Message Board Operator May Be Liable For Moderator’s Content–Enigma v. Bleeping

It’s been a brutal year for Section 230 jurisprudence, and the hits keep coming. In today’s case, the parties ran into a judge who seemed unshakably determined–for reasons I can’t determine–to deny the motion to dismiss. This produces an outlier opinion, ample grounds for appeal if the case goes that route, and yet another 2,800 word blog post from me that consumed many tearful and head-shaking hours.

Enigma Software makes the anti-malware program SpyHunter. Bleeping Computer runs a computer support message board that included discussions about anti-malware programs. Bleeping Computer has an affiliate program relationship with Malwarebytes, a SpyHunter competitor. Enigma argued that the affiliate relationship motivates Bleeping to denigrate SpyHunter and drive prospective customers instead to Malwarebytes.

Like most message boards, Bleeping designates super-users, which it calls “staff members,” and gives them extra powers:

“Advisors,” whom Bleeping holds out as experts who “can be trusted to give correct and understandable answers to [users’] questions.” Above Advisors are “Global Moderators,” who enjoy “special powers” to enforce rules governing the Forums, e.g., by “closing” discussions, editing the content of users’ posts, and suspending the posting privileges of users who violate the rules….Bleeping touts its staff as experts who can be “trust[ed] to provide correct, unbiased and truthful advice”

Quietman7 is one of three users designated as “Global Moderators” (and he apparently had been an “advisor” previously). The complaint alleges he was the point man on Bleeping’s “smear campaign” against SpyHunter:

the SAC alleges, Quietman7 stated, directly or by implication, that: (1) ESG engages in aggressive and deceptive advertising; (2) SpyHunter is a “dubious” and “ineffective” program that generates false positives; and (3) SpyHunter is a “rogue” product that is properly classified as malware, rather than the anti-malware product it purports to be. In the same posts, the SAC alleges, Quietman7 advised users to remove SpyHunter and replace it with a more “trustworthy” alternative—invariably an Affiliate product, such as Malwarebytes Anti-Malware, for which he supplied an Affiliate Link.

Enigma sued Bleeping for defamation, trade libel and Lanham Act false advertising. Bleeping asserted the appropriate defenses. The court shreds them all.

Section 230. First, the court says that the Lanham Act false advertising claim fits into Section 230’s IP exclusion. This is a basic misunderstanding of the differences between trademark law and false advertising law, but it’s a topic that’s vexed courts. Compare Baldino’s Lock & Key v. Google with General Steel v. Chumley (both uncited by the court).

Next, Quietman7 isn’t a Bleeping employee; he’s a third party volunteer. On this basis, Section 230 should allow Bleeping to avoid all liability for his actions. Engima retorted that Bleeping had an express or implied agency with Quietman7 and that should bypass Section 230’s immunity for third party content because the agency makes it first party content. The court says the complaint plausibly alleges at least an implied agency:

the SAC alleges that Bleeping publicly designated Quietman7 as a “Global Moderator” and “Advisor”—the second and third highest “staff member” positions within the Bleeping member group hierarchy. It alleges that Quietman7 publicly accepted these appointments, and has since signed his posts as “Bleepin’ Janitor” and “The BC Staff.” Further, as alleged in the SAC, Bleeping staff members are “authorized [ ] and expected to post in Bleeping’s forums,” and “direct[ed] . . . to recommend and promote certain products for which [Bleeping] receives commissions . . . and to discourage use of other products from which it does not receive commission.” Bleeping’s Advisors are touted as experts who “can be trusted to give correct and understandable answers to [Bleeping’s] member’s [sic] questions.” And Global Moderators are alleged to enjoy even greater authority: They are authorized “to enforce the rules of the Bleeping Computer Forums,” to “answer questions (or help people with problems),” and to suspend forum posting privileges of members who violate forum rules.

