Communications Decency Act

Zango, Inc. v. Kaspersky Lab, Inc.: The Ninth Circuit Gets to the Right Destination But By the Wrong Route

The Ninth Circuit’s recent ruling in Zango, Inc. v. Kaspersky Lab, Inc. is one of the few that directly deal with the provisions in the Communications Decency Act that provide immunity from suit for the screening activities of internet service providers. The relevant section, 47 U.S.C. § 230(c)(2), provides as follows:

“No provider or user of an interactive computer service shall be held liable on account of —

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to make available to information content providers or others the technical means to restrict access to material described in paragraph [A].”

The plaintiff in the case, Zango, Inc., is a now-defunct Internet entertainment company that provided access to a catalog of online videos, games and music to users who agreed to view advertisements while surfing the internet. The defendant, Kaspersky Lab, Inc., is still live and kicking, and is a Moscow-based firm which bills itself as “a leading anti-virus software and Internet Security software solution for your home computer or business.”

According to the court, Kaspersky’s software classified Zango as “adware,” a type of malware. Once installed on a user’s computer, adware monitors a user’s browsing habits and causes “pop-up” ads to appear throughout the browsing session. Adware can open up links with websites that themselves contain malware that can infect a personal computer. Kaspersky’s software disabled key features of Zango’s software and through a series of routines, ultimately blocked the use of Zango.

Zango sued Kaspersky, seeking an injunction against its blocking activities. In defense, Kaspersky invoked the protection of §230(c)(2)(B), cited above.

The Ninth Circuit concluded that Kaspersky was “plainly immunized” by the Communications Decency Act. This conclusion was based on its analysis of §230(c)(2)(B) and two related definition sections: § 230(f)(2) which defines the term “interactive computer service” to mean any “information service, system, or access software provider that provides or enables computer access by multiple users to a computer server . . . “; and § 230(f)(4) which defines the term “access software provider” to include providers of software that filter content.

Combining these three sections, the Court concluded that a provider of filtering software or services may not be held liable for any action taken to make its filtering software available “so long as the provider enables access by multiple users to a computer service.” The Court then noted that Kaspersky “provides or enables computer access by multiple users to a “computer server” by providing its customers with online access to its update servers.”