Anti-Spyware Company Protected by 47 USC 230(c)(2)–Zango v. Kaspersky

By Eric Goldman

Zango, Inc. v. Kaspersky Lab, Inc., 2009 WL 1796746 (9th Cir. June 25, 2009)

The case involves Kaspersky, an anti-spyware software vendor, and Zango, the former purveyor of adware (I say “former” because Zango shut down a few months ago). Kaspersky classified Zango’s software as adware and did some other things that allegedly interfered with Kaspersky users’ ability to download and enjoy Zango software. Zango sued Kaspersky, and Kaspersky defended on 230(c)(2) grounds.

Note: 47 USC 230(c)(2) is the underlitigated/under-discussed sibling of 230(c)(1), which provides nearly absolute immunity for third party online content and actions.

In my opinion, 230(c)(2) fairly clearly protects all types of online filtering decisions, and this panel confirms that it protects anti-spyware classifications. As the court concludes:

a provider of access tools that filter, screen, allow, or disallow content that the provider or user considers obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable is protected from liability by 47 U.S.C. § 230(c)(2)(B) for any action taken to make available to others the technical means to restrict access to that material.

While I think this is the right result, both normatively and descriptively, 230(c)(2) is not exactly the best-drafted statute, and this panel (being the first appellate court to work through the language) appeared to struggle with some of its frayed edges.

For example, to become eligible for 230 protection, the defendant must be a provider or user of a service that “provides or enables computer access by multiple users to a computer server.” [In this case, Kaspersky didn’t claim it was a user.] How does this language apply to an anti-spyware software provider? Typically, anti-spyware software phones home for new spyware definitions, but if a phone-home capability qualifies for 230 protection, then many/most software vendors should qualify (so long as they offer some filtering capability). I’m personally OK with that result, but I suspect it takes the statute beyond the drafters’ initial intent.

The panel also sidestepped some other drafting problems in 230(c)(2), including:

* does it immunize decisions to filter other software, as opposed to filtering content? The drafting clearly meant to immunize filters of porn and similar kid-unfriendly content, but the language doesn’t apply as clearly to software filtering.

* must the filtering provider make its categorizations in good faith? The court ducks this question. However, Judge Fisher’s concurrence expresses concern that 230(c)(2) might literally protect a vendor’s anti-competitive or capricious blocking. He gives an example of “a web browser configured by its provider to filter third-party search engine results so they would never yield websites critical of the browser company or favorable to its competitors. Such covert, anticompetitive blocking arguably fits into the statutory category of immune actions.” I agree with this, although I’m also confident that any such browser provider would lose its customer base if such biases were ever publicly exposed. Therefore, legal liability may not be necessary to discourage this behavior.

Ultimately, this ruling may not affect the litigants very much, as Zango has already gone belly-up, making this effectively an advisory opinion. However, I think this ruling is important for everyone else for two reasons:

First, the Ninth Circuit’s last two 230 opinions ( and Barnes) have exhibited some hostility to expansive 230 readings. In refreshing contrast, this opinion gives a robust interpretation to 230’s immunizations.

Second, this opinion is terrific news for vendors of anti-spam/anti-spyware/anti-virus services. Although we have long suspected that they would be protected under 230(c)(2), this opinion codifies their immunization as Ninth Circuit law. As a result, these vendors should continue to have a high degree of freedom to make judgments about how to best serve their customers. On the flip side, this opinion confirms that anyone blacklisted by these software vendors can’t use judicial proceedings to change the classification. Fortunately, most reputable vendors offer an extra-judicial mechanism to correct their misclassification errors.

It remains less clear if this opinion protects search engines for their ranking determinations. The statutory words interpreted in this opinion aren’t germane to search engines. Even so, the panel’s broad reading of 230(c)(2) can’t be bad news for the search engines.

The case library:

* Ninth Circuit oral arguments

* Zango’s reply brief [warning: 3+ MB file]

* Amicus brief by CDT in favor of Kaspersky

* Kaspersky’s answering brief [warning: 5MB file]

* National Business Coalition on E-Commerce and Privacy amicus brief in favor of Zango

* Zango’s appeal brief [warning: 2.1MB file]

* The district court’s dismissal and my commentary

* TRO Denial and my commentary

* Kaspersky’s Response to TRO Motion

* Zango’s TRO motion