TR Daily Tech Stakeholders Urge Review of Section 230 Cybersecurity Case
Monday, June 15, 2020

Tech Stakeholders Urge Review of Section 230 Cybersecurity Case

Tech sector advocates and experts have urged the Supreme Court to reverse a decision by the U.S. Court of Appeals for the Ninth Circuit (San Francisco) holding that the liability protections for third-party content in section 230 of the 1996 Communications Decency Act (CDA) do not extend to Internet intermediaries that provide users with the ability to block content for anticompetitive reasons. They argued that the decision below would discourage innovation and self-regulation and would raise barriers to cybersecurity.

The case pending a Supreme Court decision on a petition for certiorari, “Malwarebytes, Inc., v. Enigma Software Group USA LLC” (case 19-1284), stems from allegations by Enigma Software that Malwarebytes configured its software to block users from accessing Enigma’s software in order to divert Enigma’s customers in violation of state and federal false advertising law. The U.S. District Court for Northern District of California had ruled those claims to be barred by section 230 of the CDA. The Ninth Circuit held that the district court read the Ninth Circuit’s 2009 ruling in “Zango, Inc., v. Kaspersky Lab, Inc.” too broadly in extending immunity in this case and reversed judgment.

In an amicus curiae brie, TechFreedom said that “the Ninth Circuit’s interpretation of Subsection 230(c)(2)(B) of the Communications Decency Act is unsupported by the text of the statute and stifles competition, innovation, and consumer choice across the Internet ecosystem.”

Section 230(c)(2)(B) says that no provider or user of an interactive computer service shall be held liable on account of “any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph [A],” which refers to “material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected.”

TechFreedom said, “This Court should grant certiorari because the Ninth Circuit’s misinterpretation of Subsection 230(c)(2)(B)’s plain text ignores this Court’s canons of statutory interpretation and will have grave consequences for innovation, consumer choice, and diversity across the Internet ecosystem.”

It added that the Ninth Circuit’s decision “renders the statute incoherent. While Congress chose to include a good-faith requirement in Subsection 230(c)(2)(A), which bestows immunity on those who decide to restrict access to online content, it deliberately omitted that same requirement from Subsection 230(c)(2)(B) for those who provide the ‘technical means’ for others to restrict access to content. … The Ninth Circuit’s decision obliterates this distinction.”

The Ninth Circuit’s decision would bring “a flood of new litigation against a range of people and innovators far broader than just developers of anti-malware software. Exacerbating this problem, the Ninth Circuit’s decision opens the door to a panoply of state and federal causes of action that are predicated on allegations of bad faith or unfair competition. Not only does litigation impose a substantial new cost on existing competitors, the specter of protracted legal battles will deter new players from entering the market in the first place—leading to a less competitive, innovative, and diverse Internet for everyone. In effect, the decision will subject cybersecurity and filtering software companies to ‘death by ten thousand duck-bites.’”

In a separate amicus brief, the Internet Association said that the Ninth Circuit “def[ied] basic rules of statutory interpretation” by grafting onto the (c)(2)(B) immunity for providing blocking tools to users the “requirement—conspicuously omitted from the statute’s text—that courts consider the subjective motivations of online service providers before determining whether the provider is entitled to the immunity Section 230(c)(2)(B) promises. In so doing, the Ninth Circuit exposes service providers to exactly the sort of costly litigation battles that the statute was intended to forestall.”

IA added that “the Ninth Circuit’s decision in this case is dangerous. While there was much the panel got right about Section 230, its basic holding—that Section 230(c)(2)(B) does not protect ‘blocking and filtering decisions that are driven by anticompetitive animus’—threatens to undermine the important self-regulatory efforts that Section 230 is intended to facilitate.”

IA said that “[b]ased on barebones allegations, service providers (and even users) may be threatened with expensive and time-consuming litigation to defend their self-regulatory efforts—efforts that happen constantly, given the massive scale of online communications. As much as the actual risk of liability, such litigation burdens significantly raise the costs of engaging in self-regulation, and some providers may find that the risk is simply not worth it.”

In a joint amici brief, more than a dozen cybersecurity experts, mostly from academia, said, “The Ninth Circuit’s ruling will expose Internet users to an array of threats that can compromise their systems and data, corrupt or extract their files, bog down their computers or smartphones, and weaponize their devices against other Internet users.”

They added, “The decision below erodes the legal immunity provided by Section 230(c)(2)(B), which allows companies to develop robust anti-threat software to protect Internet users. In place of that immunity, the decision creates an opening for expensive and prolonged litigation. To avoid costly litigation and reduce business risk, anti-threat software vendors will opt to become overly conservative in identifying and blocking potential threats. This will leave tens of thousands of government entities, tens of millions of businesses, and hundreds of millions of Internet users more vulnerable to hazardous software.”

They urged the Supreme Court to grant the petition for certiorari, noting that “[t]he proper interpretation of Section 230(c)(2)(B) is an important federal question that has not been settled by this Court” and arguing that the Ninth Circuit’s interpretation “will compromise the safety and security of Internet users.”

In its amicus brief, cybersecurity firm Eset LLC said that it “competes vigorously with petitioner Malwarebytes in the market for cyber security products, yet this case involves a question of such exceptional importance that ESET decided to file an amicus brief in support of one of its direct competitors. Unless this Court grants certiorari, it will be harder for ESET and other legitimate cyber security companies to provide their users with the means to avoid objectionable materials online, and the internet will become a more dangerous and confusing place for consumers.”

Eset added that the Ninth Circuit’s “opinion impedes the development of effective cyber security software. Congress granted broad immunity to companies that provide users the means to filter out objectionable online content, but the Ninth Circuit’s decision undercuts that statutory immunity whenever a plaintiff alleges anticompetitive animus. Yet a purveyor of objectionable material can easily position itself as a competitor and make a facially plausible claim of such animus. Because of the expense involved in defending litigation past the pleading stage, the decision discourages software companies from developing effective filtering and blocking tools.”

In addition, Eset said that the Ninth Circuit “decision substitutes judicial intervention for the user choice that has created a thriving marketplace of cyber security protections. Such choice now exists at two levels: when the user decides what security software to deploy, and when the user chooses to filter out an objectionable program with the aid of that software. The Ninth Circuit’s opinion would substitute litigation in which the user has no role for both choices.” —Lynn Stanton, [email protected]

MainStory: FederalNews Courts InternetIoT

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More