Malware detection software provider gets important victory allowing it to flag unwanted driver installer

Despite a recent Ninth Circuit decision denying immunity to malware detection provider for targeting competitor’s software, court holds that Section 230 protected Malwarebytes from liability for designating software driver program as potentially unwanted program.

Plaintiff provided software that works in real time in the background of the operating system to optimize processing and locate and install missing and outdated software drivers. Defendant provided malware detection software designed to scan consumer’s computers and to report potentially unwanted programs. After defendant’s software categorized plaintiff’s sofware as a potentially unwanted program, plaintiff sued, putting forth a number of business torts, including business disparagement, tortious interference and common law unfair competition.

Defendant moved to dismiss under 47 U.S.C. 230(c)(2)(B), which provides that no provider of an interactive computer service shall be held liable on account of any action taken to enable or make available others the technical means to restrict access to material that the provider deems to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.

The court granted the motion to dismiss, holding that Malwarebytes was immune from suit under Section 230. It differentiated the case from the Ninth Circuit’s recent decision in Enigma Software Group USA, LLC v. Malwarebytes, Inc., 946 F.3d 1040 (9th Cir. 2019), in which the court held that Section 230 immunity did not protect Malwarebytes for designating a competitor’s anti-malware software as “otherwise objectionable”. In this case, the court found that plaintiff’s software did not make it a competitor to defendant. Since the parties were not direct competitors, the limitations on Section 230’s protection did not apply.

The case can be met with a bit of a sigh of relief to those who, along with Professor Goldman expressed concern that the Enigma case would make it more difficult for anti-malware providers to offer their services. Though Enigma did limit Section 230 protection for these vendors, this decision shows that Section 230 immunity in this space is not dead.  

Asurvio LP v. Malwarebytes, Inc., 2020 WL 1478345 (N.D. Cal. March 26, 2020)

See also

Best practices for providers of goods and services on the Internet of Things

Ninth Circuit: Section 230 barred tortious interference claim

Amazon.com scored a Ninth Circuit win on Section 230 grounds when the court affirmed the lower court’s summary judgment against a pro se plaintiff’s claim against Amazon for tortious interference with prospective and actual business relations, and interference with an economic advantage. The claim apparently arose out of a third party posting a review on Amazon that plaintiff did not like. Citing to Barnes v. Yahoo!, Inc., 570 F.3d 1096 (9th Cir. 2009), the court observed that the Communications Decency Act (at Section 230(c)(1)) provides immunity from liability if a claim “inherently requires the court to treat the defendant as the ‘publisher or speaker’ of content provided by another.” Plaintiff had failed to raise a genuine dispute of material fact as to whether Amazon was not a publisher or speaker of content within the meaning of Section 230.

Sen v. Amazon.com, 2020 WL 708701 (9th Cir. February 12, 2020)

Donald Trump wins smackdown victory in defamation and tortious interference lawsuit over domain name dispute

Donald Trump filed a UDRP action against plaintiff Stevens over plaintiff’s registration of the domain name TrumpEstates.com. While that action was pending, plaintiff filed a lawsuit against Trump, his organization, and his lawyers, asserting claims of defamation, tortious interference with business relations, and also seeking a declaratory judgment concerning cybersquatting.

Trump moved to dismiss for failure to state a claim upon which relief may be granted. The court granted the motion and dismissed the action with prejudice.

The defamation claim failed because plaintiff had established a website at the disputed domain name that provided a link to a New York Post article that republished the report of the defamatory allegations, namely, that plaintiff had violated the law and had committed cybersquatting by registering the disputed domain name. This claim failed under New York law because words voluntarily disseminated to the world by the party allegedly aggrieved cannot, by definition, be found defamatory.

The tortious interference claim failed because plaintiff did not identify any third party with which it had a business relationship, let alone one with which the Trump defendants interfered and injured.

Plaintiff’s claim for declaratory judgment sought an order from the court holding that plaintiff had not improperly registered the domain name. The court found that plaintiff did not offer any factual allegations of he acted in good faith when he registered the disputed domain name. Instead, plaintiff actually admitted that his business centered around the reselling of domain names. Federal law recognizes it to be an indication of bad faith when it offers to transfer, sell, or otherwise assign a domain name to the mark owner or any third party for financial gain without having used, or having an intent to use, the domain name in a bona fide offering of any goods or services. (In this case, the disputed domain name had been advertised as being for sale for $400,000.)

The case can be properly characterized as a “smackdown” because the court dismissed the action with prejudice, meaning that plaintiff does not have the opportunity to refile the deficient complaint. The court added some gloss on the part of the opinion where it determined that leave to amend it would be improper. It noted that the “network of regulations” that protect trademark owners’ interests in domain names makes “crystal clear that, even in cyberspace, the TRUMP mark is entitled to regulatory protection fair and square.” The court went on to note that it was inconceivable that plaintiff could, as the silence of his papers emphasized, plead any facts that would entitle him to co-opt the Trump name.

