivers subscribers are forced to choose between quarantining all or none of the listed PUPs and are unable to override Malwarebytes’ block, that was ok; if that was unwanted behavior, the subscriber could get rid of Malwarebytes.

PC Drivers then argued that the statutory immunity didn’t apply because Driver Support is not “objectionable” and Malwarebytes “has not actually determined that PC Drivers is objectionable.” Unsurprisingly, the court declined to reject Malwarebytes’ characterization, since §230 grants providers and users discretion to determine objectionability.  Although a concurrence in Zango expressed concern about secret, anticompetitive blocking such as browsers that filtered out criticism of the browser company, secrecy (and competition) wasn’t alleged here.

False advertising/disparagement: The claim that Driver Support was a “system optimizer” that “uses intentional false positives to convince users that their systems have problems” was nonactionable opinion.  There was no explanation of why “system optimizer” was a verifiable characteristic or was false. And classification of the products as PUPs was protected by CDA §230 as well as by being nonactionable opinion.

Trademark dilution: not famous, not actionable.

Infringement: It is not trademark infringement to confuse the public “into believing PC Drivers’ website and [P]roducts are malicious, and that Malwarebytes’ premium product is the solution to resolve any future ‘malicious’ programs.” And the complaint pled nominative fair use: the associated screenshots showed that Malwarebytes uses “” and “” to inform the user of the program that is being blocked. “PC Drivers does not explain how its products or services may be readily identifiable without use of the domain names.” There was no excessive use of the mark pled. Nor did the use suggest sponsorship or endorsement by the trademark holder: very much to the contrary.

Other non-TM workarounds also failed, such as negligence (no duty), common law unfair competition (no independent tort), promissory estoppel (insufficiently specific promise).

No comments: