From Casetext: Smarter Legal Research

Enigma Software Grp. U.S.A v. Malwarebytes, Inc.

Sep 12, 2019
938 F.3d 1026 (9th Cir. 2019)


stating section 1225 creates two bases of liability, false association and false advertising

Summary of this case from Archi's Acres, Inc. v. Whole Foods Mkt. Serv., Inc.


No. 17-17351


ENIGMA SOFTWARE GROUP USA, LLC, Plaintiff-Appellant, v. MALWAREBYTES, INC., Defendant-Appellee.


The opinion filed September 12, 2019 (Docket Entry No. 42), and appearing at 938 F.3d 1026, is withdrawn and replaced by an amended opinion concurrently filed with this order.

With these amendments, Judge Rawlinson voted to grant the petition for panel rehearing. Judges Schroeder and Lasnik voted to deny the petition for panel rehearing. Judge Rawlinson voted to grant the petition for rehearing en banc. Judges Schroeder and Lasnik recommended denying the petition for rehearing en banc.

The full court has been advised of the petition for rehearing en banc and no judge has requested a vote on whether to rehear the matter en banc. Fed. R. App. P. 35.

The petition for rehearing and petition for rehearing en banc are DENIED. No further petitions for rehearing or rehearing en banc will be entertained.

SCHROEDER, Circuit Judge:


This dispute concerns § 230, the so-called "Good Samaritan" provision of the Communications Decency Act of 1996, enacted primarily to protect minors from harmful online viewing. The provision immunizes computer-software providers from liability for actions taken to help users block certain types of unwanted, online material. The provision expressly describes material of a violent or sexual nature, but also includes a catchall for material that is "otherwise objectionable." 47 U.S.C. § 230(c)(2). We have previously recognized that the provision establishes a subjective standard whereby internet users and software providers decide what online material is objectionable. See Zango Inc. v. Kaspersky Lab, Inc. , 568 F.3d 1169, 1173 (9th Cir. 2009).

The parties to this dispute are both providers of software that help internet users filter unwanted content from their computers. Plaintiff-Appellant Enigma Software Group USA, LLC has alleged violations of New York state law and a violation of the Lanham Act’s false advertising provision. Each claim is based on the allegation that defendant, Malwarebytes Inc., has configured its software to block users from accessing Enigma’s software in order to divert Enigma’s customers. The district court, relying on Zango , dismissed the action as barred by § 230 ’s broad recognition of immunity. We did not hold in Zango , however, that the immunity was limitless.

This case differs from Zango in that here the parties are competitors. In this appeal Enigma contends that the "otherwise objectionable" catchall is not broad enough to encompass a provider’s objection to a rival’s software in order to suppress competition. Enigma points to Judge Fisher’s concurrence in Zango warning against an overly expansive interpretation of the provision that could lead to anticompetitive results. We heed that warning and reverse the district court’s decision that read Zango to require such an interpretation. We hold that the phrase "otherwise objectionable" does not include software that the provider finds objectionable for anticompetitive reasons.

Malwarebytes contends that it had legitimate reasons for finding Enigma’s software objectionable apart from any anticompetitive effect, and that immunity should therefore apply on Enigma’s state-law claims, even if the district court erred in its interpretation of Zango . We conclude, however, that Enigma’s allegations of anticompetitive animus are sufficient to withstand dismissal.

Enigma’s federal claim warrants an additional analytical step. The CDA’s immunity provision contains an exception for intellectual property claims, stating that "[n]othing in this section shall be construed to limit or expand any law pertaining to intellectual property." 47 U.S.C. § 230(e)(2). Enigma has brought a false advertising claim under the Lanham Act, a federal statute that deals with trademarks. Enigma contends that the false advertising claim is one "pertaining to intellectual property" and thus outside the scope of § 230 immunity.

Although it is true that the Lanham Act itself deals with intellectual property, i.e. trademarks, Enigma’s false advertising claim does not relate to trademarks or any other type of intellectual property. The district court therefore correctly held that the intellectual property exception to immunity does not apply to the false advertising claim. The district court went on to hold that under Zango ’s application of § 230 immunity, Malwarebytes was immune from liability for false advertising. As with Enigma’s state law claims, we hold that the district court read Zango too broadly in dismissing the federal claim. We therefore reverse the judgment on this claim as well.