Stephens v. Trump, 2016 WL 4702437 (E.D.N.Y., September 7, 2016)

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Website operator was too involved with development of content to be immune under Section 230

Defendant started up a website to — in her own words — provide a place for others to have a dialogue and post information about their experiences at Plaintiff’s youth drug rehab facilities. Plaintiff found the content of Defendant’s website offensive, and sued for defamation and intentional interference with prospective economic advantage. Defendant filed a motion to strike under California’s Anti-SLAPP law. The court denied the motion.

In denying the Anti-SLAPP motion, the court found, among other things, that Plaintiff had established a probability of prevailing on most of its claims. This chance of prevailing withstood Defendant’s argument that she was shielded from liability by the Communications Decency Act.

This Act provides that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” 47 U.S.C. § 230(c)(1).

Defendant acknowledged that her defense was relevant only to the extent that she was alleging that comments by third parties on her website were defamatory.

She quoted Batzel v. Smith, 333 F.3d 1018 (9th Cir. 2008) to assert that “the exclusion of ‘publisher’ liability necessarily precludes liability for exercising the usual prerogative of publishers to choose among proffered material and to edit the material published while retaining its basic form and message.” She argued that she was entitled to Section 230 immunity because she was an exempt publisher — she either simply posted others’ statements or made minor edits to those statements before posting.

The court did not agree with Defendant’s characterization of her publishing activities.

It found that her posts would not lead a visitor to believe that she was quoting third parties. Rather, in the court’s view, Defendant adopted the statements of others and used them to create her comments on the website. She posted her own articles, and summarized the statements of others.

Moreover, Defendant did more than simply post whatever information third parties provided. She elicited statements through two surveys that contained specific questions to gather information about specific issues. The court found this to disqualify Defendant from Section 230 immunity under the holding of Fair Housing Council v. Roommates.com, LLC, 521 F.3d 1157 (9th Cir. 2008) (wherein the website operator was not immune under the Communications Decency Act because it created discriminatory questions and choice of answers).

Diamond Ranch Academy, Inc. v. Filer, 2016 WL 633351 (D. Utah, February 17, 2016)

Evan Brown is a Chicago attorney advising enterprises on important aspects of technology law, including software development, technology and content licensing, and general privacy issues.

Website drives off with Section 230 win over Chevy dealer

Nemet Chevrolet sued the website Consumeraffairs.com over some posts on that website which Nemet thought were defamatory and interfered with Nemet’s business expectancy. The website moved to dismiss the lawsuit, claiming that the Communications Decency Act at 47 U.S.C. 230 immunized the website from the lawsuit.

But when we're driving in my Malibu, it's easy to get right next to you. . . . "

The court dismissed the action on Section 230 grounds and Nemet sought review of the dismissal with the Fourth Circuit Court of Appeals. The appellate court affirmed the dismissal.

Section 230 precludes tort plaintiffs from holding interactive computer services (like website operators) liable for the publication of information created and developed by others. Most courts (like the Fourth Circuit) consider Section 230’s protection to be a form of immunity for website operators from lawsuits arising over third party content.

But that immunity disappears if the content giving rise to the dispute was actually created or developed by the operator and not by a third party. In those circumstances the operator also becomes an information content provider. And there is no Section 230 immunity for information content providers.

That’s where Nemet steered its argument. It alleged that the website was a non-immune information content provider that created and developed the offending content.

Nemet raised two general points in its argument. It claimed that the website’s structure and design elicited unlawful content, and that the site operator contacted individual posters to assist in revisions to the content. It also claimed that the site operator simply fabricated a number of the offending posts.

Applying the pleading standards on which the Supreme Court recently elaborated in Ashcroft v. Iqbal, the court found Nemet’s claims that the site operator was actually an information content provider to be implausible.

As for the structure and design argument, the court differentiated the present facts from the situation in Fair Housing Council of San Fernando Valley v. Roommates. com. In Roommates.com, the court found that the website was designed to elicit information that would violate the Fair Housing Act. In this case, however, there was nothing unlawful in inviting commentary on goods or services, even if it was for the purposes of drumming up business for plaintiffs’ class action lawyers.

As for the other arguments, the court simply found that the allegations did not nudge the claims “across the line from conceivable to plausible.” The court found the argument that the website fabricated the posts to be particularly not creditable, in that Nemet’s allegations relied mainly on an absence of information in its own records that would connect the post to an actual customer.

On balance, this decision from the Fourth Circuit shows that Section 230 immunity is as alive and well at the end of the “oughts” as it was a dozen years before when the Fourth Circuit became the first federal appellate court to consider the scope of the section’s immunity. That 1997 decision in the case of Zeran v. AOL remains a watershed pronouncement of Section 230’s immunity.

