230 protects anti-malware vendor against noncompetitors

Asurvio LP v. Malwarebytes
Inc., No. 5:18-cv-05409-EJD, 2020 WL 1478345 (N.D. Cal. Mar. 26, 2020)
Despite unfavorable
precedent, Malwarebytes secures dismissal of this Lanham Act false advertising
(and common law disparagement/tortious interference/unfair competition/
violation of the Texas Theft Liability Act
(TTLA)) case against its designation of software as malware or as a
“potentially unwanted product” (PUP) on CDA §230 and other grounds.
According to the
complaint, “Asurvio provides premium full-service technical support services to
consumers.” Asurvio’s services include: “(i) software solutions that work in
real time in the background of the operating system to optimize processing and
locate and install all missing and outdated software drivers; and (ii)
technical support services for the removal of Spyware and Malware and all other
facets of personal computer use.” Asurvio’s software executes “fixes” including
driver updates and provides the consumer access to telephone-based human assisted
technical support.
In 2016,
Malwarebytes categorized Asurvio’s DRIVER SUPPORT and DRIVER DETECTIVE software
with a negative PUP rating and labeled it a security risk. “Asurvio’s customers
who also used Malwarebytes received regular warnings from Malwarebytes that all
folders of Asurvio’s software were ‘threats’ quarantined on their computers
that should be uninstalled.” Asurvio tried to convince Malwarebytes that it
complied with industry leading standards and requirements, including the Clean
Software Alliance Guidelines, Microsoft and Google’s standards and other
anti-malware vendor certifications by McAfee and Symantec, but Malwarebytes
refused to delist the software as a PUP and referred Asurvio to AppEsteem for
third party certification; when Asurvio secured that, Malwarebytes delisted its
products.
In 2017, Asurvio
began listing its technical support services in its boilerplate terms and
conditions, including technical support for removing Spyware/Malware. Id. In
2018, Asurvio learned that Malwarebytes had relisted Asurvio’s products as PUPs
and was barring customers from Asurvio’s websites.
Asurvio alleged that
a Malwarebytes staff member identified as “Metallica” posted “Removal
instructions for Driver Support” on Malwarebytes’ message board forum. The post
stated that Asurvio’s DRIVER SUPPORT product uses “intentional false positives”
and advised consumers that the best way to uninstall DRIVER SUPPORT is to use
Malwarebytes’ software. Malwarebytes blog “moderators” identified as “Porthos”
and “exile360” described DRIVER SUPPORT as “a bogus program” and “unnecessary
snake oil with no real utility” that typically does more harm than good. A Malwarebytes
blog “moderator” posted that “Driver Updates” (allegedly a generic term to
describe Asurvio’s services) are a “pure scam,” a “useless product” and “can
damage your system to the point where a reinstall of Windows will be needed.” Asurvio
alleged similar statements on a different website by a person who allegedly
received “monetary or in-kind benefits from Malwarebytes for each sales lead or
software download generated from his post.”
And Malwarebytes
allegedly wrongfully profited from the use of Asurvio’s products by redirecting
clicks from Asurvio’s website to Malwarebytes’ website. “When a Malwarebytes
free version software user opens a search engine in his own web browser and
searches for DRIVER SUPPORT or ACTIVE OPTIMIZATION, Asurvio’s ads or website
links will prominently appear in the search engine results. However, instead of
going directly to Asurvio’s official website when clicking these links, it
redirects consumers to the Malwarebytes website for the purpose of executing a
Malwarebytes sale.”  This was the
specific basis of the TTLA claim, which provides in pertinent part that an
actor commits “theft of service” when, “having control over the disposition of
services of another to which the actor is not entitled, the actor intentionally
or knowingly diverts the other’s services to the actor’s own benefit or to the benefit
of another not entitled to the services.”
  
§230(c)(2)(B)
immunity applied to most of the conduct, including the redirection of consumers
from Asurvio’s website.  (A previous
order in the case explained that the redirect page notifies the user that
Malwarebytes blocked driversupport.com “due to PUP.” It also informs the user: “Learn
about PUP. If you don’t want to block this website, you can exclude it from
website protection by accessing Exclusions.” This was a type of “action” that
enables or makes available to others the “technical means” to restrict access
to statutorily defined objectionable material. The court commented: “The
statute does not contain qualifiers, conditions, or exceptions for ‘actions’
that have the secondary effect of depriving PC Drivers of the benefits of the
page-click advertising it purchased from a third party.”)
Although Enigma
Software Group USA, LLC v. Malwarebytes, Inc., 946 F.3d 1040 (9th Cir. 2019),
held that (c)(2)(B) didn’t apply to “blocking a competitor’s program for
anticompetitive reasons,” the parties here aren’t direct competitors. Each software
security provider “generates its own criteria to determine what software might
threaten users.” Asurvio, by contrast, didn’t sell malware detection software
designed to scan a computer and report PUPs. Rather, Asurvio sells driver
update software that doesn’t provide provide any anti-spyware or anti-malware
functionality as Malwarebytes does. Its “technical support services for the
removal of Spyware and Malware,” disclosed only in fine print, was “a secondary
value added service … limited to removal of Spyware and Malware,” which was “significantly
dissimilar from computer security software like Malwarebytes’ that once
installed, automatically identifies and blocks Spyware and Malware.”  It was not direct competition merely because
both parties offer software services “to assist in the overall performance of
individual computers” and both sell to “self-help” computer users. Such a broad
reading of competition would “render the statutory immunity meaningless.” Thus,
all claims based on filtering were dismissed without leave to amend.

Comment: one of the original issues with the 9th Circuit’s opinion in Enigma is that the source of the “anticompetitive” exclusion is not evidently grounded in any principle of law. Neither antitrust nor false advertising–the two best candidates for such a principle I can see–limit their protections to direct competitors. This case highlights the fact that Enigma invented a new exclusion and now we have to figure out what that means.
As for the other
challenged statements, §230(c)(1) applied to the postings on its online forum.
Asurvio failed to plead facts showing that “Porthos” and “exile360” were forum
“moderators,” much less any facts showing they had any express or implied
authority to speak on Malwarebytes’ behalf. The fact that the forum identifies
“Porthos” as a “Trusted Advisor” and “exile360” as an “Expert” weren’t enough;
the mere possibility that Malwarebytes made these designations didn’t support a
plausible inference that Malwarebytes was responsible for the “Trusted Advisor”
and “Expert” designations, and further that Malwarebytes is responsible for the
content of the posts made by “Porthos” and “exile360.”
Even without
immunity, the complaint failed to state a claim. The allegedly false and
disparaging statements (e.g. that Asurvio’s products are PUPS, use “false
positives,” are “bogus,” a “scam,” and “snake oil”) weren’t pled to be
objectively verifiable as opposed to non-actionable opinion.  Tortious interference claims failed to allege
facts showing that Malwarebytes willfully and intentionally interfered with a
specific contractual obligation. Instead, the complaint alleged that
Malwarebytes instructs computer users to choose whether to continue using Asurvio’s
products.

from Blogger https://ift.tt/3au2WOl

This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s