This appeal centers on the immunity provision contained in § 230(c)(2) of the Communications Decency Act ("CDA"), 47 U.S.C. § 230(c)(1996). The CDA, which was enacted as part of the Telecommunications Act of 1996, contains this "Good Samaritan" provision that, in subparagraph B, immunizes internet-service providers from liability for giving internet users the technical means to restrict access to the types of material described in the subparagraph A. Id . § 230(c)(2)(B). The material, as described in that subparagraph, is "material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable." Id . § 230(c)(2)(A). This grant of immunity dates back to the early days of the internet when concerns first arose about children being able to access online pornography. Parents could not program their computers to block online pornography, and this was at least partially due to a combination of trial court decisions in New York that had deterred the creation of online-filtration efforts. In the first case, Cubby, Inc. v. CompuServe, Inc ., a federal court held that passive providers of online services and content were not charged with knowledge of, or responsibility for, the content on their network. See 776 F. Supp. 135, 139–43 (S.D.N.Y. 1991). Therefore, if a provider remained passive and uninvolved in filtering third-party material from its network, the provider could not be held liable for any offensive content it carried from third parties. See id .

Section 230(c) is entitled "Protection for ‘Good Samaritan’ blocking and screening of offensive material." The relevant subsection (2), "Civil liability," states, in full, as follows:

"No provider or user of an interactive computer service shall be held liable on account of –

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph [A]."

47 U.S.C. § 230(c)(2)(A), (B).

The corollary of this rule, as later articulated by a New York state trial court, was that once a service provider undertook to filter offensive content from its network, it assumed responsibility for any offensive content it failed to filter, even if it lacked knowledge of the content. See Stratton Oakmont, Inc. v. Prodigy Services Co ., 1995 WL 323710, *5 (N.Y. Sup. Ct. May 24, 1995) ("Prodigy’s conscious choice, to gain the benefits of editorial control, has opened it up to a greater liability than CompuServe and other computer networks that make no such choice."), superseded by statute , Communications Decency Act, Pub. L. No. 104-104, 110 Stat. 137, as recognized in Shiamili v. Real Estate Group of N.Y., Inc ., 17 N.Y.3d 281, 929 N.Y.S.2d 19, 952 N.E.2d 1011 (2011). Representative Chris Cox warned during debates on proposed legislation aimed at overruling Stratton Oakmont , that premising liability on providers’ efforts to filter out offensive material was deterring software companies from providing the filtering software and tools that could help parents block pornography and other offensive material from their home computers. See 141 Cong. Rec. 22,045 (1995) (statement of Rep. Cox).

The Stratton Oakmont decision, along with the increasing public concern about pornography on the internet, served as catalysts for legislators to consider greater internet regulation. Congress considered, in early 1995, two different amendments to the Telecommunications Act. The first, called the Exon-Coats amendment, targeted pornography at the source by prohibiting its dissemination. See id. at 16,068. Proponents of this bill argued that parents lacked the technological sophistication needed to implement online-filtration tools and that the government therefore needed to step in. Id. at 16,099. The second proposal, entitled the Online Family Empowerment Act ("OFEA"), targeted internet pornography at the receiving end by encouraging further development of filtration tools. Id. at 22,044. Proponents of this bill pointed out that prohibiting pornography at the source raised constitutional issues involving prior restraint, and argued that parents, not government bureaucrats, were better positioned to protect their children from offensive online material. Id . at 16,013.

On February 1, 1996, Congress enacted both approaches as part of the CDA. The Exon-Coats amendment was codified at 47 U.S.C. § 223, but was later invalidated by Reno v. ACLU , 521 U.S. 844, 877–79, 117 S.Ct. 2329, 138 L.Ed.2d 874 (1997). Before us is OFEA’s approach, enacted as § 230(c)(2) of the CDA. See Pub L. No. 104-104, § 509, 110 Stat. 56, 137–39. By immunizing internet-service providers from liability for any action taken to block, or help users block offensive and objectionable online content, Congress overruled Stratton Oakmont and thereby encouraged the development of more sophisticated methods of online filtration. See H.R. Conf. Rep. No. 104-879, at 194 (1996).

