Malwarebytes: same result, new puzzles on remand for 230 immunity

Enigma Software Group USA, LLC v. Malwarebytes, Inc., --- F.3d ----, 2019 WL 7373959, No. 17-17351 (9th Cir. Dec. 31, 2019)

New opinion, same result; no rehearing en banc. Because the parties are competitors, §230 does not provide Malwarebytes with immunity for blocking Enigma’s software. As the dissent notes, one may search in vain for this limit in the wording of the statute itself, but there you go. The immunity for blocking content that is “otherwise objectionable” “does not include software that the provider finds objectionable for anticompetitive reasons.”  The majority, however, did remove broad language from the initial opinion saying that blocking couldn’t be based on the identity of the person providing the content.

Since this is now the result in the 9^th Circuit, on remand the court will have to face some questions that are not unlike those that have come up in cases about copyright misuse and the meaning of “unfair” business practices under California law: what exactly does “anticompetitive animus” mean here?  Does it require something that is like an antitrust violation?  If so, if Malwarebytes lacks market power, then can it behave in an “anticompetitive” manner or with “anticompetitive” motivations at all?  Separately: Does it have to have malice to be liable?  What if it’s wrong about whether Enigma programs were unwanted by consumers, but reasonably so?  Or suppose Malwarebytes concluded, via motivated reasoning, that Enigma programs were indeed unwanted—is self-serving sincerity enough?  What is the objective standard against which unwantedness should be judged?  It does seem that, according to the standard announced, §230 will still preempt/preclude claims that have internal validity as long as Malwarebytes did not have “anticompetitive animus.”

The majority heavily emphasizes what it considers to be the special circumstance that the parties are allegedly direct competitors. E.g.,

Congress said it gave providers discretion to identify objectionable content in large part to protect competition, not suppress it. In other words, Congress wanted to encourage the development of filtration technologies, not to enable software developers to drive each other out of business….  Users would not reasonably anticipate providers blocking valuable online content in order to stifle competition. Immunizing anticompetitive blocking would, therefore, be contrary to another of the statute’s express policies: “removing disincentives for the utilization of blocking and filtering technologies.”

Spam, malware, and adware could still be “otherwise objectionable.” But “if a provider’s basis for objecting to and seeking to block materials is because those materials benefit a competitor, the objection would not fall within any category listed in the statute and the immunity would not apply.”  Malwarebytes argued that its reasons were legitimate (Enigma’s programs use “deceptive tactics” to scare users into downloading them to prevent infections), but that’s a matter that can’t be resolved on the pleadings. [Suppose a factfinder concludes the parties don't actually compete: does 230 immunity reappear?]

Separately, the court reaffirms that §230’s exception for IP doesn’t include Lanham Act false advertising, which seems right to me (though that creates an interesting potential for situations like Belmora where §43(a)(1)(A) covers nontrademarks).  Unlike Eric Goldman, I’m actually pretty open to the basic false advertising claim that labeling Enigma’s programs could be false advertising despite §230.  The Lanham Act’s requirements may pose substantive barriers to the claim (e.g., is the reporting at issue “commercial advertising or promotion”? (maybe?) Is “potentially unwanted” falsifiable? (seems unlikely, though maybe implication could save the claim)).  And, again, if the §230 objectionability standard is not strict liability, then Malwarebytes might escape liability even if it was in fact false or misleading to label Enigma’s programs “potentially unwanted.”

Relatedly, the allegation that gets Enigma past §230 is likely to prove a mismatch with the underlying theories of liability.  In general, nonfactual disparagement—negative puffery—is not actionable, even if motivated by an evil heart, whether under the Lanham Act or state law.  I wonder if Malwarebytes wouldn’t end up doing better focusing on falsifiability/specificity of the message, though of course the extent to which the determination is subjective also feeds into the question of whether it had the requisite state of mind under the court's view of §230.