In support of this conclusion, the court cites two *DMCA safe harbor* cases, Capitol Records v. Vimeo (the 2013 district court ruling) and Columbia v. Fung. Relying on DMCA safe harbor cases cuts corners intellectually because Section 512 and Section 230 differ at an architectural level; plus, numerous directly-on-point Section 230 cases hold that websites aren’t liable for super-users’ content. Indeed, in a footnote, the court acknowledges Internet Brands v. Jape; Stevo Design v. SBR Mktg.; Higher Balance v. Quantum Future Group; and Shiamili v. Real Estate Group; plus there are others that aren’t cited (on the defense side, the Furber case comes to mind, and on the plaintiff side, Xcentric v. Smith and Cornelius v. DeLuca). The court distinguishes the Section 230-specific jurisprudence because Quietman7’s “designation as a ‘staff member,’ the special authority he enjoys as an Advisor and Global Moderator, and the representations Bleeping has made regarding staff members who hold those titles….[make this case] afar from those on which Bleeping relies, where the moderators either enjoyed limited powers or did not themselves author the offending posts.” The court adds that Quietman7’s “volunteer” status is irrelevant to the agency inquiry, even if disclosed to other users.

So what did Bleeping do wrong? In retrospect, calling super-users “staff members” is probably not the best titling. At least to this judge, “staff” sounds too much like “employee.” The court also says that site disclosures saying super-users could be “trusted to give correct…answers” meant that Bleeping communicated that these super-users were authorized to post on its behalf. I don’t see that interpretation of the disclosure at all, but it’s also easy to imagine rewording Bleeping’s disclosures to downgrade the risks. For example, Bleeping could make disclosures that super-users had been selected because of their consistently reliable advice, but they remain independent and fallible.

In her post, Rebecca wrote: “Eric Goldman probably won’t like this decision holding that a volunteer moderator may be treated as the ISP’s agent when the ISP gives enough status to him or her; I’m less bothered by the §230 ruling (except for the legal error, which the court may have a chance to correct later).” The Section 230 discussion on agency isn’t clearly wrong applying the standards of a motion to dismiss. All the complaint had to do was marshal evidence supporting an implied agency, and perhaps the complaint did that. Still, I’m irritated by the court’s glossy handling of the Section 230 super-user precedent. I’m also frustrated by the court’s insensitivity to how this ruling undermines Section 230. It green-lights plaintiffs to allege that a user was the site’s implied agent to survive a Section 230 motion to dismiss, even if those allegations fail later in the case. Everyone loses (except the lawyers, of course) when unmeritorious cases get past a Section 230 motion to dismiss. Finally, like Rebecca, I’m irked that the court doesn’t understand the difference between a Lanham Act trademark claim and a Lanham Act false advertising claim for purposes of Section 230’s IP exclusion.

Defamation Statute of Limitations. 13 Quietman7 posts are allegedly defamatory. Defamation has a 1 year statute of limitations, and 8 were made within 1 year of complaint filing. All 8 linked to a 2014 post that Enigma also claims is defamatory. 4 of the 8 allegedly contained more defamatory content than just the link. The court says this provides enough justification to deny the motion to dismiss: “Because at least some of the allegedly defamatory statements fall within the limitations period, ESG’s state-law claims cannot be dismissed as untimely.”

The court should have said is that it could grant the motion to dismiss for the posts from more than 1 year before complaint filing, but the court didn’t actually say that. Instead, the court says it won’t resolve now whether linking to the 2014 post constituted a “republication” that resets its statute of limitations. What??? Numerous cases have held that linking to defamatory content isn’t a republication, but the court says “those cases arise in a context different from that here. There, the hyperlinks were either posted without commentary or accompanied by a reference that did not restate the allegedly defamatory content.” In contrast, 2 of the Quietman7 posts reiterate things from the 2014 post before linking to it. Huh? It’s logical to treat the new material in those posts as initially published when the post was made; but there’s no reason (or logic) to reach back to the 2014 post as well. The court’s discussion about the links to the 2014 post was totally gratuitous, and it feels like the judge went out of his way to stir up doctrinal trouble.

