Opinion
Case No. 5:18-cv-05409-EJD
03-26-2020
ASURVIO LP, a Texas limited partnership, Plaintiff, v. MALWAREBYTES INC., Defendant.
ORDER GRANTING DEFENDANT'S MOTION TO DISMISS SECOND AMENDED COMPLAINT
Re: Dkt. No. 85
I. INTRODUCTION
Plaintiff Asurvio LP ("Asurvio") alleges that Malwarebytes, Inc. ("Malwarebytes") wrongfully categorized Asurvio's software as malware or a "Potentially Unwanted Program" ("PUP"). In its Second Amended Complaint ("SAC"), Asurvio asserts claims for (1) violation of the Lanham Act, (2) business disparagement, (3) tortious interference with contractual relations, (4) common law unfair competition and (5) violation of the Texas Theft Liability Act ("TTLA").
Asurvio was formerly known as PC Drivers Headquarters, LP.
Malwarebytes moves to dismiss the SAC, asserting among other things that it is entitled to immunity under section 230(c)(2)(B) of the Communications Decency Act of 1996 ("CDA"), 47 U.S.C. § 230. The motion was heard on March 5, 2020. For the reasons set forth below, Malwarebytes' motion will be granted. II. BACKGROUND
Malwarebytes' accompanying Request for Judicial Notice of Exhibits A through C is granted. The request is unopposed and the materials are the proper subject of judicial notice. Asurvio refers to and replies upon Exhibits A and B (copies of webpages from Asurvio's websites) in the SAC. The Court took judicial notice of Exhibit C (a webpage from Malwarebytes' website) when ruling on Malwarebytes' previous motion to dismiss. See Dkt. No. 68.
The Background is a summary of the allegations in the SAC that are relevant to the issues raised in the motion to dismiss.
"Asurvio provides premium full-service technical support services to consumers." SAC ¶ 2. Asurvio's services include: "(i) software solutions that work in real time in the background of the operating system to optimize processing and locate and install all missing and outdated software drivers; and (ii) technical support services for the removal of Spyware and Malware and all other facets of personal computer use." Id. Asurvio uses internet search and display marketing techniques that target customers. Id. A potential customer may install the software from the internet and then purchase a license from Asurvio. Id. Asurvio pays internet search engines a fee for every consumer click that results from a consumer's web search for Asurvio's services. Id.
Once a customer purchases Asurvio's software products, Asurvio's software executes "fixes" and provides the consumer access to telephone-based human assisted technical support. Id. ¶ 14. Asurvio also provides "ongoing updates to new drivers as they are released by manufacturers, periodic and contextual optimizations as networking conditions change, as well as the ongoing assurance that comes from the availability of unlimited technical support regarding any issue paying customers may encounter, including the removal of Spyware/Malware." Id.
Defendant Malwarebytes is a software company that sells malware detection software designed to scan consumer's computers and to report to consumers in commercial advertisements or promotions any threats, PUPs, malware and viruses for de-installation. Id. ¶ 17. Malwarebytes gains customers by offering a free version of its software and upselling premium versions for purchase after scanning. Id. "Once the free version is downloaded and installed and the consumer scans his computer, Malwarebytes promotes its premium versions by allegedly identifying and quarantining alleged PUP and malware and their official websites." Id.
In October of 2016, Malwarebytes categorized all builds and releases of Asurvio's DRIVER SUPPORT and DRIVER DETECTIVE software with a negative PUP rating and a security risk to Malwarebytes' customers. Id. ¶ 19. Asurvio's customers who also used Malwarebytes received regular warnings from Malwarebytes that all folders of Asurvio's software were "threats" quarantined on their computers that should be uninstalled. Id.
Upon learning about the negative categorization and warnings, Asurvio contacted Malwarebytes and provided the company with information regarding Asurvio's compliance with industry leading standards and requirements, including the Clean Software Alliance ("CSA") Guidelines, Microsoft and Google's standards and other anti-malware vendor certifications by McAfee and Symantec. Id. ¶ 20. Malwarebytes refused to delist the negative PUP rating for Asurvio's software and referred Asurvio to AppEsteem for third party certification. Id. ¶¶ 20-21. AppEsteem conducted tests and issued a "clean software certification" for the current and prior builds of Asurvio's software. Id. ¶ 21. Asurvio informed Malwarebytes of the certification and Malwarebytes delisted Asurvio's products. Id.