The history of § 230(c)(2) shows that access to pornography was Congress’s motivating concern, but the language used in § 230 included much more, covering any online material considered to be "excessively violent, harassing, or otherwise objectionable." See 47 U.S.C. § 230(c)(2)(A)–(B). Perhaps to guide the interpretation of this broad language, Congress took the rather unusual step of setting forth policy goals in the immediately preceding paragraph of the statute. See id. § 230(b). Of the five goals, three are particularly relevant here. These goals were "to encourage the development of technologies which maximize user control"; "to empower parents to restrict their children’s access to objectionable or inappropriate online content"; and "to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services." See id. § 230(b)(2)–(4).

This court has decided one prior case where we considered the scope of § 230, but were principally concerned with which types of online-service providers Congress intended to immunize. See Zango , 568 F.3d at 1175. We acknowledged that providers of computer security software can benefit from § 230 immunity, and that such providers have discretion to identify what online content is considered "objectionable," id. , but we had no reason to discuss the scope of that discretion. The separate concurrence in Zango focused on the future need for considering appropriate limitations on provider control. See id. at 1178–80 (Fisher, J. concurring). District courts have differed in their interpretations of Zango and the discretion granted to providers. What is clear to us from the statutory language, history, and case law is that providers do not have unfettered discretion to declare online content "objectionable" and blocking and filtering decisions that are driven by anticompetitive animus are not entitled to immunity under section 230(c)(2).


Plaintiff-appellant Enigma Software Group USA, LLC, is a Florida company that sells computer security software nationwide. Malwarebytes Inc., a Delaware corporation headquartered in California, also sells computer security software nationwide. Malwarebytes and Enigma are therefore direct competitors.

Providers of computer security software help users identify and block malicious or threatening software, termed malware, from their computers. Each provider generates its own criteria to determine what software might threaten users. Defendant Malwarebytes programs its software to search for what it calls Potentially Unwanted Programs ("PUPs"). PUPs include, for example, what Malwarebytes describes as software that contains "obtrusive, misleading, or deceptive advertisements, branding or search practices." Once Malwarebytes’s security software is purchased and installed on a user’s computer, it scans for PUPs, and according to Enigma’s complaint, if the user tries to download a program that Malwarebytes has determined to be a PUP, a pop-up alert warns the user of a security risk and advises the user to stop the download and block the potentially threatening content.

Malwarebytes and Enigma have been direct competitors since 2008, the year of Malwarebytes’s inception. In their first eight years as competitors, neither Enigma nor Malwarebytes flagged the other’s software as threatening or unwanted. In late 2016, however, Malwarebytes revised its PUP-detection criteria to include any program that, according to Malwarebytes, users did not seem to like.

After the revision, Malwarebytes’s software immediately began flagging Enigma’s most popular programs—RegHunter and SpyHunter—as PUPs. Thereafter, anytime a user with Malwarebytes’s software tried to download those Enigma programs, the user was alerted of a security risk and, according to Enigma’s complaint, the download was prohibited, i.e. Malwarebytes "quarantined" the programs. Enigma alleges that Malwarebytes’s new definition of a PUP includes subjective criteria that Malwarebytes has "implemented at its own malicious whim" in order to identify Enigma’s programs as threats. Enigma characterizes the revision as a "guise" for anticompetitive conduct, and alleges that its programs are "legitimate", "highly regarded", and "pose no security threat." As a result of Malwarebytes’s actions, Enigma claims that it has lost customers and revenue and experienced harm to its reputation.

Enigma brought this action against Malwarebytes in early 2017, in the Southern District of New York. Enigma claimed that Malwarebytes has used its PUP-modification process to advance a "bad faith campaign of unfair competition" aimed at "deceiving consumers and interfering with [Enigma’s] customer relationships."

Enigma’s complaint alleged four claims, three under New York state law and one under federal law. The first state-law claim accused Malwarebytes of using deceptive business practices in violation of New York General Business Law § 349. Enigma’s second and third state-law claims alleged tortious interference with business and contractual relations in violation of New York state common law. The federal claim accused Malwarebytes of making false and misleading statements to deceive consumers into choosing Malwarebytes’s security software over Enigma’s, in violation of the Lanham Act, 15 U.S.C. § 1125(a)(1)(B).

Malwarebytes sought a change of venue. Although Enigma maintained that venue was proper in New York because Malwarebytes’s conduct affected users and computers within that state, the conduct at issue had national reach. The district court therefore granted Malwarebytes’s motion to transfer the case to the Northern District of California, where Malwarebytes is headquartered.

