Another Side of Section 230
Yesterday the U.S. Court of Appeals for the Ninth Circuit issued an excellent decision in a focused-but-important appeal dealing with "Section 230," which provides vital protections to service providers who facilitate online speech and users' ability to control their Internet experiences.
The case involved a less familiar aspect of Section 230, which is commonly applied in free speech rulings that shield (for example) a social network from liability based on content posted by its users. Section 230 also protects service providers from liability from efforts to control offensive content. The Zango v. Kaspersky decision, however, dealt with a third and lesser well-known component of 230 - protection afforded to companies that make tools that users can use to control their own online experiences (such as filtering software).
The Zango case raised the question of whether an anti-spyware vendor (Kaspersky) would be shielded from liability under this third part of Section 230. Zango had argued that 230 only applied to tools that filter adult content, rather than more broadly applying to tools that allow users to control content such as spyware.
On behalf of the Anti-Spyware Coalition, BSA, EFF and others, CDT filed a "friend of the court" brief arguing that Section 230 should protect anti-spyware software makers, and the court reached the exact result that we supported. Even more satisfying was the fact that the court used some of the precise analysis that we urged - half of our brief was intended to get the court to focus on the statutory "findings" in Section 230, and on how Section 230 has three very distinct and independent goals and purposes. Unfortunately, some courts in the past few years have conflated the differing goals, and so have muddied some decisions about Section 230. As the Zango court considered the third (and less familiar) component of 230, we thought it essential that the court crisply understand the nuances of law. And the court nailed it.
We also were pleased to see that the court walked a fine line on one aspect of Section 230 - whether the third component of the law had an implicit "good faith" requirement. We argued in our brief for such a requirement. The court appropriately decided that it did not need to decide that question right now, but the court's decision (as well as one judge's extra concurring opinion) highlighted that in another case good faith might be an important issue (there really is no doubt that the provider in the Zango case - Kaspersky - is a legitimate vendor acting in good faith). This means that bad guys - say, spyware makers who install malware and then turn around and offer to remove the malware - cannot use Section 230 to shield their devious actions from legal challenge.
The Ninth Circuit has taken a few missteps recently in the area of Section 230, so it is good to see a clear and correct decision from that court.