In August 2017, Asurvio began listing its technical support services in its boilerplate Driver Support Service Terms and Conditions of Use and Service" (hereinafter "Terms and Conditions"). Id. ¶ 22 & n.1. One of the listed services under "Access to Service Via Live Technical Support Assistance" is technical support for removing Spyware/Malware. Id. In January 2018, Asurvio learned that Malwarebytes had relisted Asurvio's products as PUPs and was barring customers from Asurvio's websites. Id. By letter dated February 1, 2018, Asurvio demanded that Malwarebytes remedy the situation. Id. ¶ 23. Malwarebytes never formally responded to the letter. Id.
SAC footnote 1 is a hyperlink to Asurvio's publicly available website where the Terms and Conditions are set out in full. The Court takes judicial notice of the Terms and Conditions.
Asurvio also learned that a Malwarebytes staff member identified as "Metallica" posted "Removal instructions for Driver Support" on Malwarebytes' message board forum. Id. ¶ 24. The post states that Asurvio's DRIVER SUPPORT product uses "intentional false positives" and advises consumers that the best way to uninstall DRIVER SUPPORT is to use Malwarebytes' software. Id. ¶ 24. Malwarebytes is allegedly responsible for other negative comments about Asurvio's products. Malwarebytes blog "moderators" identified as "Porthos" and "exile360" have described DRIVER SUPPORT as "a bogus program" and "unnecessary snake oil with no real utility" that typically does more harm than good. Id. ¶¶ 24-25 (citing to SAC Ex. 1). In response to a question about why Malwarebytes was listing DRIVER SUPPORT as a PUP, a Malwarebytes blog "moderator" posted that "Driver Updates" (which is a generic term to describe Asurvio's services) are a "pure scam," a "useless product" and "can damage your system to the point where a reinstall of Windows will be needed." Id. ¶ 25. Copies of these postings are attached to Asurvio's SAC.
Asurvio found another Internet site, www.botcrawl.com, with a post by a person named Sean Doyle that contained similar comments about DRIVER SUPPORT and instructions for removal. Id. ¶ 27. Asurvio alleges on information and belief that Sean Doyle receives monetary or in-kind benefits from Malwarebytes for each sales lead or software download generated from his post. Id. Asurvio alleges that Malwarebytes' statements about Asurvio's products are "categorically false." Id. ¶ 28.
Asurvio further alleges that Malwarebytes is wrongfully profiting from the use of Asurvio's products by redirecting clicks from Asurvio's website to Malwarebytes' website. Id. ¶ 29. "When a Malwarebytes free version software user opens a search engine in his own web browser and searches for DRIVER SUPPORT or ACTIVE OPTIMIZATION, Asurvio's ads or website links will prominently appear in the search engine results. However, instead of going directly to Asurvio's official website when clicking these links, it redirects consumers to the Malwarebytes website for the purpose of executing a Malwarebytes sale." Id. Asurvio characterizes this redirection as "click misappropriation." Id. ¶ 30.
Malwarebytes' motion to dismiss raises three main issues: (1) whether Malwarebytes is statutorily immune under CDA section 230(c)(2)(B) for providing its users with security software that detects and filters Asurvio's driver update and system optimizer software as PUPs; (2) whether Malwarebytes is statutorily immune under CDA section 230(c)(1) for statements made in an online forum that Malwarebytes hosts; and (3) even if Malwarebytes was not immune, whether Asurvio's claims for tortious interference, common law unfair competition, and TTLA claims should be dismissed for failure to state a claim.
