Privacy and Security Advisory

Federal Court Dismisses Suit by Alleged Malware Vendor

By Bruce E.H. Johnson, John D. Seiver, Ronald G. London and Sarah K. Duran
[September 2007]

In Zango, Inc. v. Kaspersky Lab, Inc., No. C07-0807-JCC (Aug. 28, 2007), the United States District Court for the Western District of Washington dismissed a lawsuit filed by Zango, Inc., against Kaspersky Lab, Inc., a company that distributes computer anti-virus/anti-malware software that had targeted Zango’s products as objectionable. Zango alleged that Kaspersky Lab’s anti-virus software improperly identified Zango’s websites and ads as malware and alleged tortious interference with contract and business expectancy, trade libel, violation of Washington state’s Consumer Protection Act and unjust enrichment. The court rejected Zango’s claims and held that Kapersky was entitled to the safe harbor provided in Section 230(c)(2) of the Communications Decency Act (CDA), 47 U.S.C. § 230(c)(2).

The CDA’s safe harbor protects providers and users of interactive computer services for “action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers … objectionable” and for “action taken to enable or make available to information content providers or others the technical means to restrict access to [such] material.”

The court interpreted the CDA’s safe harbor to be quite broad and cited other courts’ labeling of immunity (in other Section 230 contexts) as “quite robust.” The court also read broadly the requirement that immunity is afforded to a “provider” of “interactive computer service,” finding Kaspersky to be an “access software provider” that “provides or enables computer access by multiple users to a computer server.” Indeed, the court found that Kaspersky's “anti-malware software is exactly the type” contemplated by the CDA as enabling users to filter, screen, allow and/or disallow content that the safe harbor was designed to facilitate blocking.

The court rejected Zango’s argument that it does not provide “objectionable material” within the meaning of the safe harbor. It held that the statute does not require that the material actually be objectionable, but rather only that the provider or user of the software or service deems such material objectionable. In this regard, it was noted there was no question that Kaspersky considered Zango’s software objectionable.

Finally, the court rejected Zango’s argument that Kaspersky lost immunity by allegedly acting in bad faith, blocking Zango as part of a “scare campaign intended to generate additional interest in [Kaspersky's] software.” The court distinguished between the safe harbor afforded for actions “to restrict access to or availability of material that the provider or user considers to be … objectionable,” which has an explicitly stated good-faith requirement, and actions “to enable or make available … the technical means to restrict access” to such material, which does not include any good-faith condition. Because Kaspersky’s efforts fell within the latter, the court found, it held it was under no duty to act in good faith. However, the court held that “even if there was a good faith requirement,” Zango’s “mere conclusory assertion of bad faith, without more, would be insufficient to withstand summary judgment.”

This decision is significant in several regards. The court dismissed all of Zango’s claims as a matter of law and refused Zango the opportunity to conduct discovery. This dismissal suggests that vendors and distributors of anti-malware products and services can claim an absolute immunity, even against allegations of bad faith, to communicate with their customers about potential adware and spyware risks and even to facilitate consumer decisions about software installed by third parties on their computers, without incurring liability to the producers and distributors of the software. This “safe harbor” extends, by its terms, to Internet service providers (ISPs).

If there is no good faith requirement for providing anti-malware software to consumers or enabling them to block what they deem unacceptable, future Zango-type lawsuits will become less attractive. As a general proposition, other courts following the broad reading that this court affords the CDA safe harbor will make the prospect of similar litigation less likely, and at a minimum reduce the cost of defending any such cases.

Davis Wright Tremaine LLP was co-counsel for Kaspersky in the case.


DWT's Privacy and Security Blog For coverage of this and other issues of interest, please visit http://www.privsecblog.com.

For more information, please contact:

Bruce E.H. Johnson

Bruce E.H. Johnson
Seattle, Washington
(206) 622-3150
brucejohnson@dwt.com

 John D. Seiver John D. Seiver
Washington, D.C.
(202) 973-4200
johnseiver@dwt.com
       
Ronald G. London Ronald G. London
Washington, D.C.
(202) 973-4200
ronnielondon@dwt.com		 Sarah K. Duran Sarah K. Duran
Seattle, Washington
(206) 622-3150
sarahduran@dwt.com

This advisory is a publication of the Privacy/Security and Communications Groups of Davis Wright Tremaine LLP. Our purpose in publishing this advisory is to inform our clients and friends of recent legal developments. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations. Attorney advertising. Prior results do not guarantee a similar outcome.

Copyright © 2007, Davis Wright Tremaine LLP.


return to advisory bulletins main page