Enigma Software Group USA v. Malwarebytes Inc. ( 2019 )

                      FOR PUBLICATION
UNITED STATES COURT OF APPEALS
FOR THE NINTH CIRCUIT
ENIGMA SOFTWARE GROUP USA,                          No. 17-17351
LLC,
Plaintiff-Appellant,                    D.C. No.
5:17-cv-02915-
v.                                 EJD
MALWAREBYTES, INC.,
Defendant-Appellee.                       OPINION
Appeal from the United States District Court
for the Northern District of California
Edward J. Davila, District Judge, Presiding
Argued and Submitted February 15, 2019
San Francisco, California
Filed September 12, 2019
Before: Mary M. Schroeder and Johnnie B. Rawlinson,
Circuit Judges, and Robert S. Lasnik,* District Judge.
Opinion by Judge Schroeder;
Dissent by Judge Rawlinson
*
The Honorable Robert S. Lasnik, United States District Judge for the
Western District of Washington, sitting by designation.
2           ENIGMA SOFTWARE V. MALWAREBYTES
SUMMARY**
Communications Decency Act
The panel reversed the district court’s dismissal, as barred
by § 230 of the Communications Decency Act, of claims
under New York law and the Lanham Act’s false advertising
provision.
Enigma Software Group USA, LLC, and Malwarebytes,
Inc., were providers of software that helped internet users to
filter unwanted content from their computers. Enigma
alleged that Malwarebytes configured its software to block
users from accessing Enigma’s software in order to divert
Enigma’s customers.
Section 230 immunizes software providers from liability
for actions taken to help users block certain types of
unwanted online material, including material that is of a
violent or sexual nature or is “otherwise objectionable.”
Distinguishing Zango, Inc. v. Kaspersky Lab, Inc., 

 (9th Cir. 2009), the panel held that the phrase
“otherwise objectionable” does not include software that the
provider finds objectionable for anticompetitive reasons. As
to the state-law claims, the panel held that Enigma’s
allegations of anticompetitive animus were sufficient to
withstand dismissal. As to the federal claim, the panel further
held that § 230’s exception for intellectual property claims
did not apply because this false advertising claim did not
**
This summary constitutes no part of the opinion of the court. It has
been prepared by court staff for the convenience of the reader.
ENIGMA SOFTWARE V. MALWAREBYTES                     3
relate to trademarks or any other type of intellectual property.
The panel remanded the case for further proceedings.
Dissenting, Judge Rawlinson wrote that § 230 is broadly
worded, and Enigma did not persuasively make a case for
limitation of the statute beyond its provisions.
COUNSEL
Terry Budd (argued), Budd Law PLLC, Wexford,
Pennsylvania; Christopher M. Verdini and Anna Shabalov,
K&L Gates LLP, Pittsburgh, Pennsylvania; Edward P.
Sangster, K&L Gates LLP, San Francisco, California; for
Plaintiff-Appellant.
Tyler G. Newby (argued), Guinevere L. Jobson, and Sapna
Mehta, Fenwick & West LLP, San Francisco, California, for
Defendant-Appellee.
OPINION
SCHROEDER, Circuit Judge:
OVERVIEW
This dispute concerns § 230, the so-called “Good
Samaritan” provision of the Communications Decency Act of
1996, enacted primarily to protect minors from harmful
online viewing. The provision immunizes computer-software
providers from liability for actions taken to help users block
certain types of unwanted, online material. The provision
expressly describes material of a violent or sexual nature, but
4         ENIGMA SOFTWARE V. MALWAREBYTES
also includes a catchall for material that is “otherwise
objectionable.” 

(c)(2). We have previously
recognized that the provision establishes a subjective standard
whereby internet users and software providers decide what
online material is objectionable. See Zango Inc. v. Kaspersky
Lab, Inc., 

, 1173 (9th Cir. 2009).
The parties to this dispute are both providers of software
that help internet users filter unwanted content from their
computers. Plaintiff-Appellant Enigma Software Group
USA, LLC has alleged violations of New York state law and
a violation of the Lanham Act’s false advertising provision.
Each claim is based on the allegation that defendant,
Malwarebytes Inc., has configured its software to block users
from accessing Enigma’s software in order to divert Enigma’s
customers. The district court, relying on Zango, dismissed
the action as barred by § 230’s broad recognition of
immunity. We did not hold in Zango, however, that the
immunity was limitless.
This case differs from Zango in that here the parties are
competitors. In this appeal Enigma contends that the
“otherwise objectionable” catchall is not broad enough to
encompass a provider’s objection to a rival’s software in
order to suppress competition. Enigma points to Judge
Fisher’s concurrence in Zango warning against an overly
expansive interpretation of the provision that could lead to
anticompetitive results. We heed that warning and reverse
the district court’s decision that read Zango to require such an
interpretation.      We hold that the phrase “otherwise
objectionable” does not include software that the provider
finds objectionable for anticompetitive reasons.
ENIGMA SOFTWARE V. MALWAREBYTES                      5
Malwarebytes contends that it had legitimate reasons for
finding Enigma’s software objectionable apart from any
anticompetitive effect, and that immunity should therefore
apply on Enigma’s state-law claims, even if the district court
erred in its interpretation of Zango. We conclude, however,
that Enigma’s allegations of anticompetitive animus are
sufficient to withstand dismissal.
Enigma’s federal claim warrants an additional analytical
step. The CDA’s immunity provision contains an exception
for intellectual property claims, stating that “[n]othing in this
section shall be construed to limit or expand any law
pertaining to intellectual property.” 

