The Ninth Circuit released its opinion in Zango Inc. v. Kaspersky Lab Inc., No. 07-35800 (9th Cir. June 25, 2009), this afternoon, rejecting an adware company's argument that anti-spyware software makers are not among the class of defendants that Congress intended to give immunity under the "safe harbor" protections in Section 230 of the Communications Decency Act. Zango argued, unsuccessfully, that CDA Section 230's protections should be limited to online content providers.
In addition to finding text-based support for immunity, the court also found that according immunity to Kaspersky advanced Congress's policy objectives as well:
According protection to providers of programs that filter adware and malware is also consistent with the Congressional goals for immunity articulated in § 230 itself. Five policy objectives are identified. Of these, two read on the issues in this case: “to encourage the development of technologies which maximize user control over what information is received by individuals, families, and schools who use the Internet and other interactive computer services;” and “to remove disincentives for the development and utilization of blocking and filtering technologies that empower parents to restrict their children’s access to objectionable or inappropriate online material[.]” §230(b)(3), (4). As more software is developed to block malware, users will be able to exercise more control over the content that is transmitted to their computers.
Thus, affording the safe harbor to providers of anti-malware software aligns with the Congressional policy stated in § 230(b)(3). Malware may also expose users to objectionable content, including links to pornographic websites, or to software that can compromise the user’s privacy, computer security, or identity. Thus, the policy stated in § 230(b)(4), of removing disincentives for the development of software that filters out objectionable or inappropriate material, is served by a safe harbor for providers of malware-filtering software who otherwise fall within the terms of the statute.
The court held that Kaspersky was entitled to immunity as a "provider" of an "interactive computer service," Section 230(f)(2), rejecting a handful of technical arguments otherwise.
The court also rejected, importantly, Zango's claim that Kaspersky was not entitled to immunity because Kaspersky -- not the user -- determined which sorts of content were objectionable. Zango claimed that Kaspersky's software unlawfully permitted Kaspersky to override the user's previous agreement to install Zango's adware. So long as the material blocked is objectionable under Section 230(c)(2)(A) -- defined there as "material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable ..." -- then Kaspersky is entitled to claim CDA Section 230 immunity, the court said.
The court declined to read a good faith requirement into this part of the statute. This part of the opinion troubled Judge Fisher, prompting him to to write a concurring opinion calling for some sort of "good faith" limitation on a provider's ability to declare content "objectionable":
[U]nder the generous coverage of § 230(c)(2)(B)’s immunity language, a blocking software provider might abuse that immunity to block content for anti-competitive purposes or merely at its malicious whim, under the cover of considering such material “otherwise objectionable.” Focusing for the moment on anti-competitive blocking, I am concerned that blocking software providers who flout users’ choices by blocking competitors’ content could hide behind § 230(c)(2)(B) when the competitor seeks to recover damages. I doubt Congress intended § 230(c)(2)(B) to be so forgiving.
- ...*
It would be an abuse of this immunity to apply it to blocking activity of the kind I have hypothesized here. Nevertheless, until Congress clarifies the statute or a future litigant makes the case for a possible limitation, I agree that Kaspersky qualifies for immunity under this broadly worded statute.
The Ninth Circuit's take on this case pretty much followed the lower court's approach, and it certainly accorded with most legal experts's views on the scope of CDA Section 230, so no big surprises today. Nevertheless, the court's opinion provides anti-spyware software makers (and anti-spam services) with additional confidence to go out and develop robust user protections, without fear of courting legal liability.
Comments