Circuits Shift Away from Finding that the Communications Decency Act Provides Broad “Immunity” from Liability for Third-Party Content to Digital Media Providers

Sometimes a shift in label can signal a shift in policy. A recent shift by the Ninth Circuit away from the use of the term “immunity” when describing the effect of the Communications Decency Act appears to signal such a change.

In earlier cases, the Ninth Circuit frequently referred to the Communications Decency Act as providing “immunity” to internet service providers who publish third-party material. See, e.g., Batzel v Smith, 333 F.3d 1018, 1029 (9th Cir. 2003). Many other circuits followed this characterization. The exception was the Seventh Circuit, which pointed out that the operative language, in 47 U.S.C. § 230(c)(1), did not use the word “immunity”, but merely provided an exclusion from liability by means of a definition — by defining an internet service provider as not a “publisher or speaker” in certain contexts. Doe v. GTE Corp., 347 F.3d 655, 660 (7th Cir. 2003).

The Seventh Circuit’s approach is not to assume that an internet service provider (ISP) receives blanket immunity for third party content, but to ask whether the suit in question is seeking to treat the ISP as a publisher or speaker. See Chicago Lawyers’ Comm. For Civil Rights under the Law v. Craigslist, Inc., 519 F.3d 666, 670-71 (7th Cir. 2008). If the theory of liability is something other than that the ISP is publishing or speaking the words in question, liability may be imposed. For example, the Seventh Circuit stated that Section 230(c)(1) would not “help people steal music or other material in copyright.” Id. at 670. (Fn1) The Communications Decency Act would not protect such activities as aiding, abetting, inducing or encouraging, or conspiracy with, a third party to place illegal content on a site. Id. at 671-72.

In earlier decisions, the Ninth Circuit has not been adverse to finding against Communications Decency Act immunity for internet service providers. However, it generally did so by finding that the ISP was itself a co-provider of the illegal content. This was the approach in Batzel v. Smith and Fair Housing Council v. (Fn2)

While the Ninth Circuit probably has not abandoned this approach, in Barnes v. Yahoo, the Ninth Circuit has now also adopted the Seventh Circuit’s “definitional” method for analyzing the scope of the Communications Decency Act. Barnes v. Yahoo, 2009 WL 1232367 * 3-4. This enabled the Ninth Circuit, in Barnes, to find against CDA protection for third-party content, because it was able to characterize the cause of action as something other than holding an ISP liable for speaking or publishing third party content — in this case, breaking a promise regarding third party content.

Looking at typical cases in which the Communications Decency Act has been applied (defamation, fraud, obscenity, assault/harassment), the “definitional” approach to the scope of the CDA would seem to move the debate to determining the kinds of acts by an ISP that rise to the level of encouraging illegal behavior. Given the fact-intensive nature of this determination, the outcome of many cases currently in the works should be interesting.

Zango, Inc. v. Kaspersky Lab, Inc.: The Ninth Circuit Gets to the Right Destination But By the Wrong Route

The Ninth Circuit’s recent ruling in Zango, Inc. v. Kaspersky Lab, Inc. is one of the few that directly deal with the provisions in the Communications Decency Act that provide immunity from suit for the screening activities of internet service providers. The relevant section, 47 U.S.C. § 230(c)(2), provides as follows:

“No provider or user of an interactive computer service shall be held liable on account of —

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to make available to information content providers or others the technical means to restrict access to material described in paragraph [A].”

The plaintiff in the case, Zango, Inc., is a now-defunct Internet entertainment company that provided access to a catalog of online videos, games and music to users who agreed to view advertisements while surfing the internet. The defendant, Kaspersky Lab, Inc., is still live and kicking, and is a Moscow-based firm which bills itself as “a leading anti-virus software and Internet Security software solution for your home computer or business.”

According to the court, Kaspersky’s software classified Zango as “adware,” a type of malware. Once installed on a user’s computer, adware monitors a user’s browsing habits and causes “pop-up” ads to appear throughout the browsing session. Adware can open up links with websites that themselves contain malware that can infect a personal computer. Kaspersky’s software disabled key features of Zango’s software and through a series of routines, ultimately blocked the use of Zango.

Zango sued Kaspersky, seeking an injunction against its blocking activities. In defense, Kaspersky invoked the protection of §230(c)(2)(B), cited above.

The Ninth Circuit concluded that Kaspersky was “plainly immunized” by the Communications Decency Act. This conclusion was based on its analysis of §230(c)(2)(B) and two related definition sections: § 230(f)(2) which defines the term “interactive computer service” to mean any “information service, system, or access software provider that provides or enables computer access by multiple users to a computer server . . . “; and § 230(f)(4) which defines the term “access software provider” to include providers of software that filter content.

Combining these three sections, the Court concluded that a provider of filtering software or services may not be held liable for any action taken to make its filtering software available “so long as the provider enables access by multiple users to a computer service.” The Court then noted that Kaspersky “provides or enables computer access by multiple users to a “computer server” by providing its customers with online access to its update servers.”