III. STANDARDS
Federal Rule of Civil Procedure 8(a) requires a plaintiff to plead each claim with sufficient specificity to "give the defendant fair notice of what the . . . claim is and the grounds upon which it rests." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007) (internal quotations omitted). The factual allegations in the complaint "must be enough to raise a right to relief above the speculative level" such that the claim "is plausible on its face." Id. at 556-57. A complaint that falls short of the Rule 8(a) standard may be dismissed if it fails to state a claim upon which relief can be granted. Fed. R. Civ. P. 12(b)(6). "Dismissal under Rule 12(b)(6) is appropriate only where the complaint lacks a cognizable legal theory or sufficient facts to support a cognizable legal theory." Mendiondo v. Centinela Hosp. Med. Ctr., 521 F.3d 1097, 1104 (9th Cir. 2008).
When deciding whether to grant a motion to dismiss, the court must generally accept as true all "well-pleaded factual allegations." Ashcroft v. Iqbal, 556 U.S. 662, 664 (2009). The court must also construe the alleged facts in the light most favorable to the plaintiff. See Retail Prop. Trust v. United Bhd. of Carpenters & Joiners of Am., 768 F.3d 938, 945 (9th Cir. 2014) (providing the court must "draw all reasonable inferences in favor of the nonmoving party" for a Rule 12(b)(6) motion). However, "courts are not bound to accept as true a legal conclusion couched as a factual allegation." Iqbal, 556 U.S. at 678.
Also, the court usually does not consider any material beyond the pleadings for a Rule 12(b)(6) analysis. Hal Roach Studios, Inc. v. Richard Feiner & Co., 896 F.2d 1542, 1555 n.19 (9th Cir. 1989). Exceptions to this rule include material submitted as part of the complaint or relied upon in the complaint, and material subject to judicial notice. See Lee v. City of Los Angeles, 250 F.3d 668, 688-69 (9th Cir. 2001); see also Branch v. Tunnell, 14 F.3d 449, 454 (9th Cir. 1994), overruled on other grounds by Galbraith v. County of Santa Clara, 307 F.3d 1119, 1127 (9th Cir. 2002) ("documents whose contents are alleged in a complaint and whose authenticity no party questions, but which are not physically attached to the pleading, may be considered in ruling on a Rule 12(b)(6) motion to dismiss").
IV. DISCUSSION
A. Section 230(c)(2)(B) Immunity
The central issue presented in Malwarebytes' motion to dismiss is whether the safe harbor provision of the CDA immunizes Malwarebytes from Asurvio's claims arising out of Malwarebytes' filtering software. The statute provides, in relevant part:
(c) Protection for "Good Samaritan" blocking and screening of offensive material. . .
(2) Civil liability
47 U.S.C. § 230(c)(2)(B). The material that can be blocked under section 230(c)(2)(B) includes "material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected[.]" Id. § 230(c)(2)(A). The statute defines "interactive computer service" to mean "any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions." Id. § 230(f)(2). The statute defines "access software provider" to mean "a provider of software (including client or server software), or enabling tools that do any one or more of the following: (A) filter, screen, allow, or disallow content; (B) pick, choose, analyze, or digest content; or (C) transmit, receive, display, forward, cache, search, subset, organize, reorganize, or translate content." Id. § 230(f)(4)(A)-(C). "Thus, a provider of software or enabling tools that filter, screen, allow, or disallow content that the provider or user considers obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable may not be held liable for any action taken to make available the technical means to restrict access to that material, so long as the provider enables access by multiple users to a computer server." Zango, Inc. v. Kaspersky Lab, Inc., 568 F.3d 1169, 1173 (9th Cir. 2009). Internet users and software providers have discretion to determine what online material is "otherwise objectionable." Id. at 1175. Congress enacted these provisions "to encourage the development of technologies which maximize user control over what information is received by individuals, families, and schools who use the Internet" and to "remove disincentives for the development and utilization of blocking and filtering technologies." 47 U.S.C. § 230(b)(3), (4). Section 230 immunity applies to business torts. Id. at 1177 (citing Perfect 10, Inc. v. CCBill, LLC, 488 F.3d 1102, 1108, 1118-19 (9th Cir. 2007) (holding that CDA §230 immunity applies to state unfair competition and false advertising actions)).No provider or user of an interactive computer service shall be held liable on account of. . .
(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).
