The U.S. Court of Appeals for the Ninth Circuit has confirmed that the safe harbor provisions of the Communications Decency Act (CDA) applies to screening or blocking software and covers more then just pornography; it covers spyware as well. Zango, Inc. v. Kaspersky Lab, Inc., Case No. 07-35800 (9th Cir., June 25, 2009) (Rymer, J.) (Fisher, J., concurring).

Zango provides access to a catalog of online videos, games, music, tools and utilities to consumers who agree to view advertisements while they browse the Internet. It brought this action against Kaspersky, which distributes software that filters and blocks potentially malicious software, alleging that Kaspersky’s screening software improperly blocked Zango’s software.

The Kaspersky software detects malware in e-mail, web pages and software programs and warns the user that the download contains malware. The Kaspersky software classified Zango’s programs as a type of malware that causes pop-up ads to appear on a computer screen. These pop-up ads open links to websites and computer servers that host the malware. Kaspersky invoked the protection of the safe harbor provision of the CDA (47 U.S.C. § 230(c) and the district court granted summary judgment in Kaspersky’s favor, holding that it was a provider of an “interactive computer service,” entitled to immunity for actions taken to make available to others the technical means to restrict access to “objectionable material.” Zango appealed.

On appeal Zango argued that Congress intended statutory immunity under § 230(c) to apply to Internet content providers, not to companies that provide filtering tools. The Ninth Circuit disagreed, finding that “the statute plainly immunizes from suit a provider of interactive computer services that makes available software that filers or screens material that the user or the provider deems objectionable.”

The Court noted that material that can be blocked under the exemption includes “material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected.”

The Court agreed with the district court that Kaspersky was, under the statute, an “interactive computer service” and an “access software provider” and therefore was entitled to claim the safe harbor of the CDA. Kaspersky is a “provider” of an “interactive computer service” under the statute since it “provides or enables computer access by multiple users to a computer server” and is an “access software provider” since it provides its customers with online access to its update servers.

The Court explained that under the statute “a provider of software or enabling tools that filter, screen, allow, or disallow content that the provider or user considers obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable may not be held liable for any action taken to make available the technical means to restrict access to that material, so long as the provider enables access by multiple users to a computer server.”

In his concurring opinion, Judge Fisher concurred that based on the issue presented by Zango in framing the appeal, Kaspersky was entitled to immunity under the CDA. However, Judge Fisher warned that the breath of the “otherwise objectionable” language was not put in issue by Zango in its appeal and warned against the possibility of an abuse of immunity by blocking software vendors that might attempt to use such immunity “to block content for anticompetitive purposes or merely at its malicious whim,” invoking the “otherwise objectionable” category. Judge Fisher would impose a good faith limitation on what a blocking software vendor might consider “otherwise objectionable.”