Malwarebytes then moved to dismiss for failure to state a claim, arguing that it was immune from liability under § 230(c)(2) of the CDA. The district court granted the motion, finding that under the reasoning of our decision in Zango , Malwarebytes was immune under § 230 on all of Enigma’s claims. The district court interpreted Zango to mean that anti-malware software providers are free to block users from accessing any material that those providers, in their discretion, deem to be objectionable. Given Malwarebytes’s status as a provider of filtering software, and its assertion that Enigma’s programs are potentially unwanted, the district court held that Malwarebytes could not be liable under state law for blocking users’ access to Enigma’s programs.

With respect to the federal claim, the district court had to consider the intellectual property exception to the CDA’s immunity provision set forth in 47 U.S.C. § 230(e)(2). The somewhat opaque exception states that § 230 immunity "shall not be construed to limit or expand any law pertaining to intellectual property." Id. Enigma’s federal claim alleged false advertising under the Lanham Act, and Enigma contended that immunity did not apply because that statute deals with intellectual property, i.e. trademarks. The district court reasoned, however, that although the Lanham Act itself deals with intellectual property, Enigma’s false advertising claim did not relate to any type of intellectual property and therefore § 230 immunity encompassed that claim as well. Having concluded that Malwarebytes was immune on all four claims, the district court dismissed the complaint and granted judgment for Malwarebytes.

On appeal, Enigma primarily contends that the district court erred in interpreting our Zango opinion to give online service providers unlimited discretion to block online content, and that the Good Samaritan blocking provision does not provide such sweeping immunity that it encompasses anticompetitive conduct.


I. Scope of § 230(c)(2) Immunity as Applied to State-Law Claims

The district court held that our opinion in Zango controlled, and interpreted Zango to mean that an online-service provider cannot be liable for blocking internet users from accessing online content that the provider considers objectionable, regardless of the provider’s motivations or the harmful effects of the blocking. The scope of the statutory catchall phrase, "otherwise objectionable," was not at issue in Zango , however. The central issue in Zango was whether § 230 immunity applies to filtering software providers like the defendant Kaspersky in that case, and both parties in this case. See 568 F.3d at 1173, 1176. We held such providers had immunity. Id. at 1177–78. At the end of our majority opinion, we emphasized the relevant statutory language in stating that § 230 permits providers to block material "that either the provider or the user considers ... objectionable." See id. at 1177 (original emphasis). The district court focused on that sentence and reasoned that Malwarebytes had unfettered discretion to select what criteria makes a program "objectionable" under § 230, and further, that the court was not to analyze Malwarebytes’s reasons for doing so.

The majority in Zango did not, however, address whether there were limitations on a provider’s discretion to declare online content "objectionable." No such issue was raised in the appeal. We noted that Zango "waived" the argument that its software was not "objectionable." See id. at 1176–77. We therefore held that § 230 immunity covered Kaspersky’s decision to block users from accessing the type of content at issue in that case and concluded that § 230 permits providers to block material that "the provider considers ... objectionable." Id. at 1177.

It was Judge Fisher’s concurring opinion in Zango that framed the issue for future litigation as to whether the term "objectionable" might be construed in a way that would immunize providers even if they blocked online content for improper reasons. See id. at 1178–80 (Fisher, J. concurring). Judge Fisher warned that extending immunity beyond the facts of that case could "pose serious problems," particularly where a provider is charged with using § 230 immunity to advance an anticompetitive agenda. See id. at 1178. He said that an "unbounded" reading of the phrase "otherwise objectionable" would allow a content provider to "block content for anticompetitive purposes or merely at its malicious whim." Id.

District courts nationwide have grappled with the issues discussed in Zango ’s majority and concurring opinions, and have reached differing results. Like the district court in this case, at least two other federal district courts have relied on Zango to dismiss software-provider lawsuits against Malwarebytes where the plaintiff claimed that Malwarebytes improperly characterized the plaintiff’s software as a PUP. See PC Drivers Headquarters, LP v. Malwarebytes Inc. , 371 F. Supp. 3d 652 (N.D. Cal. 2019) ; PC Drivers Headquarters, LP v. Malwarebytes, Inc. , No. 1:18-CV-234-RP, 2018 WL 2996897, at *1 (W.D. Tex. Apr. 23, 2018).

