Section 230(c)(2) Protects Anti-Malware Vendor–Enigma v. Malwarebytes

[It’s impossible to blog about Section 230 without reminding you that it remains highly imperiled.]

In 2009, the 9th Circuit ruled that Section 230(c)(2) protected Kaspersky from liability for blocking Zango’s software as adware. Since that ruling, we have seen relatively few lawsuits against anti-spam/anti-spyware/anti-virus software vendors. In effect, the Ninth Circuit’s ruling was broad and powerful enough to take the wind out of the plaintiffs’ sails.

Despite the adverse precedent, Enigma Software sued Malwarebytes because Malwarebytes had blocked Enigma as a threat. Enigma further alleged that Malwarebytes made this classification for improper purposes, including anti-competitive motivations. Malwarebytes defended on Section 230(c)(2) grounds. (For more background on the case, see a related ruling in Enigma v. Bleeping Computer).

The court concludes that the case is essentially identical to the Zango v. Kaspersky ruling from nearly a decade ago. Enigma’s efforts to plead around the safe harbor failed.

First, Enigma argued that Section 230(c)(2) applies to material that is “obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable,” and that doesn’t cover malware classifications. The court disagrees.

Second, Enigma argued that Malwarebytes did not make its classification in good faith. Section 230(c)(2)(A) requires filtering decisions be made in good faith, one of the primary reasons that Section 230(c)(2)(A) has faded as a useful safe harbor. However, Malwarebytes relied on Section 230(c)(2)(B), which protects the distribution of filtering decisions. The court says that subsection does not require good faith by the defendant.

Third, Enigma brought a Lanham Act false advertising claim against Malwarebytes, and it argued that the Lanham Act claim fits into the IP exception to Section 230(c). Courts have split on whether the Lanham Act false advertising claims qualify for Section 230’s IP exception. Some courts have treated all Lanham Act claims as IP; others have (correctly IMO) recognized that false advertising claims aren’t IP claims, even if they are housed in an IP statute. This court sides with the camp that says Lanham Act false advertising claims aren’t IP.

[Note for SESTA geeks: I previously explained how the IP exclusion applies to both Section 230(c)(1) and 230(c)(2). The court doesn’t expressly say that, but it proceeds on that assumption. This means the other exceptions, including SESTA’s new exclusion for sex trafficking promotions, would be excluded from Section 230(c). The Manager’s Amendment to SESTA partially fixed this by excluding Section 230(c)(2)(A) from the new provisions. However, it inexplicably does not exclude Section 230(c)(2)(B), which–as this case highlights–remains an important defense for anti-spam/anti-spyware/anti-virus vendors. I cannot think of any good reason to exclude Section 230(c)(2)(A) but not Section 230(c)(2)(B) from SESTA. It’s a reminder that the Manager’s Amendment still has many frayed edges, in addition to its overall structural defects.]

I’ve read that Enigma will appeal this decision to the Ninth Circuit. Given how easy this case appears to be, I don’t think the odds are in their favor.

Case citation: Enigma Software Group USA LLC v. Malwarebytes Inc., 2017 WL 5153698 (N.D. Cal. Nov. 7, 2017)