The breadth of the immunity available to software providers under CDA is not limitless. Enigma Software Group USA, LLC v. Malwarebytes, Inc., 946 F.3d 1040, 1045 (9th Cir. 2019). In that case, Enigma alleged that its spyware detection software was being blocked by the same defendant here, Malwarebytes. Enigma brought an action against Malwarebytes, claiming that Malwarebytes used its PUP-modification process "to advance a 'bad faith campaign of unfair competition' aimed at 'deceiving consumers and interfering with [the plaintiff's] customer relationships.'" Id. at 1048. This Court granted Malwarebytes' motion to dismiss finding that Malwarebytes was immune under section 230(c)(2) on all of Enigma's claims. On appeal, the Ninth Circuit reversed, holding that section 230(c)(2) "does not provide immunity for blocking a competitor's program for anticompetitive reasons." Id. at 1052.
Here, Malwarebytes contends that section 230(c)(2)(B) immunizes it from liability for any of Asurvio's claims arising out of its filtering software because it is a user and provider of an interactive computer service ("ICS") that provides the technical means to restrict access to material that Malwarebytes or its users consider objectionable. As such, Malwarebytes argues that it satisfies the statutory requirements for immunity and that Asurvio cannot plead around the immunity. In response, Asurvio contends that the immunity does not apply because just as in Enigma, Malwarebytes is blocking Asurvio's programs for anticompetitive reasons.
The Court finds that the limitation to section 230(c)(2)(B) immunity recognized in Enigma does not apply to this case. In Enigma, the parties were "direct competitors" who sold "computer security software nationwide." Id. at 1047-48. Security software providers "help users identify and block malicious or threatening software, termed malware, from their computers." Id. at 1047. Each software security provider "generates its own criteria to determine what software might threaten users." Id. Asurvio, by contrast, is not a computer security software provider; it does not sell malware detection software designed to scan a computer and report PUPs. Rather, Asurvio sells driver update software. Asurvio's software programs "work in real time in the background of the operating system to optimize processing and locate and install all missing and outdated software drivers." SAC ¶ 2. Asurvio does not allege that its DRIVER SUPPORT or ACTIVE OPTIMIZATION programs provide any anti-spyware or anti-malware functionality as Malwarebytes does. Instead, Asurvio alleges that among the services listed in its Terms and Conditions is "technical support services for the removal of Spyware and Malware." SAC ¶¶ 2, 22. Notably, this service, which appears in the fine print of the boilerplate Driver Support Terms and Conditions, is apparently a secondary value added service that is only available "Via Live Technical Support Assistance" and is limited to removal of Spyware and Malware (SAC ¶ & n.1); Asurvio does not allege that its software programs identify and classify Spyware and Malware as a primary feature. Asurvio's technical support service is thus significantly dissimilar from computer security software like Malwarebytes' that once installed, automatically identifies and blocks Spyware and Malware.
Asurvio next asserts that the parties are direct competitors because both offer software services "to assist in the overall performance of individual computers" and both sell to "self-help" computer users. SAC ¶ 18. These users, according to Asurvio, "want their computers to run faster, whether as the result of maintaining appropriate drivers, optimizing various settings, combatting malware or viruses, applying other solutions, or likely a combination thereof. " Pl.'s Opp'n 5. Asurvio also relies on a post by a Malwarebytes message board "Expert" to show that Malwarebytes recognized Asurvio as a competitor. This "Expert" allegedly said that "Malwarebytes could provide the same technical support services offered by Asurvio." SAC ¶ 18. If the Court were to accept Asurvio's argument, then any developer of performance optimizing software designed for "self-help" computer users could potentially plead around the broad immunity granted by section 230(c)(2)(B) and render the statutory immunity meaningless. Asurvio does not allege, and cannot plausibly allege, that the parties are direct competitors.
Accordingly, all of Asurvio's claims predicated on Malwarebytes' filtering are subject to dismissal without leave to amend.