Other district courts have viewed our holding in Zango to be less expansive. See Song fi Inc. v. Google, Inc. , 108 F. Supp. 3d 876, 884 (N.D. Cal. 2015) (noting that just because "the statute requires the user or service provider to subjectively believe the blocked or screened material is objectionable does not mean anything or everything YouTube finds subjectively objectionable is within the scope of Section 230(c)," and concluding that, "[o]n the contrary such an ‘unbounded’ reading ... would enable content providers to ‘block content for anticompetitive reasons[.]’ ") (quoting Judge Fisher’s concurrence in Zango ); Sherman v. Yahoo! Inc. , 997 F. Supp. 2d 1129, 1138 (S.D. Cal. 2014) (same); see also Holomaxx Techs. v. Microsoft Corp ., 783 F. Supp. 2d 1097, 1104 (N.D. Cal. Mar. 11, 2011) (acknowledging that a provider’s subjective determination of what constitutes objectionable material under § 230(c)(2) is not limitless, but finding that the harassing emails in that case were reasonably objectionable).

We find these decisions recognizing limitations in the scope of immunity to be persuasive. The courts interpreting Zango as providing unlimited immunity seem to us to have stretched our opinion in Zango too far. This is because the focus of that appeal was neither what type of material may be blocked, nor why it may be blocked, but rather who benefits from § 230 immunity. The issue was whether § 230 immunity applies to filtering-software providers. See Zango , 568 F.3d at 1173. We answered that question in the affirmative, explaining that Kaspersky was the type of "interactive computer service" to which § 230(c)(2) expressly referred, and that Kaspersky was engaged in the type of conduct to which § 230(c)(2) generally applies. Id. at 1175–76.

As relevant here, the majority opinion in Zango establishes only that Malwarebytes, as a filtering-software provider, is an entity to which the immunity afforded by § 230 would apply. The majority opinion does not require us to hold that we lack the authority to question Malwarebytes’s determinations of what content to block. We must therefore in this case analyze § 230 to decide what limitations, if any, there are on the ability of a filtering software provider to block users from receiving online programming.

The legal question before us is whether § 230(c)(2) immunizes blocking and filtering decisions that are driven by anticompetitive animus. The majority in Zango had no occasion to address the issue, and the parties in that case were not competitors. See 568 F. 3d at 1170 (explaining Kaspersky is a security software provider; Zango provides an online service for users to stream movies, video games, and music). This is the first § 230 case we are aware of that involves direct competitors.

In this appeal, Enigma alleges that Malwarebytes blocked Enigma’s programs for anticompetitive reasons, not because the programs’ content was objectionable within the meaning of § 230, and that § 230 does not provide immunity for anticompetitive conduct. Malwarebytes’s position is that, given the catchall, Malwarebytes has immunity regardless of any anticompetitive motives.

We cannot accept Malwarebytes’s position, as it appears contrary to CDA’s history and purpose. Congress expressly provided that the CDA aims "to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services" and to "remove disincentives for the development and utilization of blocking and filtering technologies." § 230(b)(2)–(3). Congress said it gave providers discretion to identify objectionable content in large part to protect competition, not suppress it. Id. In other words, Congress wanted to encourage the development of filtration technologies, not to enable software developers to drive each other out of business.

In the infancy of the internet, the unwillingness of Congress to spell out the meaning of "otherwise objectionable" was understandable. The broad grant of protective control over online content may have been more readily acceptable in an era before the potential magnitude of internet communication was fully comprehended. Indeed, the fears of harmful content at the time led Congress to enact, in the same statute, an outright ban on the dissemination of online pornography, a ban which the Supreme Court swiftly rejected as unconstitutional a year later. See Reno v. ACLU , 521 U.S. at 877–79, 117 S.Ct. 2329 (striking down 47 U.S.C. § 223 ).

We must today recognize that interpreting the statute to give providers unbridled discretion to block online content would, as Judge Fisher warned, enable and potentially motivate internet-service providers to act for their own, and not the public, benefit. See 568 F.3d at 1178 (Fisher, J., concurring). Immunity for filtering practices aimed at suppressing competition, rather than protecting internet users, would lessen user control over what information they receive, contrary to Congress’s stated policy. See § 230(b)(3) (to maximize user control over what content they view). Indeed, users selecting a security software provider must trust that the provider will block material consistent with that user’s desires. Users would not reasonably anticipate providers blocking valuable online content in order to stifle competition. Immunizing anticompetitive blocking would, therefore, be contrary to another of the statute’s express policies: "removing disincentives for the utilization of blocking and filtering technologies." Id . § 230(b)(4).