(e)(2).
Enigma has brought a false advertising claim under the
Lanham Act, a federal statute that deals with trademarks.
Enigma contends that the false advertising claim is one
“pertaining to intellectual property” and thus outside the
scope of § 230 immunity.
Although it is true that the Lanham Act itself deals with
intellectual property, i.e. trademarks, Enigma’s false
advertising claim does not relate to trademarks or any other
type of intellectual property. The district court therefore
correctly held that the intellectual property exception to
immunity does not apply to the false advertising claim. The
district court went on to hold that under Zango’s application
of § 230 immunity, Malwarebytes was immune from liability
for false advertising. As with Enigma’s state law claims, we
hold that the district court read Zango too broadly in
dismissing the federal claim. We therefore reverse the
judgment on this claim as well.
6           ENIGMA SOFTWARE V. MALWAREBYTES
STATUTORY BACKGROUND
This appeal centers on the immunity provision contained
in § 230(c)(2) of the Communications Decency Act (“CDA”),

(c)(1996). The CDA, which was enacted as
part of the Telecommunications Act of 1996, contains this
“Good Samaritan” provision that, in subparagraph B,
immunizes internet-service providers from liability for giving
internet users the technical means to restrict access to the
types of material described in the subparagraph A. 

§ 230(c)(2)(B).       The material, as described in that
subparagraph, is “material that the provider or user considers
to be obscene, lewd, lascivious, filthy, excessively violent,
harassing, or otherwise objectionable.” Id. § 230(c)(2)(A).1
1
Section 230(c) is entitled “Protection for ‘Good Samaritan’ blocking
and screening of offensive material.” The relevant subsection (2), “Civil
liability,” states, in full, as follows:
“No provider or user of an interactive computer service
shall be held liable on account of –
(A) any action voluntarily taken in good faith to restrict
access to or availability of material that the provider or
user considers to be obscene, lewd, lascivious, filthy,
excessively violent, harassing, or otherwise
objectionable, whether or not such material is
constitutionally protected; or
(B) any action taken to enable or make available to
information content providers or others the technical
means to restrict access to material described in
paragraph [A].”

(c)(2)(A), (B).
ENIGMA SOFTWARE V. MALWAREBYTES                     7
This grant of immunity dates back to the early days of the
internet when concerns first arose about children being able
to access online pornography. Parents could not program
their computers to block online pornography, and this was at
least partially due to a combination of trial court decisions in
New York that had deterred the creation of online-filtration
efforts. In the first case, Cubby, Inc. v. CompuServe, Inc., a
federal court held that passive providers of online services
and content were not charged with knowledge of, or
responsibility for, the content on their network. See 776 F.
Supp 135, 139–43 (S.D.N.Y. 1991). Therefore, if a provider
remained passive and uninvolved in filtering third-party
material from its network, the provider could not be held
liable for any offensive content it carried from third parties.
See 

The corollary of this rule, as later articulated by a New
York state trial court, was that once a service provider
undertook to filter offensive content from its network, it
assumed responsibility for any offensive content it failed to
filter, even if it lacked knowledge of the content. See Stratton
Oakmont, Inc. v. Prodigy Services Co., 

, *5
(N.Y. Sup. Ct. May 24, 1995) (“Prodigy’s conscious choice,
to gain the benefits of editorial control, has opened it up to a
greater liability than CompuServe and other computer
networks that make no such choice.”), superseded by statute,
Communications Decency Act, Pub. L. No. 104-104, 

, as recognized in Shiamili v. Real Estate Group of
N.Y., Inc., 

 (2011). Representative Chris
Cox warned during debates on proposed legislation aimed at
overruling Stratton Oakmont, that premising liability on
providers’ efforts to filter out offensive material was
deterring software companies from providing the filtering
software and tools that could help parents block pornography
8         ENIGMA SOFTWARE V. MALWAREBYTES
and other offensive material from their home computers. See
141 Cong. Rec. 22,045 (1995) (statement of Rep. Cox).
The Stratton Oakmont decision, along with the increasing
public concern about pornography on the internet, served as
catalysts for legislators to consider greater internet regulation.
Congress considered, in early 1995, two different
amendments to the Telecommunications Act. The first,
called the Exon-Coats amendment, targeted pornography at
the source by prohibiting its dissemination. See 

.
Proponents of this bill argued that parents lacked the
technological sophistication needed to implement online-
filtration tools and that the government therefore needed to
step in. 

