Service Provider to a Ponzi Scheme Operation Qualifies for Section 230–Wiand v. ATC Brokers

[This opinion was issued 6 months ago, but it just showed up in my alerts.] This case involves an alleged Ponzi scheme involving foreign currency exchanges (“forex”). In addition to the direct participants in the scheme, the CFTC pursued Spotex, which the court says “provided a ‘white label’ software suite…[to] generate online account records with various back-office tasks.” That’s a word salad, but I believe the Ponzi purveyors allegedly used Spotex’s system to manufacture fictional data and present it to investors as if it was accurate. More specifically, the CFTC claims:

the CFTC Action Defendants used the OASIS website to show (i) fictitious returns from investment income available via online account records, and (ii) an illusion of continuous investment earnings via a web portal for investors. Defendant Spotex’s white label software suite technology allowed the CFTC Action Defendants to generate online account records and the web portal for investors…

Spotex provided the following: (a) technological and operational support services to the CFTC Defendants relating to the accounts, including with server space, software, and access to ATC’s trading platform, including the MT4 trading platform; (b) providing the CFTC Defendants with various back-end/back-office reports that would and did manipulate via backend/back-office “adjustments” trading losses into fictitious trading profits and would publish the fictitious profits (and remove the losses) to the online portal viewable by investors

The CFTC asserted claims that Spotex aided and abetted, was negligent, and more. Spotex defended on Section 230 grounds, saying it:

was not responsible for the creation or development of content[.] Spotex simply provided a neutral software tool that would support ATC’s clients and generate various back-office tasks.

In response,

Plaintiff contends that Spotex’s knowledge of back-office adjustments, “concealment of [those] adjustments, and resulting misleading account values to the positive, is more than sufficient to prove actual knowledge of the fraud and breach of fiduciary duty.” Additionally, Plaintiff argues Spotex provided “substantial assistance by automating the process by which the CFTC [Action] Defendants could manipulate the trading results through adjustments.”

The court treats this as a relatively straightforward Section 230 dismissal.

ICS Provider. “a defendant qualifies as an ICS if the defendant hosts users on its platform and the defendant does not otherwise generate content for users….the CDA immunizes a wide range of online platforms including: search engines, email services, and many other platforms from civil liability.” As applied to Spotex:

Spotex’s white label software suite clearly constitutes “software … or enabling tools” because, as its description provides, it is a software that allowed ATC to “choose, analyze, or digest” account information and later transmit or display that information in the form of account records. Therefore, the Court finds that Plaintiff’s allegations support a finding that Spotex is an access software provider and in turn is an ICS, because Spotex provided a white label software that subsequently ATC, OASIS, and investors used to access Spotex’s online servers.

This is an interesting application of the “access software provider” definition. Maybe the court is saying that Spotex was a SaaS provider, and essentially every SaaS provider always allows users to “’choose, analyze, or digest’ account information”…?

Publisher/Speaker Claims.

Plaintiff appears to suggest that Spotex is not entitled to CDA Immunity because Plaintiff’s aiding and abetting and negligence claims do not charge Spotex with being a publisher of information. Plaintiff contends that his claims seek to hold Spotex liable for “designing a flawed system which generated false account records.” The Court finds Plaintiff’s contention is circular. In fact, Plaintiff’s claims are inextricably related to Spotex’s role in providing software that collects, generates, and transmits content, which is protected activity under the CDA. Specifically, Plaintiff’s claims aim to hold Spotex responsible for the reports generated using its software, which as a result, would punish Spotex as if Spotex were the publisher or speaker of the information contained within those reports. Therefore, this Court finds the allegations in the Amended Complaint target Spotex as the publisher or speaker of information and are sufficient to satisfy the second element of CDA Immunity

The court adds: “Plaintiff’s negligence claims are inextricably related to Spotex’s role in providing white label software and automation of back-office adjustments. Therefore, Spotex’s immunity under the CDA extends to these claims as well.”

As I teach my students, when it comes to claim over online third-party content, EVERY CLAIM is a publisher-speaker claim unless it’s one of 230’s enumerated statutory exceptions. In particular, without 230, every online publisher might “aid and abet” tortious third-party content providers by disseminating their content. Section 230 shuts down this aiding and abetting doesn’t workaround. (We’ll see what’s left of that principle after the Taamneh ruling). Also, this court simply rejects the negligent design argument, despite Lemmon v. Snap. I think this ruling is consistent with Lemmon v. Snap because the CFTC’s claims are based on the customer’s (a/k/a third party) data, which the Lemmon court said would still trigger 230.

Third-Party Content.

the Amended Complaint is devoid of any allegation that Spotex materially contributed to the content contained within the reports generated by ATC or the OASIS Entities. Plaintiff does, however, allege that Spotex automated “large adjustments for the CFTC [Action] Defendants.” Looking to the automated adjustments, Plaintiff does not allege Spotex changed, altered, or otherwise manipulated information the CFTC Action Defendants reported. Nor does Plaintiff allege Spotex individually determined what adjustment(s) needed to be made and thereafter performed the adjustment(s) for the CFTC Action Defendants. Moreover, Plaintiff does not allege Spotex conditioned either the OASIS Entities’ or the CFTC Action Defendants’ use of the white label software on participation in unlawful activity…

Spotex’s automation of adjustments and creation of white label software are actions taken to display content. The Court further finds that the CFTC Action Defendants acted as information content providers, as they recorded trading related information on Spotex’s platform and performed adjustments to alter that information

In other words, Spotex didn’t do the fictionalization itself. To me, this is a redux of the negligent design argument. The CFTC seems to be saying that Spotex made it too easy to fictionalize the data, but that doesn’t change the data’s status as third-party content.


The court says that the CFTC brought both civil and criminal claims, but the court didn’t distinguish between the two in its analysis. The difference is crucial, because Section 230 by its terms doesn’t apply to federal criminal prosecutions. In other words, if the CFTC brought charges that Spotex is violating a federal crime by aiding and abetting the Ponzi scheme, then Section 230 categorically would not apply. So, if you are tempted to blame Section 230 for shielding Spotex, be precise about exactly what it shielded Spotex against (civil claims) and perhaps ask more questions about the CFTC’s charging decisions.

This opinion made me think of the numerous FOSTA lawsuits against Salesforce for being a back-end service provider to Backpage–which I’ve characterized as efforts to impose tertiary liability on Salesforce for offline sex trafficking. Some courts have indicated that Salesforce doesn’t qualify for Section 230, but this ruling provides support for the premise that Section 230 protects a wide range of B2B service provider functions.

Case Citation: Wiand v. ATC Brokers Ltd., 2022 WL 19336431 (N.D. Fla. Sept. 27, 2022)