Ninth Circuit Reverses Course While Quoting Its Own Precedent Saying Otherwise; Says Section 230 Doesn't Cover Anti-Competitive Moderation

from the our-earlier-finding,-while-good,-is-now-not-good,-so... dept

The Ninth Circuit Appeals Court has resuscitated a lawsuit against Malwarebytes filed by litigious software company Enigma. Enigma Software tends to sue people who say bad things about its antivirus offerings and since there’s a lot of people doing that, the company seems to spend a fair amount of time in court.

Enigma ran into the Section 230 wall in the lower court by claiming Malwarebytes’ designation of its software as a threat was an unfair business practice. It said Malwarebytes scans were locating its offerings on people’s computers, informing them the software was shady, and quarantining it. Enigma alleged this was anti-competitive. And if it wasn’t that, it was probably some sort of trademark thing, blah blah blah Lanham Act. (This claim sneaks into a lot of lawsuits involving Section 230 protections and Enigma tried this tactic in a defamation lawsuit it filed against BleepingComputer. It’s a dodge, not a cognizable legal argument.)

Malwarebytes prevailed at the district court level by citing a Ninth Circuit Appeals Court ruling finding that filtering software or services is also protected by Section 230 of the CDA. In the cited case, antivirus software company Kaspersky secured a dismissal from a lawsuit brought by an aggrieved adware purveyor. That decision said any material a provider feels is objectionable (in this case, adware) can be removed by the provider.

That’s what the court said then. What it’s saying now is something different, and that appears to be only because the Ninth Circuit feels Malwarebytes and Enigma Software are actually competitors, even if Enigma has yet to earn the same amount of respect Malwarebytes has. From the decision [PDF]:

This case differs from Zango in that here the parties are competitors. In this appeal Enigma contends that the “otherwise objectionable” catchall is not broad enough to encompass a provider’s objection to a rival’s software in order to suppress competition. Enigma points to Judge Fisher’s concurrence in Zango warning against an overly expansive interpretation of the provision that could lead to anticompetitive results. We heed that warning and reverse the district court’s decision that read Zango to require such an interpretation. We hold that the phrase “otherwise objectionable” does not include software that the provider finds objectionable for anticompetitive reasons.

That’s a pretty broad interpretation of a decision the Ninth Circuit says it’s not going to interpret broadly. Malwarebytes has plenty of legitimate reasons to protect its users from Enigma’s offerings that go beyond neutering a competitor. Enigma’s reputation seems to have improved over the last couple of years, but its history is littered with rogue software designations, questionable customer service tactics, and, of course, the tendency to sue anyone who doesn’t view Enigma as positively as Enigma views itself.

So, designating this competitor’s software as questionable isn’t necessarily about keeping a competitor off users’ computers. That subtlety is lost in this reversal by the Ninth Circuit, which feels Enigma has plausibly alleged anti-competitive practices.

It also (perhaps more correctly) finds that Enigma can continue pursuing its Lanham Act claims about trademark infringement. The court (correctly) notes Section 230 does not provide immunity against intellectual property claims. Not that the false advertising claim raised here has any merit. It doesn’t. But being right on this point doesn’t make the decision any better. Litigants hoping to dodge Section 230 immunity tend to throw in trademark-related claims as filler, hoping this bogus deployment of their intellectual property protections will allow them to survive a motion to dismiss. It works here. So that means litigants will keep cramming these bullshit claims into their bullshit lawsuits.

Not only does this make things worse for defendants in the circuit (and there will be a lot of them considering how many tech companies are located in California) but it ignores one crucial aspect of Malwarebytes’ designation of Enigma software as dangerous: Malwarebytes flagged Enigma’s software in response to users’ preferences.

Malwarebytes and Enigma have been direct competitors since 2008, the year of Malwarebytes’s inception. In their first eight years as competitors, neither Enigma nor Malwarebytes flagged the other’s software as threatening or unwanted. In late 2016, however, Malwarebytes revised its PUP-detection criteria to include any program that, according to Malwarebytes, users did not seem to like.

After the revision, Malwarebytes’s software immediately began flagging Enigma’s most popular programs— RegHunter and SpyHunter—as PUPs. Thereafter, anytime a user with Malwarebytes’s software tried to download those Enigma programs, the user was alerted of a security risk and, according to Enigma’s complaint, the download was prohibited, i.e. Malwarebytes “quarantined” the programs.

This move was predicated on users’ preferences, which puts it about as close to user-generated content as possible, without allowing users to directly control Malwarebytes’ threat database.

The end result is what matters, at least in the Appeals Court’s limited analysis. Section 230 was supposed to increase competitiveness, not limit it, so…

We cannot accept Malwarebytes’s position, as it appears contrary to CDA’s history and purpose. Congress expressly provided that the CDA aims “to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services” and to “remove disincentives for the development and utilization of blocking and filtering technologies.” § 230(b)(2)–(3). Congress said it gave providers discretion to identify objectionable content in large part to protect competition, not suppress it. Id. In other words, Congress wanted to encourage the development of filtration technologies, not to enable software developers to drive each other out of business.

