Submit to Digest

Zango, Inc. v. Kaspersky Lab, Inc.: Ninth Circuit Holds Anti-Spyware Software Company is Protected by Communications Decency Act Sec. 230 Immunity

Zango, Inc. v. Kaspersky Lab, Inc., June 25, 2009, No. 07-35800.

Slip Opinion

On June 25, the Court of Appeals for the Ninth Circuit affirmed the district court's grant of summary judgment for Kaspersky Lab, which distributes software that filters and blocks malicious programs.  The Ninth Circuit held that Kaspersky qualified for civil liability immunity under the Communications Decency Act Sec. 230(c)(2)(B) and rejected Zango's argument that Sec. 230 immunity was limited only to Internet content providers.

The E-Commerce and Tech Law Blog summarizes the opinion. Eric Goldman provides another summary, agreeing with the outcome, but pointing out some questions the decision left open.

Kaspersky Internet Security is anti-virus software that warns users if the program they are about to download has been classified as malware and gives the user the option of allowing or rejecting the download.  Zango created several downloadable programs, which provided free access to its catalog of online videos, games, music, and tools if the customers agreed to have online ads displayed as they browsed the Internet.  Kaspersky classified Zango's programs as adware, a type of malware that monitors the users' Internet usage and causes pop-up ads to appear while the user is online.  In response, Zango filed suit against Kaspersky claiming that its software interfered with customers' use of Zango's programs, links, and promotional materials.

The Ninth Circuit affirmed the district court's holding and held that Kaspersky was entitled to immunity under the Communications Decency Act Sec. 230(c)(2)(B), which grants immunity from civil liability to interactive computer service providers for screening and blocking of offensive material.  The court rejected Zango's argument that Congress intended to grant immunity under the Communications Decency Act only to Internet content providers.  It determined that Kaspersky met the statute's definition of an interactive computer service provider, as it made available anti-malware software which enabled users to filter, screen, and allow or disallow particular content.

The court also noted that though the legislative history indicated that Internet content providers were to be granted immunity, this was but one of the purposes of Sec. 230(c), and the plain language of the statute and other legislative history showed that the CDA was also meant to immunize providers of interactive computer services that make filtering software available.  The court further determined that extending immunity to providers of malware filtering software was consistent with Congress' goals for immunity as articulated in Sec. 230, noting that extending immunity would encourage development of technologies that enable users to exercise control over the information they receive, and would remove disincentives for development of filtering software that permits parents to restrict their children's access to inappropriate online materials.

Judge Fisher concurred that the CDA provided immunity to Kaspersky as an access software provider.  He noted, however, that a broad grant of immunity could be of concern if providers of blocking software could unilaterally block dissemination of material, because a provider might abuse the immunity by blocking competitors' content without the user's knowledge.  He suggested further that unless Sec. 230(c)(2)(B) imposed some implicit good faith requirement, immunity may stretch to include conduct that Congress likely did not intend to protect.

The Sunbelt Blog suggests that Judge Fisher's concerns are misplaced because given the competitiveness of the anti-malware software market, vendors cannot unilaterally block content that users actually want installed on their computers.