Malwarebytes Conclusion Shows Section 230's Best Feature: Killing Dumb Cases Before They Waste Everyone's Time And Money

from the 230's-procedural-benefits dept

A few years ago, Professor Eric Goldman wrote an important paper, explaining how Section 230 is better than the 1st Amendment. The key part of the argument is that if you treat Section 230 as a rule of civil procedure that kicks out frivolous and wasteful cases quickly, you realize how important it is.

Last month, a federal district court in California dismissed Enigma Software's high profile lawsuit against Malwarebytes. You may have heard about this case. We've been covering it for years, and it even got some (dubious) attention at the Supreme Court, regarding Section 230. Enigma didn't like that Malwarebytes (and others) found Enigma's "SpyHunter" software to be sketchy itself and started suing. Malwarebytes initially won on Section 230 grounds, pointing out that its opinions on what is and what is not spyware is a moderation choice -- in this case protected by Section 230's rarely used (c)(2)'s immunity for content that the provider deems "otherwise objectionable."

Unfortunately, the 9th Circuit reversed that ruling with a very weird opinion that seemed to contradict its own previous precedent. In that ruling, the 9th Circuit carved a new hole in (c)(2) arguing that you could lose 230 protections if there was an argument that the decision to block content (or call something spyware) was done "for anticompetitive reasons." From the ruling:

We hold that the phrase “otherwise objectionable” does not include software that the provider finds objectionable for anticompetitive reasons.

This ruling was appealed to the Supreme Court who declined to hear the case, though allowing Justice Clarence Thomas to spew some unfettered unbriefed nonsense about Section 230.

Either way, that sent the case all the way back to the district court... where it was dismissed anyway because calling something spyware is protected opinion.

Like in Asurvio LP, Enigma has not pleaded that Malwarebytes’ alleged labels are verifiably false rather than just subjective opinions. Enigma’s allegations that users view statements categorizing Enigma’s programs and domains as “malicious,” “threats,” and PUPs as statements of fact rather than subjective opinions are not supported by the facts presented. The allegations ignore that users of Malwarebytes are aware of why it opines that a given software program may be a PUP based on Malwarebytes’ disclosed criteria and can choose to quarantine or un-quarantine the detected program.

In other words, after all this nonsense and back and forth over Section 230, years later, Malwarebytes still wins the case because the 1st Amendment protects its opinions.

This is similar to another famous 9th Circuit ruling on 230 from a while back: the Roommates.com case. In that case, the court ruled that Section 230 did not protect Roommates.com for content it places in a pulldown menu (that users used to select roommate preferences), but in the end (many years later) Roommates.com still won the case because the 1st Amendment protected it.

Both of these cases demonstrate two very important things: first, most of what people complain about regarding Section 230 is actually protected by the 1st Amendment, so even if we got rid of Section 230, the 1st Amendment would still enable websites to moderate how they see fit. But, much more importantly, both of those cases demonstrate the procedural benefits of Section 230, in that they enable these kinds of cases to be dismissed quickly and relatively inexpensively, rather than having to go through a years long process. In short, Section 230's civil procedure benefits are that they get frivolous cases tossed out of court much more quickly, and at less expense. And that's important, since so many of these cases are, in some form or another, SLAPP suits, designed to pressure companies not to moderate certain content.

Filed Under: 1st amendment, content moderation, free speech, malware, moderation, opinion, section 230, spam
Companies: enigma software, malwarebytes

Ninth Circuit Reverses Course While Quoting Its Own Precedent Saying Otherwise; Says Section 230 Doesn't Cover Anti-Competitive Moderation

from the our-earlier-finding,-while-good,-is-now-not-good,-so... dept

The Ninth Circuit Appeals Court has resuscitated a lawsuit against Malwarebytes filed by litigious software company Enigma. Enigma Software tends to sue people who say bad things about its antivirus offerings and since there's a lot of people doing that, the company seems to spend a fair amount of time in court.

Enigma ran into the Section 230 wall in the lower court by claiming Malwarebytes' designation of its software as a threat was an unfair business practice. It said Malwarebytes scans were locating its offerings on people's computers, informing them the software was shady, and quarantining it. Enigma alleged this was anti-competitive. And if it wasn't that, it was probably some sort of trademark thing, blah blah blah Lanham Act. (This claim sneaks into a lot of lawsuits involving Section 230 protections and Enigma tried this tactic in a defamation lawsuit it filed against BleepingComputer. It's a dodge, not a cognizable legal argument.)

Malwarebytes prevailed at the district court level by citing a Ninth Circuit Appeals Court ruling finding that filtering software or services is also protected by Section 230 of the CDA. In the cited case, antivirus software company Kaspersky secured a dismissal from a lawsuit brought by an aggrieved adware purveyor. That decision said any material a provider feels is objectionable (in this case, adware) can be removed by the provider.