We therefore reject Malwarebytes’s position that § 230 immunity applies regardless of anticompetitive purpose. But we cannot, as Enigma asks us to do, ignore the breadth of the term "objectionable" by construing it to cover only material that is sexual or violent in nature. Enigma would have us read the general, catchall phrase "otherwise objectionable" as limited to the categories of online material described in the seven specific categories that precede it. See 47 U.S.C. § 230(c)(2) (describing material that is "obscene, lewd, lascivious, filthy, excessively violent, harassing or otherwise objectionable."). Enigma argues that its software has no such content, and that Malwarebytes therefore cannot claim immunity for blocking it.

Enigma relies on the principle of ejusdem generis , which teaches that when a generic term follows specific terms, the generic term should be construed to reference subjects akin to those with the specific enumeration. See, e.g. , Norfolk & W. Ry. Co. v. Am. Train Dispatchers Ass’n , 499 U.S. 117, 129, 111 S.Ct. 1156, 113 L.Ed.2d 95 (1991). But the specific categories listed in § 230(c)(2) vary greatly: Material that is lewd or lascivious is not necessarily similar to material that is violent, or material that is harassing. If the enumerated categories are not similar, they provide little or no assistance in interpreting the more general category. We have previously recognized this concept. See Sacramento Reg’l Cty. Sanitation Dist. v. Reilly , 905 F.2d 1262, 1270 (9th Cir. 1990) ("Where the list of objects that precedes the ‘or other’ phrase is dissimilar, ejusdem generis does not apply").

We think that the catchall was more likely intended to encapsulate forms of unwanted online content that Congress could not identify in the 1990s. But even if ejusdem generis did apply, it would not support Enigma’s narrow interpretation of "otherwise objectionable." Congress wanted to give internet users tools to avoid not only violent or sexually explicit materials, but also harassing materials. Spam, malware and adware could fairly be placed close enough to harassing materials to at least be called "otherwise objectionable" while still being faithful to the principle of ejusdem generis . Several district courts have, for example, regarded unsolicited marketing emails as "objectionable." See, e.g. , Holomaxx , 783 F. Supp. 2d at 1104 ; e360Insight, LLC v. Comcast Corp. , 546 F. Supp. 2d 605, 608–610 (N.D. Ill. 2008) ; see also Smith v. Trusted Universal Standards In Elec. Transactions, Inc. , No. CIV09-4567-RBK-KMW, 2010 WL 1799456, at *6 (D.N.J. May 4, 2010). But we do not, in this appeal, determine the precise relationship between the term "otherwise objectionable" and the seven categories that precede it. We conclude only that if a provider’s basis for objecting to and seeking to block materials is because those materials benefit a competitor, the objection would not fall within any category listed in the statute and the immunity would not apply.

Malwarebytes’s fallback position is that, even if it would lack immunity for anticompetitive blocking, Malwarebytes has found Enigma’s programs "objectionable" for legitimate reasons based on the programs’ content. Malwarebytes asserts that Enigma’s programs, SpyHunter and RegHunter, use "deceptive tactics" to scare users into believing that they have to download Enigma’s programs to prevent their computers from being infected. Enigma alleges, however, that its programs "pose no security threat" and that Malwarebytes’s justification for blocking these "legitimate" and "highly regarded" programs was a guise for anticompetitive animus.

The district court interpreted our holding in Zango to foreclose this debate entirely, implicitly reasoning that if Malwarebytes has sole discretion to select what programs are "objectionable," the court need not evaluate the reasons for the designation. Because we hold that § 230 does not provide immunity for blocking a competitor’s program for anticompetitive reasons, and because Enigma has specifically alleged that the blocking here was anticompetitive, Enigma’s claims survive the motion to dismiss. We therefore reverse the dismissal of Enigma’s state-law claims and we remand for further proceedings.