On the plus side, it also doesn’t buy Enigma’s argument that Section 230 immunity only involves the policing of material that is sexual and/or violent in nature. It covers more than that, but does not — at least in this opinion — protect the blocking of competitors’ software offerings.

The dissent says this is the wrong decision to make. Section 230’s language does cover Malwarebytes’ flagging of Enigma software. If the law needs to be fixed, legislators need to fix it. The court shouldn’t litter the circuit with bad precedent in lieu of Congressional action.

The majority opinion seeks to limit the statute based on the fact that the parties are competitors. See Majority Opinion, p. 4. However, nothing in the statutory provisions or our majority opinion in Zango supports such a distinction. Rather the “broad language” of the Act specifically encompasses “any action voluntarily taken [by a provider] to restrict access to . . . material that the provider . . . considers to be . . . otherwise objectionable.” 47 U.S.C. § 230(c)(2)(A) (emphasis added). Under the language of the Act, so long as the provider’s action is taken to remove “otherwise objectionable” material, the restriction of access is immunized. See id. The majority’s real complaint is not that the district court construed the statute too broadly, but that the statute is written too broadly. However, that defect, if it is a defect, is one beyond our authority to correct.

But that’s not what happened here. Enigma will get to drag this litigation out even longer. It may not even win it. But it will serve as a warning to others tempted to flag Enigma’s offerings as less-than-desirable. And that’s probably the only win it really needs.

Filed Under: , , , , ,
Companies: enigma, malwarebytes

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Ninth Circuit Reverses Course While Quoting Its Own Precedent Saying Otherwise; Says Section 230 Doesn't Cover Anti-Competitive Moderation”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re: Even dissent holds "the statute is written too broa

Are you real, or another badly-written "AI" chatbot?

230 is for the People. If you still can’t see otherwise, you’re a dumbass.

If the statute is written too broadly.Which it is not. Which seems to be the majority’s complaint.

Yeah, Gary astoturfing. He’s a mega-institution of some sort just making shit up all by himself, with one account. You fit the bill better, with your constant morphing, incessant blather strewn across multiple posts for no other reason than "oh wait i just though of another good zinger", and seeming inability to read for comprehension, which may be natural, but is also clearly agenda-driven.

Stephen T. Stone (profile) says:

Re: Re: Re:

Please cite the exact language that allows … arguments like yours in public discourse, Stephen.

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.” — Source

Quango Zango says:


Even the "liberal" 9th is EXPLICIT on the two key points:

We must today recognize that interpreting the statute to give providers unbridled discretion to block online content would, as Judge Fisher warned, enable and potentially motivate internet-service providers to act for their own, and not the public, benefit.

There ya, go, Masnick! As I’ve said all along in face of your corporatist power-grab: "the public" is to be the beneficiary, and the FASCISTS you support that intend to control ALL of OUR speech do NOT have absolute arbitrary power to do so.

Page 18, starting first full paragraph.

Quango Zango says:

What about a warning and require an extra click to view?

And again, your notion that you have immunity AND can edit comments to put up a warning and require an extra click to view is simply self-serving baloney.

You directly lie that the "hiding" is by "the community" and lie by omission since refuse to admit an Administrator makes final decision.

You are stifling The Public’s speech on this forum which you represent as advocating "free speech" and without warning of your hidden control, thwarting the clear intent of Congress to INCREASE discourse, NOT to hand power over it to a few born-rich PUNKS with an agenda to push.

If you to try the "otherwise objectionable" notion, no, this decision limits that too.

We conclude only that if a provider’s basis for objecting to and seeking to block materials is because [outside of listed categories], the objection would not fall within any category listed in the statute and the immunity would not apply.

Turns into clumsy repetitive phrase and I’m extending the notion, yes, but it’s supported by rest of decision:

Pushing a corporatist agenda is not one of the given categories, let alone by which The Public benefits, so doubly wrong.

Since your fanboys are easily shown "harassing" anyone dissenting no matter how mildly here and yet their comments are NEVER "hidden", you are mere partisan controlling speech that YOU don’t approve of, as I’ve also long said. PUBLIC FORUMS MUST BE FAIR, PERIOD.

Anonymous Coward says:

Re: Re: Re:2 Re:

Except if (oops) you’re very very big. Then everything changes. On very big planets, time moves more slowly. @Scale, things go bad. In very big companies, bad things happen, because too much control of something too big is just not a good idea, that’s clear both from the Bible and the Constitution and American Common Sense. They made enough money at our expense, good for them, and goodbye, they’ve done enough. Google, Facebook, Twitter and such should broken up into teeny tiny pieces and blown to the far corners of the universe and then replaced by small, nimble newbies with visions of new things. Bye Bye.

Anonymous Coward says:

Re: Re: Re:3 Re:

If you want to address the Too Big To Jail issue, then please continue – however, your other claim is wrong …. neither the constitution nor precedence says anything about rights being diminished upon size thresholds.