That's what the court said then. What it's saying now is something different, and that appears to be only because the Ninth Circuit feels Malwarebytes and Enigma Software are actually competitors, even if Enigma has yet to earn the same amount of respect Malwarebytes has. From the decision [PDF]:

This case differs from Zango in that here the parties are competitors. In this appeal Enigma contends that the “otherwise objectionable” catchall is not broad enough to encompass a provider’s objection to a rival’s software in order to suppress competition. Enigma points to Judge Fisher’s concurrence in Zango warning against an overly expansive interpretation of the provision that could lead to anticompetitive results. We heed that warning and reverse the district court’s decision that read Zango to require such an interpretation. We hold that the phrase “otherwise objectionable” does not include software that the provider finds objectionable for anticompetitive reasons.

That's a pretty broad interpretation of a decision the Ninth Circuit says it's not going to interpret broadly. Malwarebytes has plenty of legitimate reasons to protect its users from Enigma's offerings that go beyond neutering a competitor. Enigma's reputation seems to have improved over the last couple of years, but its history is littered with rogue software designations, questionable customer service tactics, and, of course, the tendency to sue anyone who doesn't view Enigma as positively as Enigma views itself.

So, designating this competitor's software as questionable isn't necessarily about keeping a competitor off users' computers. That subtlety is lost in this reversal by the Ninth Circuit, which feels Enigma has plausibly alleged anti-competitive practices.

It also (perhaps more correctly) finds that Enigma can continue pursuing its Lanham Act claims about trademark infringement. The court (correctly) notes Section 230 does not provide immunity against intellectual property claims. Not that the false advertising claim raised here has any merit. It doesn't. But being right on this point doesn't make the decision any better. Litigants hoping to dodge Section 230 immunity tend to throw in trademark-related claims as filler, hoping this bogus deployment of their intellectual property protections will allow them to survive a motion to dismiss. It works here. So that means litigants will keep cramming these bullshit claims into their bullshit lawsuits.

Not only does this make things worse for defendants in the circuit (and there will be a lot of them considering how many tech companies are located in California) but it ignores one crucial aspect of Malwarebytes' designation of Enigma software as dangerous: Malwarebytes flagged Enigma's software in response to users' preferences.

Malwarebytes and Enigma have been direct competitors since 2008, the year of Malwarebytes’s inception. In their first eight years as competitors, neither Enigma nor Malwarebytes flagged the other’s software as threatening or unwanted. In late 2016, however, Malwarebytes revised its PUP-detection criteria to include any program that, according to Malwarebytes, users did not seem to like.

After the revision, Malwarebytes’s software immediately began flagging Enigma’s most popular programs— RegHunter and SpyHunter—as PUPs. Thereafter, anytime a user with Malwarebytes’s software tried to download those Enigma programs, the user was alerted of a security risk and, according to Enigma’s complaint, the download was prohibited, i.e. Malwarebytes “quarantined” the programs.

This move was predicated on users' preferences, which puts it about as close to user-generated content as possible, without allowing users to directly control Malwarebytes' threat database.

The end result is what matters, at least in the Appeals Court's limited analysis. Section 230 was supposed to increase competitiveness, not limit it, so…

We cannot accept Malwarebytes’s position, as it appears contrary to CDA’s history and purpose. Congress expressly provided that the CDA aims “to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services” and to “remove disincentives for the development and utilization of blocking and filtering technologies.” § 230(b)(2)–(3). Congress said it gave providers discretion to identify objectionable content in large part to protect competition, not suppress it. Id. In other words, Congress wanted to encourage the development of filtration technologies, not to enable software developers to drive each other out of business.

On the plus side, it also doesn't buy Enigma's argument that Section 230 immunity only involves the policing of material that is sexual and/or violent in nature. It covers more than that, but does not -- at least in this opinion -- protect the blocking of competitors' software offerings.

The dissent says this is the wrong decision to make. Section 230's language does cover Malwarebytes' flagging of Enigma software. If the law needs to be fixed, legislators need to fix it. The court shouldn't litter the circuit with bad precedent in lieu of Congressional action.

The majority opinion seeks to limit the statute based on the fact that the parties are competitors. See Majority Opinion, p. 4. However, nothing in the statutory provisions or our majority opinion in Zango supports such a distinction. Rather the “broad language” of the Act specifically encompasses “any action voluntarily taken [by a provider] to restrict access to . . . material that the provider . . . considers to be . . . otherwise objectionable.” 47 U.S.C. § 230(c)(2)(A) (emphasis added). Under the language of the Act, so long as the provider’s action is taken to remove “otherwise objectionable” material, the restriction of access is immunized. See id. The majority’s real complaint is not that the district court construed the statute too broadly, but that the statute is written too broadly. However, that defect, if it is a defect, is one beyond our authority to correct.