II. The Federal Claim and the CDA’s Intellectual Property Exception

Enigma’s fourth claim is a claim for false advertising under the Lanham Act, a statute dealing with a form of intellectual property, i.e . trademarks. Enigma alleges that Malwarebytes publicly mischaracterized Enigma’s programs SpyHunter and RegHunter as potentially unwanted or PUPs, and it did so in order to interfere with Enigma’s customer base and divert those customers to Malwarebytes.

Section 230(e)(2) of the CDA contains an exception to immunity for intellectual property claims. See 47 U.S.C. § 230(e)(2). This exception, known as the intellectual property carve out, states that § 230 immunity shall not "limit or expand any law pertaining to intellectual property." Id. In light of that exception, Enigma contends that immunity would not bar Enigma’s Lanham Act claim, even if immunity is available to Malwarebytes on the state law claims. Although Enigma’s claim does not itself involve an intellectual property right, Enigma characterizes its federal false advertising claim as one "pertaining to intellectual property" within the meaning of § 230(e)(2) because the Lanham Act deals with intellectual property. The district court rejected this argument, and rightly so.

This is because even though the Lanham Act is known as the federal trademark statute, not all claims brought under the statute involve trademarks. The Act contains two parts, one governing trademark infringement and another governing false designations of origin, false descriptions, and dilution. Compare 15 U.S.C. § 1114 (trademark infringement) with id. § 1125 (the rest). The latter, § 1125, creates two bases of liability, false association and false advertising. Compare § 1125(a)(1)(A) (false association) with § 1125(a)(1)(B) (false advertising). Thus, although "much of the Lanham Act addresses the registration, use, and infringement of trademarks and related marks, ... § 1125(a) is one of the few provisions that goes beyond trademark protection." Dastar Corp. v. Twentieth Cent. Fox Film Corp. , 539 U.S. 23, 28–29, 123 S.Ct. 2041, 156 L.Ed.2d 18 (2003).

In this appeal, we must decide whether the exception to immunity contained in § 230(e)(2) applies to false advertising claims brought under the Lanham Act. Our court has not addressed the issue, although we have considered the exception as it would apply to state law claims. See Perfect 10 v. CCBill, LLC , 488 F.3d 1102, 1118–19 (9th Cir. 2007) (concluding that the intellectual property exception in § 230(e)(2) was not intended to cover intellectual property claims brought under state law); see also Gen. Steel Domestic Sales, L.L.C. v. Chumley , 840 F.3d 1178, 1182 (10th Cir. 2016) (declining to analyze the intellectual property exception; explaining that because " § 230 does not contain the grant of immunity from suit contended for, it is unnecessary to discuss its applicability to the Lanham Act false advertising claims").

We have observed before that because Congress did not define the term "intellectual property law," it should be construed narrowly to advance the CDA’s express policy of providing broad immunity. See Perfect 10 , 488 F.3d at 1119. One of these express policy reasons for providing immunity was, as Congress stated in § 230(b)(2), "to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation." 47 U.S.C. § 230(b)(2). The intellectual property exception is a limitation on immunity, and the CDA’s stated congressional purpose counsels against an expansive interpretation of the exception that would diminish the scope of immunity. If the intellectual property law exception were to encompass any claim raised under the Lanham Act—including false advertising claims that do not directly involve intellectual property rights—it would create a potential for new liability that would upset, rather than "preserve" the vibrant culture of innovation on the internet that Congress envisioned. Id.

We therefore hold that the intellectual property exception contained in § 230(e)(2) encompasses claims pertaining to an established intellectual property right under federal law, like those inherent in a patent, copyright, or trademark. The exception does not apply to false advertising claims brought under § 1125(a) of the Lanham Act, unless the claim itself involves intellectual property.

Here, Enigma’s Lanham Act claim derives from the statute’s false advertising provision. Enigma alleges that Malwarebytes mischaracterized Enigma’s most popular software programs in order to divert Enigma’s customers to Malwarebytes. These allegations do not relate to or involve trademark rights or any other intellectual property rights. Thus, Enigma’s false advertising claim is not a claim "pertaining to intellectual property law" within the meaning of § 230(e)(2). The district court correctly concluded that the intellectual property exception to immunity does not encompass Enigma’s Lanham Act claim.

