Malwarebytes, Inc. v. Enigma Software Grp. USA, LLC

• Decision Date: 13 October 2020
• Docket Number: No. 19-1284,19-1284
• Citation: 141 S.Ct. 13 (Mem),208 L.Ed.2d 197
• Parties: MALWAREBYTES, INC. v. ENIGMA SOFTWARE GROUP USA, LLC
• Court: U.S. Supreme Court

141 S.Ct. 13 (Mem)

208 L.Ed.2d 197

MALWAREBYTES, INC.

v.ENIGMA SOFTWARE GROUP USA, LLC

No. 19-1284

Supreme Court of the United States.

Decided October 13, 2020

The petition for a writ of certiorari is denied.

Statement of Justice THOMAS respecting the denial of certiorari.

This petition asks us to interpret a provision commonly called § 230, a federal law enacted in 1996 that gives Internet platforms immunity from some civil and criminal claims. 47 U.S.C. § 230. When Congress enacted the statute, most of today's major Internet platforms did not exist. And in the 24 years since, we have never interpreted this provision. But many courts have construed the law broadly to confer sweeping immunity on some of the largest companies in the world.

This case involves Enigma Software Group USA and Malwarebytes, two competitors that provide software to enable individuals to filter unwanted content, such as content posing security risks. Enigma sued Malwarebytes, alleging that Malwarebytes engaged in anticompetitive conduct by reconfiguring its products to make it difficult for consumers to download and use Enigma products. In its defense, Malwarebytes invoked a provision of § 230 that states that a computer service provider cannot be held liable for providing tools "to restrict access to material" that it "considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable." § 230(c)(2). The Ninth Circuit relied heavily on the "policy" and "purpose" of § 230 to conclude that immunity is unavailable when a plaintiff alleges anticompetitive conduct.

The decision is one of the few where courts have relied on purpose and policy to deny immunity under § 230. But the court's decision to stress purpose and policy is familiar. Courts have long emphasized nontextual arguments when interpreting § 230, leaving questionable precedent in their wake.

I agree with the Court's decision not to take up this case. I write to explain why, in an appropriate case, we should consider whether the text of this increasingly important statute aligns with the current state of immunity enjoyed by Internet platforms.

I

Enacted at the dawn of the dot-com era, § 230 contains two subsections that protect computer service providers from some civil and criminal claims. The first is definitional. It states, "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." § 230(c)(1). This provision ensures that a company (like an e-mail provider) can host and transmit third-party content without subjecting itself to the liability that sometimes attaches to the publisher or speaker of unlawful content. The second subsection provides direct immunity from some civil liability. It states that no computer service provider "shall be held liable" for (A) good-faith acts to restrict access to, or remove, certain types of objectionable content; or (B) giving consumers tools to filter the same types of content. § 230(c)(2). This limited protection enables companies to create community guidelines and remove harmful content without worrying about legal reprisal.

Congress enacted this statute against specific background legal principles. See Stewart v. Dutra Constr. Co. , 543 U.S. 481, 487, 125 S.Ct. 1118, 160 L.Ed.2d 932 (2005) (interpreting a law by looking to the "backdrop against which Congress" acted). Traditionally, laws governing illegal content distinguished between publishers or speakers (like newspapers) and distributors (like newsstands and libraries). Publishers or speakers were subjected to a higher standard because they exercised editorial control. They could be strictly liable for transmitting illegal content. But distributors were different. They acted as a mere conduit without exercising editorial control, and they often transmitted far more content than they could be expected to review. Distributors were thus liable only when they knew (or constructively knew) that content was illegal. See, e.g., Stratton Oakmont, Inc. v. Prodigy Services Co. , 1995 WL 323710, *3 (Sup. Ct. N.Y., May 24, 1995) ; Restatement (Second) of Torts § 581 (1976) ; cf. Smith v. California , 361 U.S. 147, 153, 80 S.Ct. 215, 4 L.Ed.2d 205 (1959) (applying a similar principle outside the defamation context).

The year before Congress enacted § 230, one court blurred this distinction. An early Internet company was sued for failing to take down defamatory content posted by an unidentified commenter on a message board. The company contended that it merely distributed the defamatory statement. But the company had also held itself out as a family-friendly service provider that moderated and took down offensive content. The court determined that the company's decision to exercise editorial control over some content "render[ed] it a publisher" even for content it merely distributed. Stratton Oakmont , 1995 WL 323710, *3–*4.

