Web Filtering Software Immune under Section 230, 9th Circuit Says
A little-used provision in Section 230 of the Communications Decency Act saw its first known interpretation by an appeals court last week. The 9th U.S. Circuit Court of Appeals upheld a ruling against Zango, an adware provider that accused security software provider Kaspersky Lab of unfairly blocking its software. Zango folded in April following a bank foreclosure, a $4.6 million judgment for employee back pay, and a long history of negative attention for its distribution practices, which earned the company a $3 million fine from the FTC (WID Nov 6/06 p1). But a concurring opinion in the 9th Circuit case said Congress may want to reconsider the breadth of protection offered in Section 230(c)(2), so other services can’t block Web sites of competitors or critics.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Kaspersky claimed immunity under the “good Samaritan” provision of the law, which protects the judgments made to block and screen “offensive material.” Unusually, the opinion by Judge Pamela Rymer broadly identified adware as “a type of malware,” not software that may exhibit malware characteristics in some forms. Zango said the Kaspersky Internet Security software disabled its toolbar in Zango users’ browsers, and claimed that an “apply to all” checkbox didn’t work in Kaspersky warnings for other Zango software, so users are “forced to deal with constant warnings.” Kaspersky users who tried to download Zango software similarly were given repeated “Anti-Virus Warning” messages with nonfunctional “allow” buttons, Zango said.
Section 230(c)(2) “plainly immunizes” filtering providers’ own judgments about what to block for their customers, Rymer’s opinion said. Kaspersky’s software qualifies as an “access service provider” that can block at will “obscene, lewd, lascivious … or otherwise objectionable” content. The opinion acknowledges in a footnote that House proponents of the provision that became Section 230 saw it as a porn-fighting measure. But conference report language shows that Congress wanted to “maximize user control” over Internet content and help parents block “inappropriate” material, putting Kaspersky and others into safe-harbor territory, Rymer said. She also noted in several places that adware can link to porn sites.
Zango misunderstood the 9th Circuit’s 2003 Batzel decision, which immunized the “taking down” of a user’s posting, Rymer said. The court didn’t mean to restrict immunity to Web site operators and ISPs, and leave out those who don’t provide “access to content,” and in any case the ruling involved Section 230(c)(1), she said. The statute is broadly written, so any filtering service that “enables computer access by multiple users to a computer server” qualifies for the safe harbor -- even if its only function is updating malware definitions. Zango’s feared application of the provision to “any and all software providers” is unfounded, Rymer said.
Zango shot itself in the foot by not claiming in its initial appeal that Kaspersky blocked content that didn’t qualify as “objectionable,” the opinion said. That argument was raised in a friend-of-the-court brief by the National Business Coalition on E-Commerce and Privacy, but Zango only made the argument in a reply brief -- too late under judicial precedent, Rymer said. It was similarly late in arguing that Kaspersky was implicitly required to show “good faith” in its blocking, she added. (The two-part (c)(2) explicitly requires good faith for its first provision, not its second, under which the lower court dismissed Zango’s claim.)
Section 230 is meant to prevent business torts, contrary to Zango’s view, Rymer said. She pointed to the court’s ruling in Perfect 10 v. CCBill (WID March 30/07 p9), involving copyright infringement claims by a porn publisher. “If a Kaspersky user … is unhappy with the Kaspersky software’s performance, he can uninstall Kaspersky and buy blocking software from another company,” Rymer said.
Judge Raymond Fisher agreed that “the way Zango has framed its appeal” meant a Kaspersky win. But “extending immunity beyond the facts of this case could pose serious problems if providers of blocking software were to be given free license to unilaterally block the dissemination of material by content providers” under Section 230(c)(2). Congress intended for providers to block content that “users would find objectionable,” but a provider could block content for “anticompetitive purposes or merely at its malicious whim” under the statute’s “generous coverage,” Fisher said.
Kaspersky conceded at oral argument that the law didn’t require a provider to offer a “warning or override option” for a user to access content, as Kaspersky said it did, Fisher said. He theorized that the provider of a Web browser could avail itself of safe-harbor protection for filtering third-party search results, ensuring that critical or competing Web sites wouldn’t be displayed, “without the user’s knowledge.” Without the good-faith requirement that Zango belatedly raised, “immunity might stretch to cover conduct Congress very likely did not intend to immunize,” Fisher said. But it’s up to Congress to fix the statute or for a “future litigant” to make a better case than Zango did, he added.
There’s no evidence that security software providers have abused Section 230(c)(2) since the August 2007 lower- court ruling, as theorized by Fisher, Ari Schwartz, chief operating officer at the Center for Democracy and Technology, told us. The group filed as a friend of the court in favor of Kaspersky, and it leads the Anti-Spyware Coalition, whose guidelines already include a good-faith requirement for blocking, he said. It would be dangerous for Congress to rewrite Section 230, even if the purpose is simply to add the missing good-faith requirement, as other immunities could be swept away, Schwartz said. Adware companies have largely disappeared because the “gray area” of advertising and user consent has disappeared, he said.