Anti-malware providers got good news today from the U.S. Ninth Circuit Court of Appeals in Seattle, Wash.
Readers of this blog may remember the lawsuit that Zango filed against Kaspersky back in 2007 for blocking its software. As we reported, Zango’s case against Kaspersky suffered a severe setback when the Washington State Superior Court handling the case granted Kaspersky’s motion for summary judgment on the grounds that Kaspersky, as an “interactive computer service” provider, enjoyed immunity from such lawsuits under section 230 of the “Communications Decency Act” (CDA, 1996) (link here).
We hailed that decision and promptly signed on to the amicus brief filed by the Center for Democracy and Technology with the Ninth Circuit Court of Appeals in response to Zango’s appeal of the original decision (link here).
We are now pleased to report that the Ninth Circuit Court of Appeals has upheld that original decision, affirming that Kaspersky enjoys “good Samaritan” protection afforded by the CDA. In the court’s own words, a provider of “access tools that filter, screen, allow, or disallow content that the provider or users considers obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable is protected from liability [by the CDA] for any action taken to make available to others the technical means to restrict access to that material.” For the Court’s full opinion, see the PDF file (here), which also includes an interesting concurring opinion from one of the panel’s three judges.
Admittedly, this decision is not nearly as consequential for anti-malware providers as it would have been three or four years ago, when adware vendors such as Zango and Direct Revenue were regularly threatening anti-spyware providers with legal action and peppering them with cease-and-desist letters on a weekly basis. It’s a been a while since we received any serious legal threats, although we do still get the occasional protest from software developers whose apps we target as “low risk,” potentially unwanted programs or tools. Nonetheless, the decision is a welcome one, as it extends to Sunbelt and other anti-malware providers the kind of legal cover we need in order to provide our customers and users with strong protection against unwanted, malicious software.
It’s worth noting that Judge Fisher, in his concurring opinion, voiced concerns over the seemingly broad language of the statue in question, raising the possibility that “under the generous coverage of [the statute’s] immunity language, a blocking software provider might abuse that immunity to block content for anti-competitive purposes or merely at its malicious whim…”
In a similar vein, one adware vendor we dealt with recently complained that our targeting policies effectively made Sunbelt (and other anti-malware vendors) into a law-unto-itself that operated on the assumption that “users cannot decide for themselves what they want on their computer.”
We think these kinds of concerns are misplaced. While the language of the statute is somewhat broad (“…or otherwise objectionable”), users are always free to replace an overly restrictive blocking tool with one of the dozens (if not hundreds) of alternatives that exist in the market, as the Judge Rymer notes in the main opinion:
“If a Kaspersky user (who has bought and installed Kaspersky’s software to block malware) is unhappy with the Kaspersky software’s performance, he can uninstall Kaspersky and buy blocking software from another company that is less restrictive or more compatible with the user’s needs. Recourse to competition is consistent with the statute’s express policy of relying on the market for the development of interactive computer services.”
Or, as we explained to that adware vendor:
“We sell a service to customers who are willing to pay for it. If they think our protection ineffective, excessive, or misguided, we lose business.”
Judge Fischer raises the prospect that anti-competitive blocking by a covered blocking software provider could occur without the user’s knowledge, however, the example he offers (Zango’s own users) undermines the very point he is trying to make. In that case, users who actually did want to use Zango’s software (pop-ups and all) were most certainly aware that something wasn’t right and contacted Zango about it. Zango, in turn, presumably informed them about the blocking, if they weren’t already aware of it. The performance and detections of anti-malware software are simply under too much daily scrutiny from users, industry experts, testers, competitors, adware vendors, and, yes, malware developers and hackers themselves for unnoticed blocking to occur for any length of time.
The bottom line is that no anti-malware vendor can afford to promiscuously or arbitrarily block and remove content that their users actually want installed on their PCs. In this case, the market can work. What we need, however, is some measure of protection from entities who seek to deny consumers access to tools that can actually protect their PCs and networks against unwanted software that just happen to sport all the legal muscle that advertising revenue can buy.
Eric L. Howes