Taken at face value, § 230(c) alters the Stratton Oakmont rule in two respects. First, § 230(c)(1) indicates that an Internet provider does not become the publisher of a piece of third-party content—and thus subjected to strict liability—simply by hosting or distributing that content. Second, § 230(c)(2)(A) provides an additional degree of immunity when companies take down or restrict access to objectionable content, so long as the company acts in good faith. In short, the statute suggests that if a company unknowingly leaves up illegal third-party content, it is protected from publisher liability by § 230(c)(1) ; and if it takes down certain third-party content in good faith, it is protected by § 230(c)(2)(A).

This modest understanding is a far cry from what has prevailed in court. Adopting the too-common practice of reading extra immunity into statutes where it does not belong, see Baxter v. Bracey , 590 U. S. ––––, 140 S.Ct. 1862, 207 L.Ed.2d 1069 (2020) (THOMAS, J., dissenting from denial of certiorari), courts have relied on policy and purpose arguments to grant sweeping protection to Internet platforms. E.g., 1 R. Smolla, Law of Defamation § 4:86, p. 4–380 (2d ed. 2019) ("[C]ourts have extended the immunity in § 230 far beyond anything that plausibly could have been intended by Congress); accord, Rustad & Koenig, Rebooting Cybertort Law, 80 Wash. L. Rev. 335, 342–343 (2005) (similar). I address several areas of concern.

A

Courts have discarded the longstanding distinction between "publisher" liability and "distributor" liability. Although the text of § 230(c)(1) grants immunity only from "publisher" or "speaker" liability, the first appellate court to consider the statute held that it eliminates distributor liability too—that is, § 230 confers immunity even when a company distributes content that it knows is illegal. Zeran v. America Online, Inc. , 129 F.3d 327, 331–334 (CA4 1997). In reaching this conclusion, the court stressed that permitting distributor liability "would defeat the two primary purposes of the statute," namely, "immuniz[ing] service providers" and encouraging "selfregulation." Id., at 331, 334. And subsequent decisions, citing Zeran , have adopted this holding as a categorical rule across all contexts. See, e.g., Universal Communication Systems, Inc. v. Lycos, Inc. , 478 F.3d 413, 420 (CA1 2007) ; Shiamili v. Real Estate Group of NY, Inc. , 17 N.Y.3d 281, 288–289, 929 N.Y.S.2d 19, 952 N.E.2d 1011, 1017 (2011) ; Doe v. Bates , 2006 WL 3813758, *18 (ED Tex., Dec. 27, 2006).

To be sure, recognizing some overlap between publishers and distributors is not unheard of. Sources sometimes use language that arguably blurs the distinction between publishers and distributors. One source respectively refers to them as "primary publishers" and "secondary publishers or disseminators," explaining that distributors can be "charged with publication." W. Keeton, D. Dobbs, R. Keeton, & D. Owen, Prosser and Keeton on Law of Torts 799, 803 (5th ed. 1984).

Yet there are good reasons to question this interpretation.

First, Congress expressly imposed distributor liability in the very same Act that included § 230. Section 502 of the Communications Decency Act makes it a crime to "knowingly ... display" obscene material to children, even if a third party created that content. 110 Stat. 133–134 (codified at 47 U.S.C. § 223(d) ). This section is enforceable by civil remedy. 47 U.S.C. § 207. It is odd to hold, as courts have, that Congress implicitly eliminated distributor liability in the very Act in which Congress explicitly imposed it.

Second, Congress enacted § 230 just one year after Stratton Oakmont used the terms "publisher" and "distributor," instead of "primary publisher" and "secondary publisher." If, as courts suggest, Stratton Oakmont was the legal backdrop on which Congress legislated, e.g., FTC v. Accusearch Inc. , 570 F.3d 1187, 1195 (CA10 2009), one might expect Congress to use the same terms Stratton Oakmont used.

Third, had Congress wanted to eliminate both publisher and distributor liability, it could have simply created a categorical immunity in § 230(c)(1) : No provider "shall be held liable" for information provided by a third party. After all, it used that exact categorical language in the very next subsection, which governs removal of content. § 230(c)(2). Where Congress uses a particular phrase in one subsection and a different phrase in another, we ordinarily presume that the difference is meaningful. Russello v. United States , 464 U.S. 16, 23, 104 S.Ct. 296, 78 L.Ed.2d 17 (1983) ; cf. Doe v. America Online, Inc. , 783 So.2d 1010, 1025 (Fla. 2001) (Lewis, J., dissenting) (relying on this rule to reject the interpretation that § 230 eliminated distributor liability).

B

Courts have also departed from the most natural reading of the text by giving Internet companies immunity for their own content. Section 230(c)(1) protects a company from publisher liability only when content is "provided by another information content...