Congratulations to my friend and fellow blogger Jonathan Frieden’s impressive win in this case.

And Happy New Year to all the readers of Internet Cases. Thanks for your continued loyal support.

Chevy Malibu photo courtesy Flickr user bea-t under this Creative Commons license.

Pop-ups don’t amount to unfair competition in Utah case

Nor do they give rise to tortious interference.

Overstock.com, Inc. v. SmartBargains, Inc., — P.3d —-, 2008 WL 3835094 (Utah August 19, 2008)

In 2004, Overstock.com sued its competitor SmartBargains in Utah state court for violations of the state’s anti-spyware statute [Utah Code sections 13-40-101 et seq.], unfair competition and tortious interference with prospective business relations. Overstock accused SmartBargains’ of using a technology to cause SmartBargains pop-up ads to appear when one visited Overstock.com. The lower court granted summary judgment in favor of SmartBargains, holding the anti-spyware statute unconstitutional, and finding that Overstock had not presented a genuine issue of material fact on its unfair competition and tortious interference claims.

Overstock sought review of the lower court’s decision on the unfair competition and tortious interference claims with the Utah Supreme Court. On appeal, the court affirmed the grant of summary judgment.

The lower court had looked to the various WhenU cases, which deal with pop-up advertising to determine there was no triable issue as to unfair competition. (1-800 Contacts, Inc. v. WhenU.com, Inc., 414 F.3d 400 (2d Cir.2005), Wells Fargo v. WhenU.com, Inc., 293 F.Supp.2d 734 (E.D.Mich.2003), and U-Haul Int’l, Inc. v. WhenU.com, Inc., 279 F.Supp.2d 723 (E.D.Va.2003)) But the Supreme Court found the cases to be of limited value, given that they interpreted federal statutory laws, not state common law.

The court declined to adopt a “per se rule holding that all pop-ups do not violate Utah unfair competition law.” Nonetheless, the court found that Overstock did not demonstrate specific facts beyond the pleadings showing that the pop-ups were deceptive, infringed a trademark or passed off SmartBargains’ goods as those of Overstock. After all, the pop-ups were labeled with SmartBargains’ logo and appeared in a separate window. Without something compelling like survey evidence, the court concluded there was no genuine issue for trial.

As for the tortious interference claim, the court similarly held that Overstock had not shown any evidence of improper purpose (competition was fully legitimate end) or improper means on the part of SmartBargains in causing the pop-ups to appear. Although the case doesn’t expressly say so, the dismissal of this claim was probably collateral damage to the unconstitutionality of the anti-spyware statute. Among the things included as “improper means” under Utah tortious interference law is violation of a statute. With no statue left to violate, no so-called improper means could subsist.

Beaded jewelry website tussle turns into lawsuit alleging bogus DMCA takedown notice

Does a hosting provider breach the contract with its customer when it responds to a DMCA takedown notice concerning its customer’s content? The plaintiff in this case would have you believe that. [Download the Complaint]

Jades Creations, LLC v. White, No. 07-50225 (N.D. Ill., Filed November 16, 2007)

Rockford, Illinois-based Jades Creations, LLC has filed suit in federal court against its competitor in the beaded jewelry industry over what Jades claims were unmeritorious takedown notices sent to Earthlink under the Digital Millennium Copyright Act.

Back in October, SW Creations sent a DMCA takedown notice to Earthlink, the host of Jades Creations’ Web site, claiming that material located thereupon infringed SW Creations’ copyright and trademark rights. (Never mind the DMCA does not apply to trademarks.) Jades, of course, disputed the fact that there was infringing content on its site, and successfully had access to its site restored after sending Earthlink a counternotification.

But Jades didn’t stop there. Obviously perturbed by what it believed to be an unwarranted takedown notice that caused it to lose business, it filed a lawsuit in the Northern District of Illinois, asking for a declaration of non-infringement and asserting various tort claims for the takedown notice.

One of the claims is for tortious interference with the contract between Jades and her hosting provider Earthlink. This is intriguing, but it looks like there could be a bit of a hurdle here.

Under Illinois law, a successful plaintiff in a tortious interference with contract action has to prove, among other things, that an actual breach of contract occurred because of the defendant’s conduct. Belden Corp. v. InterNorth, Inc., 413 N.E.2d 98 (Ill. App. 1st Dist. 1980). Did Earthlink breach the contract with its hosting customer when it obeyed the demands of a third party DMCA takedown notice?

Jades alleges that this was a breach (see paragraph 60 of the complaint). Do you agree?

Earthlink’s terms of service can be found here. And remember, 17 U.S.C. 512(g) provides that “a service provider shall not be liable to any person for any claim based on the service provider’s good faith disabling of access to, or removal of, material or activity claimed to be infringing or based on facts or circumstances from which infringing activity is apparent, regardless of whether the material or activity is ultimately determined to be infringing.”

Scroll to top