I have seen this silly argument before and have yet to see any supporting data to validate the claim or even make excuses for the claim.

Anonymous Coward says:

"designation of its software as a threat was an unfair business practice"
It is unfair to point out that something is a threat? Interesting.

"It said Malwarebytes scans were locating its offerings on people’s computers, informing them the software was shady, and quarantining it."
Well – was the software shady? Guess that does not matter because it is unfair business practice – lol, yeah sure it is.

Paul B (profile) says:

Re: Re:

The appeals court was not addressing the merits of the case, only the section 230 dismissal. The trial court could cover the criteria used to call software "problematic" which could include general rules as well as user reviews etc.

There is an entire class of virus software that works on the API calls used by the exe, like accessing data outside %AppData% or scanning entire hard drives. A virus detection program could and would trip a lot of those triggers.

Anonymous Coward says:

Re: Re: Re: Re:

Well they could, but that would also include anything in Program Files or System32….

Just because a program makes an API call doesn’t make said program malware, but of course in the neverending interest of preventing people who run virus.exe as an Administrator with UAC disabled after clicking on yes to every last warning box known to man, AV venders have had to resort to API blacklisting to catch everything*.

*: They don’t have to of course, and API blacklisting has created a situation of delegitimizing otherwise legit programs to the point that devs intentionally avoid API calls to avoid scrunty even if it requires more work. None of that matters of course, because if the idiot mentioned earlier gets a virus it’s always the devs fault and therefore they have no reason to do better.

cpt kangarooski says:

Seems fairly reasonable. The court protects section 230, and merely clarifies that it is not to be used for anticompetitive purposes. Whether it was actually used in such a manner will require further litigation to determine, as the lower court appears to have dismissed the suit without making a finding as to whether the one program blocked the other due to a legitimate reason (such as the ‘otherwise offensive’ catch-all, or for anticompetitive reasons as alleged).

The only part that concerns me is the language that requires moderation to hinge on the content of posts and not the identity of the poster in order to fall within the ambit of 47 USC 230. This is alarming for internet sites that might use First Amendment rights of association to limit their membership and who use 47 USC 230 in conjunction with that.

Anonymous Coward says:

Re: Re:

The court protects section 230, and merely clarifies that it is not to be used for anticompetitive purposes.

But is that a legitimate clarification? The text of 230 doesn’t place any limitations on anticompetitive behavior, or is that a violation of federal criminal statute? If it’s civil, then shouldn’t 230 immunize?

cpt kangarooski says:

Re: Re: Re:

In interpreting the language of the statute, they’re looking at the intent of Congress, which was not to allow anticompetitive behavior, but rather to encourage the removal of offensive material while protecting the free market. This is discussed at pages 17-18 of the opinion provided above.

It may help to think of a hypothetical: if you have, say, dialup AOL for internet service, do you really want AOL to be able to filter out all information about broadband and other providers that offer faster, better, cheaper service, on the grounds that AOL claims that such information that might lead to you leaving AOL is offensive.

Anonymous Coward says:

Re: Re: Re: Re:

Thanks for the reference, I hadn’t read through the entire decision yet.

I’d considered a situation similar to your hypothetical, and no, I wouldn’t want AOL to do that, but that doesn’t necessarily mean that the law doesn’t permit it.

Given the court’s reasoning, the claim should survive a motion to dismiss (as it now has), but I think there’s definitely a concern if courts become able to limit the scope of 230 based on how they choose to interpret "otherwise objectionable."

urza9814 (profile) says:

Re: Re: Re: Re:

"It may help to think of a hypothetical: if you have, say, dialup AOL for internet service, do you really want AOL to be able to filter out all information about broadband and other providers that offer faster, better, cheaper service, on the grounds that AOL claims that such information that might lead to you leaving AOL is offensive."

It’s not quite the same because they aren’t blocking information about the other service, they’re just blocking you from using both at once. Kinda like if dialing into AOL killed any existing connection into Earthlink (which, in most cases, it would have to since most users only have one modem…). In most cases, subscribers would actually probably appreciate that so they aren’t paying for multiple redundant services. Just like most people running multiple anti-virus programs often don’t know they’re doing it and don’t realize that it’s the reason their computer is so damn slow!

I think that’s a much better argument for Malwarebytes to be making though — if you’ve already got one anti-virus, a second competing one can really screw up your computer and therefore is likely to be unwanted, so it certainly should fall under "PUP" protections.

urza9814 (profile) says:

Flag 'em ALL

Clearly this judge has never had to "fix" a computer after some idiot decided that "MORE IS BETTER!" and installed a half dozen different anti-virus programs all at once. IME, that typically results in a computer which literally can take up to an hour for the friggin’ start menu to appear. Anti-virus should always flag any other anti-virus and at least give a warning before they start throwing each other into what I assume are infinite loops of quarantining each others’ quarantine directories…

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...