The district court went on to hold, however, as it did with the state law claims, that Malwarebytes is nevertheless immune from liability under our decision in Zango . As we have explained with respect to the state law claims, Zango did not define an unlimited scope of immunity under § 230, and immunity under that section does not extend to anticompetitive conduct. Because the federal claim, like the state claims, is based on allegations of such conduct, the federal claim survives dismissal. We therefore reverse the district court’s judgment in favor of Malwarebytes and remand for further proceedings on this claim as well.


The judgment of the district court is reversed and the case is remanded for further proceedings consistent with this opinion.


RAWLINSON, Circuit Judge, dissenting:

In his concurring opinion in Zango, Inc. v. Kaspersky Lab, Inc. , 568 F.3d 1169, 1179–80 (9th Cir. 2009), Judge Fisher acknowledged that "until Congress clarifies the statute or a future litigant makes the case for a possible limitation," the "broadly worded" Communications Decency Act (the Act) afforded immunity to a distributor of Internet security software. Congress has not further clarified the statute and Enigma Software has not persuasively made a case for limitation of the statute beyond its provisions.

The majority opinion seeks to limit the statute based on the fact that the parties are competitors. See Majority Opinion , p. 1045. However, nothing in the statutory provisions or our majority opinion in Zango supports such a distinction. Rather the "broad language" of the Act specifically encompasses "any action voluntarily taken [by a provider] to restrict access to ... material that the provider ... considers to be ... otherwise objectionable." 47 U.S.C. § 230(c)(2)(A) (emphasis added). Under the language of the Act, so long as the provider’s action is taken to remove "otherwise objectionable" material, the restriction of access is immunized. See id. The majority’s real complaint is not that the district court construed the statute too broadly, but that the statute is written too broadly. However, that defect, if it is a defect, is one beyond our authority to correct. See Baker Botts LLP v. ASARCO LLC , ––– U.S. ––––, 135 S. Ct. 2158, 2169, 192 L.Ed.2d 208 (2015).

In particular, the majority holds that the criteria for blocking online material may not be based on the identity of the entity that produced it. See Majority Opinion , p. 1047. Unfortunately, however, that conclusion cannot be squared with the broad language of the Act. Under the language of the statute, if the blocked content is "otherwise objectionable" to the provider, the Act bestows immunity. Zango , 568 F.3d at 1173 ("[T]he statute plainly immunizes from suit a provider of interactive computer services that makes available software that filters or screens material that the user or the provider deems objectionable.") (emphasis in the original); 1174 ("According protection to providers of programs that filter adware and malware is also consistent with the Congressional goals for immunity articulated in [ 47 U.S.C.] § 230 itself."). Although the parties were not direct competitors, the plaintiff in Zango asserted similar anti-competition effects. See id. at 1171–72. The majority’s policy arguments are in conflict with our recognition in Zango that the broad language of the Act is consistent with "the Congressional goals for immunity" as expressed in the language of the statute. Id. at 1174. As the district court cogently noted, we "must presume that a legislature says in a statute what it means and means in a statute what it says there." Connecticut Nat’l Bank v. Germain , 503 U.S. 249, 253–54, 112 S.Ct. 1146, 117 L.Ed.2d 391 (1992) (citations omitted).

I respectfully dissent.

Summaries of

Enigma Software Grp. U.S.A v. Malwarebytes, Inc.

Sep 12, 2019
938 F.3d 1026 (9th Cir. 2019)

stating section 1225 creates two bases of liability, false association and false advertising

Summary of this case from Archi's Acres, Inc. v. Whole Foods Mkt. Serv., Inc.

noting that Section 43 is one of the few provisions of the Lanham Act that goes beyond trademark protection and holding that a claim of false advertising is barred by the CDA unless it involves an intellectual property right

Summary of this case from Corker v. Costco Wholesale Corp.
Case details for

Enigma Software Grp. U.S.A v. Malwarebytes, Inc.

Case Details

Full title:ENIGMA SOFTWARE GROUP USA, LLC, Plaintiff-Appellant, v. MALWAREBYTES…


Date published: Sep 12, 2019


938 F.3d 1026 (9th Cir. 2019)
938 F.3d 1026

Citing Cases

Zekelman Indus. Inc. v. Marker

Brookfield Commc'ns, 174 F.3d at 1046 n.6. See also Enigma Software Grp. USA, LLC v. Malwarebytes, Inc., 946…

Hepp v. Facebook, Inc.

Specifically, there is disagreement between the Ninth Circuit and some district courts over whether the CDA…