But that's not what happened here. Enigma will get to drag this litigation out even longer. It may not even win it. But it will serve as a warning to others tempted to flag Enigma's offerings as less-than-desirable. And that's probably the only win it really needs.

Filed Under: 9th circuit, competition, content moderation, lanham act, malware, section 230
Companies: enigma, malwarebytes

Shady Anti-Spyware Developer Loses Lawsuit Against Competitor Who Flagged Its Software As Malicious

from the respect-us,-they-sued dept

Enigma Software makes Spyhunter, a malware-fighting program with a very questionable reputation. But the company isn't known so much for containing threats as it's known for issuing threats. It sued a review site for having the audacity to suggest its pay-to-clean anti-spyware software wasn't a good fit for most users… or really any users at all.

Bleeping Computer found itself served with a defamation lawsuit for making fact-based claims (with links to supporting evidence) about Enigma's dubious product, dubious customer service tactics (like the always-popular "auto-renew"), and dubious lawsuits. Somehow, this dubious lawsuit managed to survive a motion to dismiss. Fortunately, Bleeping Computer was propped up by Malwarebytes' developers, who tossed $5,000 into Bleeping Computer's legal defense fund.

The developers of this more highly-regarded anti-malware program soon found themselves facing the litigious wrath of Enigma, which apparently makes enough from its pay-to-clean, auto-renewing, subscription-based Spyhunter program to keeps lawyers busy all the damn time.

Enigma decided to sue Malwarebytes for felony interference with a business model, a.k.a., "tortious interference." According to Enigma, it was unfair and retaliatory for Malwarebytes to treat its software as a threat to users and remove it from computers when performing scans.

The judge, fortunately, did not agree. Malwarebytes has emerged victorious [PDF] in a lawsuit that began with unfair business practices allegations before somehow morphing into an argument about the limits of Section 230 immunity.

Malwarebytes cited a Ninth Circuit Appeals Court decision which dealt with the actions of another anti-malware provider, Kaspersky. In that case, Kaspersky availed itself of Section 230 immunity to dismiss claims made by Zango, an adware pusher. As Malwarebytes points out, the Appeals Court found Kaspersky's blocking of Zango's adware to be immune from Zango's claims of interference, reasoning that the removal of objectionable software is pretty much equivalent to removing objectionable content. Efforts made to police software/content do not strip providers and publishers of immunity.

Enigma argued the decision clearly stated the removed material must be "content that the provider or user considers obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable." It claimed its software fell under none of those headings. The district court disagrees:

Enigma overlooks Zango’s clear holding that § 230(c)(2)(B) immunity applies to “a provider of computer services that makes available software that filters or screens material that the user or the provider deems objectionable.”

[...]

This interpretation of Zango aligns with the plain language of the statute, which likewise states that immunity applies to “material that the provider or user considers to be . . . objectionable.” 47 U.S.C. § 230(c)(2)(A) (emphasis added). In Zango, the provider of the anti-malware software, Kaspersky, exercised its discretion to select the criteria it would use to identify objectionable computer programs. The Ninth Circuit held that malware, as Kaspersky defined it, was properly within the scope of “objectionable” material. In that respect, the Court agrees with Malwarebytes that Zango is factually indistinguishable from the scenario here.

In its final attempt to skirt Section 230 immunity, Enigma attempted to resculpt its arguments into a half-assed Lanham Act complaint. But the court has zero sympathy for Enigma's attempt to drag trademark into this.

Enigma’s argument fails because its complaint does not allege an intellectual property claim. The Lanham Act contains two parts: one governing trademark infringement (15 U.S.C. § 1114) and one governing unfair competition (15 U.S.C. § 1125(a)). The unfair competition provision, in turn, “creates two distinct bases of liability”: one governing false association (15 U.S.C. § 1125(a)(1)(A)) and one governing false advertising (15 U.S.C. § 1125(a)(1)(B)). Lexmark Int’l, Inc. v. Static Control Components, Inc., 134 S. Ct. 1377, 1384 (2014). Enigma’s complaint asserts a false advertising claim under § 1125(a)(1)(B). FAC ¶ 135.

Enigma does not assert claims under the trademark provisions of the Lanham Act. The complaint does not allege that Enigma owns trademarks or any other form of intellectual property, nor does it allege that Malwarebytes has committed any form of intellectual property infringement, including misuse of its trademarks. Accordingly, the Court finds that Enigma’s false advertising claim under the Lanham Act, 15 U.S.C. § 1125(a)(1)(B), does not arise under a “law pertaining to intellectual property” under 47 U.S.C. § 230(e)(2).

Enigma loses, Malwarebytes wins, and status remains quo until the inevitable appeal. Enigma seems to believe it can sue its way into respectability -- somehow failing to realize every lawsuit against competitors and critics moves it several steps in the opposite direction.

Filed Under: lists, malware, reviews, scans, spyhunter, tortious interference
Companies: bleeping computer, enigma, malwarebytes