On the plus side, the court correctly says that non-substantive editing of the 2014 post doesn’t reset the statute of limitations. The court also rejects the plaintiff’s nonsensical argument that “Quietman7’s act of hyperlinking to the 2014 Post in separate forum topics on the Bleeping website was akin to posting it on an entirely separate website, thereby republishing it to ‘new audience.'”

Lanham Act Statute of Limitations. The Lanham Act doesn’t have an express statute of limitations, but courts often import a statute of limitation from analogous state law claims. Bleeping argued that the defamation statute of limitations (1 year) should apply to the Lanham Act claim. It’s not a bad argument, but the court’s mishandling of the defamation statute of limitation undermines the move even if it had been successful. It wasn’t because the judge says the claims are closer to fraud, which has a six year statute of limitations.

Defamation Prima Facie Case. The court says (cites/footnotes omitted):

the “overall thrust” of Quietman7’s thematically similar and mutually reinforcing statements is that ESG is engaged in a deliberate and fraudulent scam in which it is peddling a product which is the precise opposite of what it purports to be: The challenged statements “reasonably imply” that ESG has intentionally designed SpyHunter, in its “free scanner” mode, to generate false positives so as to induce customers to buy a license for the full version to eliminate ostensible malware. In other words, rather than being a means to enable a user to detect and remove unwanted spyware, SpyHunter is itself a rogue product designed to loot customers. Such allegations…could reasonably be understood as assertions of objectively verifiable facts.

To be sure, viewed in isolation, words used in Quietman7’s posts like “scam,” “rogue,” “dubious,” and “ineffective” would likely be too imprecise to be capable of being proven true or false. But, in the context supplied by Quietman7, these words did not appear in isolation. His surrounding commentary made more concrete and reasonably precise the conduct of which he was accusing ESG….In this context, the words “rogue” and “dubious” accuse ESG of a defined course of conduct, and this claim, through discovery, can be proven or disproven.

The court says this conclusion is reinforced by Bleeping’s and Quietman7’s self-laudatory statements about their credibility and expertise. Thus, the court distinguishes the recent trend of judges presuming that readers don’t take online comments seriously (a trend partially attributable to the NY Sandals case). Also, “[t]he manner of Quietman7’s written presentation—one using footnotes and citations—conveyed further that his advice was based on an ‘investigation’ of verifiable facts.” (Contrast the cases holding that linking to source materials can reduce defamation liability). The court disregards Quietman7’s qualifier statements “[m]y personal recommendation” and “[i]n my opinion.”

The court rejects Bleeping’s argument that Enigma is a limited-purpose public figure (which would require Enigma to allege facts showing Bleeping had actual malice) because Enigma’s complaint “does not allege any facts suggesting that ESG has taken a public position on the integrity of its business practices or the quality of its products.” FFS. While focusing on the complaint’s four corners is technically permissible under the legal standards for a motion to dismiss, the judge is allowed to take judicial notice of public statements where Enigma–LIKE EVERY OTHER BUSINESS IN THE UNIVERSE SINCE THE BEGINNING OF TIME–says it does a great job. (Indeed, the judge elsewhere takes notice of Enigma’s website–see FN27). The fact that the judge wouldn’t take that extra step is a sign that he wasn’t going to do ANY favors for the defense.

On the plus side, the judge dismisses the trade libel claim as duplicative of the defamation claim.

Lanham Act False Advertising. Quietman7 made his editorial posts as a super-user. No way the judge will say that these user posts qualify as ADVERTISING…right? Well, if Quietman7 was the equivalent of an employee and made the posts on his employer’s behalf, modern jurisprudence says pretty much everything a company says is advertising. So, yes, the court says that Lanham Act false advertising could apply to Quietman7’s posts (cites omitted):

the Court holds that Quietman7’s posts are commercial speech. In nearly all of them, Quietman7, after lambasting ESG’s SpyHunter, recommends that the reader “remove [that] program and replace it with a trustworthy alternative,” such as Malwarebytes Anti-Malware and other Affiliate products. By promoting Bleeping’s Affiliate products as superior to SpyHunter, these posts unmistakably constitute advertisements for the Affiliate products. (Indeed, Quietman7 goes one step further, providing links through which users can purchase the products). And, by alleging that Bleeping earns a commission on directed sales of those products, the SAC adequately pleads that Bleeping has an economic incentive to engage in such promotion.