B. Immunity Under Section 230(c)(1)
Under CDA section 230(c)(1), "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." 47 U.S.C. § 230(c)(1). An interactive computer service is "any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions." 47 U.S.C. § 230(f)(2). "[T]he most common interactive computer services are websites." Fair Hous. Council of San Fernando Valley v. Roommates.Com, 521 F.3d 1157, 1162 n.6 (9th Cir. 2008); see also Kimzey v. Yelp! Inc., 836 F.3d 1263, 1268 (9th Cir. 2016) (observing that websites are quintessential interactive computer services)).
Malwarebytes contends that it is immune under section 230(c)(1) for the postings on its online forum because there are no facts pleaded showing that Malwarebytes was the content provider. More specifically, Malwarebytes contends that Asurvio has failed to plead facts showing that "Porthos" and "exile360" are forum "moderators," much less any facts showing they had any express or implied authority to speak on Malwarebytes' behalf. Asurvio counters that the forum identifies "Porthos" as a "Trusted Advisor" and "exile360" as an "Expert" (SAC Ex. 1), and that these titles and the content of their posts suggest the posts were made on Malwarebytes' behalf.
It is possible that Malwarebytes designated "Porthos" as a "Trusted Advisor" or "exile360" as an "Expert." The mere possibility that Malwarebytes did so, however, is insufficient to support Asurvio's claims. The SAC must state sufficient facts to support a plausible inference that Malwarebytes is responsible for the "Trusted Advisor" and "Expert" designations, and further that Malwarebytes is responsible for the content of the posts made by "Porthos" and "exile360." Asurvio has failed to do so. Section 230(c)(1) immunity applies to the alleged negative statements appearing on Malwarebytes' forum.
C. Additional Grounds for Dismissal
As discussed above, Malwarebytes is immune from suit under the CDA. Even if the immunity did not apply, all of Asurvio's claims are subject to dismissal for failure to state a claim. Much of the Court's rationale for dismissing these claims is captured in the Order Granting Defendant's Motion to Dismiss (Dkt. No. 68) and will not be restated fully here. In brief, the Lanham Act and business disparagement claims fail as a matter of law because Asurvio has failed to allege sufficient facts to show that the statements at issue (e.g. that Asurvio's products are PUPS, use "false positives," are "bogus," a "scam," "snake oil") are verifiably false rather than subjective opinions. Asurvio's allegation that the statements are "categorically false" (SAC ¶ 28) is conclusory and need not be accepted as true. ZL Techs, Inc. v. Gartner, Inc., 709 F. Supp. 2d 789, 796 (N.D. Cal. 2010) (holding that "[e]ven on a motion to dismiss, the Court need not accept as true" the plaintiff's conclusory allegations that a statement is actionable).
In its Opposition, Asurvio claims that whether its software initiates a "false positive" means whether "a driver needs to be updated when it is already updated." Opp'n 9. Whether a driver "needs" to be updated or is "already" updated, however, is to some extent an inherently subjective evaluation. An older version of a program might be fully functional, and therefore not "need" updating.
The statements discussed above are the predicate for the unfair competition claim. Because the statements are not actionable, it follows that the unfair competition claim also fails as a matter of law. See Taylor Pub. Co. v. Jostens, Inc., 216 F.3d 465, 486 (5th Cir. 2000) (affirming judgment as a matter of law on unfair competition claim because plaintiff failed to establish independent substantive tort).
The tortious interference with contractual relations claim fails as a matter of law because Asurvio fails to identify a specific contractual obligation with which Malwarebytes interfered and fails to plead any facts to show Malwarebytes willfully and intentionally interfered with a specific contractual obligation. See Cuba v. Pylant, 814 F.3d 701, 717 (5th Cir. 2016) (requiring "some evidence that the defendant knowingly induced one of the contracting parties to breach its obligations under a contract"). Instead, the SAC alleges that Malwarebytes identifies Asurvio's products as PUPs and instructs computer users to choose whether to continue using those products.
V. CONCLUSION
For the reasons set forth above, Malwarebytes' motion to dismiss is GRANTED. The dismissal is without leave to amend because allowing for further amendment would be futile.
IT IS SO ORDERED.
Dated: March 26, 2020
/s/_________
EDWARD J. DAVILA
United States District Judge