IP Law Daily Malware detection provider qualified for ‘Good Samaritan’ immunity under CDA Section 230
Thursday, March 7, 2019

Malware detection provider qualified for ‘Good Samaritan’ immunity under CDA Section 230

By Cheryl Beise, J.D.

The Communications Decency Act provided broad immunity for a software provider’s actions related to filtering and blocking optimization software as a potentially unwanted program.

The federal district court in San Jose has dismissed trademark infringement, false advertising, business disparagement, and related claims filed by a computer optimization software provider against a malware detection software provider that allegedly misclassified the plaintiff’s products as potentially harmful. The plaintiff failed to allege consumer confusion to support its trademark infringement claim, failed to allege fame to support its trademark dilution claim, and its remaining claims were barred by Section 230 of the Communications Act’s grant of immunity to service providers for "Good Samaritan" blocking and screening of offensive material. The plaintiff was granted limited leave to amend its claims for false advertising and business disparagement to the extent they were based on false statements rather than acts relating to blocking of offensive material (PC Drivers Headquarters, LP v. Malwarebytes Inc., March 6, 2019, Davila, E.).

Plaintiff PC Drivers Headquarters, LP ("PC Drivers") offers online software products to fix common computer issues. The only way for consumers to obtain PC Drivers’ DRIVER SUPPORT, ACTIVE OPTIMIZATION and DRIVER DETECTIVE products (collectively "Products") is by clicking on an Internet advertisement, installing the software, and then purchasing a license. PC Drivers offers its Products under its federally registered trademarks, a common law mark and a design mark (collectively "Marks").

Defendant Malwarebytes, Inc., is a software company that sells malware detection software designed to scan consumer’s computers for malware, viruses, and other threats. PC Drivers alleged that Malwarebytes wrongfully categorized PC Drivers’ Products as malware or "Potentially Unwanted Programs" ("PUPs"). PC Drivers asserted claims for trademark infringement, trademark dilution, and false advertising under the Lanham Act, well as common law claims for business disparagement, tortious interference with contractual relations, negligence and gross negligence, unfair competition, promissory estoppel, and declaratory relief.

Malwarebytes moved to dismiss the complaint, asserting among other things that it was entitled to immunity under Section 230 of the Communications Decency Act of 1996 (CDA), 47 U.S.C. § 230. Section 230(c)(2)(B) provides immunity from civil liability to users and providers "of an interactive computer service" for acts taken in connection with "‘Good Samaritan’ blocking and screening of offensive material." Blocking and screening include "any action taken to enable or make available to information content providers or others the technical means to restrict access to [offensive] material." However, Section 230(e)(2) expressly exempts "intellectual property" claims from immunity.

CDA immunity. Malwarebytes argued that Section 230’s safe harbor provision provided immunity from liability for all of PC Drivers’ non-trademark claims. Malwarebytes asserted that it was both a user and provider of an interactive computer service (ICS) and that it merely provided the technical means to restrict access to material that Malwarebytes or its users considered objectionable. In response, PC Drivers argued that the viability of its claims could not be resolved on a motion to dismiss because of factual issues.

PC Drivers asserted that the Section 230 safe harbor for blocking offensive material did not apply to Malwarebytes’ alleged "stealing" of click advertising services by redirecting users who clicked on PC Drivers’ paid-for advertising to Malwarebytes’ pages. If a user who had installed Malwarebytes’ software navigated to PC Drivers’ website or clicked on a PC Drivers’ advertisement, the user was directed to a Malwarebytes page that identified the domain driversupport.com as associated with a PUP. The court found that Malwarebytes’ redirection of users to Malwarebytes’ own website fell within the scope of Section 230, which broadly applies to "any action" that is "taken to enable or make available to information content providers or others the technical means to restrict access to material." 47 U.S.C. § 230(c)(2)(B). "The alleged redirection in this case clearly is an action that enables or makes available the technical means to restrict access to material," the court said. The court also found that Malwarebytes’ instructions for the installation and use of the filtering software was an integral part of making the filtering software available to others. Therefore, Malwarebytes was immune from liability for its classification of PC Drivers’ software as a PUP, its redirection of users, and its provision of screenshots and instructions.

PC Drivers also contended that Section 230 did not apply to Malwarebytes’ alleged publication of false and disparaging statements about PC Drivers’ Products made in online forum posts and consist of Malwarebytes’ explanation for the basis of its classification of Driver Support a PUP. The court acknowledged that Malwarebytes’ statement was not necessarily an "action taken to enable or make available" the technical means to restrict access to objectionable material. However, the court found it premature at the pleading stage to make a definitive ruling on the applicability of Section 230 statutory immunity to Malwarebytes’ allegedly false and disparaging statement in the forum post.