Applying the new Lexmark standard, the court says Enigma has Lanham Act standing because there’s enough competitive proximity between its SpyHunter product and Bleeping’s affiliate revenue-driven promotion of competitors.

A Note about the Judge. The judge’s bio didn’t offer many clues about why he put the thumb so firmly on the scale for the plaintiffs. I blogged a prior ruling of his in the Beastie Boys v. Monster Energy case. I called that opinion a “scholarly yet scathing opinion;” and while there are elements of both in this case, I’d provide an overall less flattering characterization of this ruling.


I’m tempted to say there are no lessons to learn from this opinion. Let’s call it a weird results-driven ruling that should get critical scrutiny on appeal if the case gets that far; and I hope other judges will recognize its distortions and refuse to cite accordingly. Even so, maybe we can glean a few lessons from this trainwreck:

This case reminded me of the adware and spyware wars from a decade ago. During that heyday, anti-spyware software vendors were routinely threatened and sometimes sued for blocking third party software as adware, spyware or otherwise hazardous to a computer’s health (or warning consumers of these concerns). That litigation largely stopped after the Ninth Circuit’s 2009 Zango v. Kaspersky ruling, which emphatically held that Section 230(c)(2) immunized Kaspersky for filtering out Zango’s adware as spyware. Sadly, this ruling could reignite litigation by software vendors unhappy about being characterized as spyware/adware/malware; and that could have chilling effects on the willingness to publish such characterizations for fear that non-frivolous lawsuits (i.e., a lawsuit that can survive a motion to dismiss) will follow.

The court’s ruling highlights the dilemma. Quietman7 tried to provide details about what made SpyHunter objectionable, but the court says these details may have turned opinion-like statements like “rogue software” into objective and fact-like statements capable of defamation. Consumers benefit more from understanding why software functions as spyware/malware/adware rather than just getting warnings like “rogue software,” but providing consumers with details explaining how the opinion was formed increases the litigation risks. A less plaintiff-friendly judge might have navigated this paradox more sensitively.

The court clearly felt that affiliate programs distort the editorial judgment of publishers; motivating the court to treat a super-user’s editorial content as advertising. This is not the first time that courts and regulators have over-assumed nefarious effects of affiliate programs. So this case reminds publishers that affiliate programs should be subject to a stringent cost-benefit review. Do the revenues compensate for the increased legal risks they cause?

If your site has super-users, this ruling might be a call-to-action to take another really close look at how you’ve titled the roles and described them to the public to reduce the risks that a court will see the possibility of an implied agency.

Finally, the motion to dismiss standard–requiring judges to make all inferences in plaintiffs’ favor–gives a lot of power to plaintiffs to slip past the initial pleading and into costly discovery. This case would look *very* different if it were governed by a California-style anti-SLAPP law. The characterization of software as spyware would almost certainly qualify as a matter of public concern, so anti-SLAPP rules would require the plaintiff to show a probability of prevailing on the merits. Perhaps Enigma could have satisfied the more stringent review, but I’m confident the opinion’s tenor would have changed–especially on the many debatable points of law. Given the free speech risks caused by this opinion, we’d benefit from forcing the plaintiff to have better arguments before it gets to raise the defendant’s costs substantially. Because I think an anti-SLAPP law would have provided a more balanced review of a lawsuit with substantial risks to socially important speech, I’ll add this case to the folder of “reasons we need a federal anti-SLAPP law.”

Case citation: Enigma Software Group USA, LLC v. Bleeping Computer LLC, 2016 WL 3773394 (S.D.N.Y. July 8, 2016)