Malwarebytes back to square one as appeals court rules blocking rival antivirus maker isn't on

Section 230 has legal eagles split over censorship


Malwarebytes will have to head back to court to justify a decision to block its rival’s antivirus services after an appeals court threw out the security shop's legal justification.

On Thursday, the Ninth Circuit of Appeals overturned [PDF] a decision by a district court back in 2017 that agreed with Malwarebytes when it said it was allowed to do pretty much whatever it wanted with its antivirus scanner, including deciding that rival Enigma’s software was a "potentially unwanted program.”

Malwarebytes claimed that under Section 230 of the Communications Decency Act (CDA) it had immunity in attempting to block content that is violent, of a sexual nature, or "otherwise objectionable.” Enigma argued that its software isn’t "objectionable" and that Malwarebytes was just trying to get back at the company after it sued a tech support blog affiliated with Malwarebytes that published a bad review of Spyhunter’s program.

Surprisingly, the district judge agreed, citing precedent in the 2009 ruling of Zango v Kaspersky where the courts sided with security companies, and threw the case. Enigma appealed and the appeals court agreed with it.

The appeals judges noted that the CDA’s immunity is not “limitless” and noted that in the Zango case, the companies were not competitors. The judge in that case had used an “overly expansive interpretation of the provision that could lead to anticompetitive results,” the court found, noting that: “We hold that the phrase ‘otherwise objectionable’ does not include software that the provider finds objectionable for anti-competitive reasons.”

Yeah, you can't do that

Or, in other words, Section 230 does not give a company carte blanche to do whatever it wants. When it wrote the law “Congress wanted to encourage the development of filtration technologies, not to enable software developers to drive each other out of business,” the judgment notes.

But it was a 2-1 ruling and the dissenting judge argued that, actually, Section 230 was broader than her colleagues imagined. “Congress has not further clarified the statute and Enigma Software has not persuasively made a case for limitation of the statute beyond its provisions,” the dissent argued.

“The majority's real complaint is not that the district court construed the statute too broadly, but that the statute is written too broadly. However, that defect, if it is a defect, is one beyond our authority to correct.”

Of course, the once untouchable Section 230 has been under increasing pressure in the past years as lawmakers and courts have repeatedly run up against its blanket provisions with tech companies claiming that they can’t be obliged to remove content or introduce filters or be sued for what their users do because of the provision.

The clause was subsequently opened up to remove legal protections for sex trafficking in response to the saga of Backpage.com and politicians of all stripes have indicated they will look at adding more exemptions in an effort to make tech giants more accountable.

The decision doesn’t mean that Enigma has won the case, or that Malwarebytes will be obliged to remove its block on its rivals’ products. But it's main legal defense has gone and now it will have to put that case in court with a different argument.

Malwarebytes is, naturally enough, not happy with the decision and has said it will consider appealing the appeal. ®


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022