PC Drivers additionally argued that Malwarebytes blocked access to PC Drivers’ website even for customers who had already paid for a PC Drivers’ subscription without allowing a means to override Malwarebytes’ block, amounting to tortious interference with contractual relations. A substantially similar argument was rejected by the Ninth Circuit in Zango, Inc. v. Kaspersky Lab, Inc., 568 F.3d 1169, 1173 (9th Cir. 2009). In Zango, the Ninth Circuit found that the defendant, Kaspersky satisfied the requirements of Section 230 by "making available" for users of its products the technical means to restrict access to items that Kaspersky defined as malware. The plain language of Section 230 grants providers and users of filtering software the discretion to determine what is "otherwise objectionable" content, the court observed.

Lastly, PC Drivers contended that the statutory immunity did not apply because Driver Support was not "objectionable," and Malwarebytes "has not actually determined that PC Drivers is objectionable." These allegations were contradicted by PC Drivers’ complaint objecting to Malwarebytes’ classification of PC Drivers’ Driver Support program as a PUP.

The court finally noted that PC Drivers’ complaint did not allege any anti-competitive behavior or any covert action by Malwarebytes. Therefore, PC Drivers’ claims for false advertising under Lanham Act Section 43(a), business disparagement, and negligence or gross negligence were dismissed with prejudice to the extent they were based on Malwarebytes’ classification of PC Drivers’ Products as PUPS or otherwise objectionable and for the filtering "actions." PC Drivers’ claim for tortious interference with contractual relations was dismissed with prejudice in its entirety.

False advertising and business disparagement claims. To the extent PC Drivers’ claims for false advertising and business disparagement were based on Malwarebytes’ allegedly false and disparaging statement in an online forum post that Driver Support is a "system optimizer" online forum post, the applicability of Section 230 could not be determined at the pleading stage. Malwarebytes nevertheless contended that even if statutory immunity did not completely shield it from liability, PC Drivers failed to state viable claims. The court disagreed. At this stage, PC Drivers failed to alleged sufficient facts to establish the falsity of Malwarebytes’ "system optimizer" classification and related statements. The claims were dismissed without prejudice.

Trademark claims. PC Drivers’ trademark dilution claim was dismissed because its Marks were not sufficiently "famous" for protection under the Lanham Act, a fact PC Drivers conceded. Malwarebytes contended that PC Drivers’ trademark infringement claim had to be dismissed because the complaint failed to plausibly allege that users were confused by Malwarebytes’ use of PC Drivers’ Marks. Malwarebytes also argued that its use was protected as "nominative" fair use.

The court agreed with Malwarebytes. The court noted that PC Drivers did not allege that Malwarebytes used any of PC Drivers Marks or a similar mark in a manner to cause confusion as to sponsorship or endorsement. Instead, PC Drivers contended that Malwarebytes’ use of the Marks caused confusion by "deceiv[ing] the public into believing PC Drivers’ website and [P]roducts are malicious, and that Malwarebytes’ premium product is the solution to resolve any future ‘malicious’ programs." The court rejected PC Drivers’ "novel theory of trademark infringement."

The court also found that the face of the PC Drivers’ complaint and screenshots of Malwarebytes’ software notifications established all the elements of a nominative fair use defense. The screenshot showed that Malwarebytes used "download.driversupport.com." and "www.driversupport.com to inform the user of the name of program that was being blocked. Malwarebytes referred to each PC Drivers domain name only once and its use of the domain names did not suggest sponsorship or endorsement by PC Drivers. Because PC Drivers’ complaint failed to allege actual confusion and showed that Malwarebytes’ use of the Marks was nominative and non-infringing, its trademark infringement claims was dismissed.

PC Drivers’ claims for false advertising, business disparagement, and attorney fees were dismissed with leave to amend, and the remaining claims were dismissed with prejudice.

This case is No. 5:18-cv-05409-EJD.

Attorneys: Andrew John Schumacher (Winstead PC) for PC Drivers Headquarters, LP. Katherine Patrice Chiarello (Wittliff Cutter Austin PLLC) and Tyler Griffin Newby (Fenwick & West LLP) for Malwarebytes Inc.

Companies: PC Drivers Headquarters, LP; Malwarebytes Inc.

MainStory: TopStory TechnologyInternet Trademark CaliforniaNews

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More
Reading IP Law Daily on tablet

IP Law Daily: Breaking legal news at your fingertips

Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on intellectual property legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.

Free Trial Learn More