. The second proposal, entitled the
Online Family Empowerment Act (“OFEA”), targeted
internet pornography at the receiving end by encouraging
further development of filtration tools. 

.
Proponents of this bill pointed out that prohibiting
pornography at the source raised constitutional issues
involving prior restraint, and argued that parents, not
government bureaucrats, were better positioned to protect
their children from offensive online material. 

.
On February 1, 1996, Congress enacted both approaches
as part of the CDA. The Exon-Coats amendment was
codified at 

, but was later invalidated by Reno
v. ACLU, 

, 877–79 (1997). Before us is OFEA’s
approach, enacted as § 230(c)(2) of the CDA. See Pub L. No.
104-104, § 509, 

, 137–39. By immunizing
internet-service providers from liability for any action taken
to block, or help users block offensive and objectionable
online content, Congress overruled Stratton Oakmont and
thereby encouraged the development of more sophisticated
ENIGMA SOFTWARE V. MALWAREBYTES                    9
methods of online filtration. See H.R. Conf. Rep. No. 104-
879, at 194 (1996).
The history of § 230(c)(2) shows that access to
pornography was Congress’s motivating concern, but the
language used in § 230 included much more, covering any
online material considered to be “excessively violent,
harassing, or otherwise objectionable.” See 

(c)(2)(A)–(B). Perhaps to guide the interpretation of
this broad language, Congress took the rather unusual step of
setting forth policy goals in the immediately preceding
paragraph of the statute. See 

 § 230(b). Of the five goals,
three are particularly relevant here. These goals were “to
encourage the development of technologies which maximize
user control”; “to empower parents to restrict their children’s
access to objectionable or inappropriate online content”; and
“to preserve the vibrant and competitive free market that
presently exists for the Internet and other interactive
computer services.” See id. § 230(b)(2)–(4).
This court has decided one prior case where we
considered the scope of § 230, but were principally concerned
with which types of online-service providers Congress
intended to immunize. See Zango, 

. We
acknowledged that providers of computer security software
can benefit from § 230 immunity, and that such providers
have discretion to identify what online content is considered
“objectionable,” id., but we had no reason to discuss the
scope of that discretion. The separate concurrence in Zango
focused on the future need for considering appropriate
limitations on provider control. See id. at 1178–80 (Fisher,
J. concurring). District courts have differed in their
10        ENIGMA SOFTWARE V. MALWAREBYTES
interpretations of Zango and the extent to which it
encouraged providers to block material. What is clear to us
from the statutory language, history and case law is that the
criteria for blocking online material must be based on the
characteristics of the online material, i.e. its content, and not
on the identity of the entity that produced it.
FACTUAL BACKGROUND
Plaintiff-appellant Enigma Software Group USA, LLC, is
a Florida company that sells computer security software
nationwide. Malwarebytes Inc., a Delaware corporation
headquartered in California, also sells computer security
software nationwide. Malwarebytes and Enigma are
therefore direct competitors.
Providers of computer security software help users
identify and block malicious or threatening software, termed
malware, from their computers. Each provider generates its
own criteria to determine what software might threaten users.
Defendant Malwarebytes programs its software to search for
what it calls Potentially Unwanted Programs (“PUPs”). PUPs
include, for example, what Malwarebytes describes as
software that contains “obtrusive, misleading, or deceptive
advertisements, branding or search practices.” Once
Malwarebytes’s security software is purchased and installed
on a user’s computer, it scans for PUPs, and according to
Enigma’s complaint, if the user tries to download a program
that Malwarebytes has determined to be a PUP, a pop-up alert
warns the user of a security risk and advises the user to stop
the download and block the potentially threatening content.
ENIGMA SOFTWARE V. MALWAREBYTES                  11
Malwarebytes and Enigma have been direct competitors
since 2008, the year of Malwarebytes’s inception. In their
first eight years as competitors, neither Enigma nor
Malwarebytes flagged the other’s software as threatening or
unwanted. In late 2016, however, Malwarebytes revised its
PUP-detection criteria to include any program that, according
to Malwarebytes, users did not seem to like.
After the revision, Malwarebytes’s software immediately
began flagging Enigma’s most popular programs—
RegHunter and SpyHunter—as PUPs. Thereafter, anytime a
user with Malwarebytes’s software tried to download those
Enigma programs, the user was alerted of a security risk and,
according to Enigma’s complaint, the download was
prohibited, i.e. Malwarebytes “quarantined” the programs.
Enigma alleges that Malwarebytes’s new definition of a PUP
includes subjective criteria that Malwarebytes has
“implemented at its own malicious whim” in order to identify
Enigma’s programs as threats. Enigma characterizes the
revision as a “guise” for anticompetitive conduct, and alleges
that its programs are “legitimate”, “highly regarded”, and
“pose no security threat.” As a result of Malwarebytes’s
actions, Enigma claims that it has lost customers and revenue
and experienced harm to its reputation.
Enigma brought this action against Malwarebytes in early
2017, in the Southern District of New York. Enigma claimed
that Malwarebytes has used its PUP-modification process to
advance a “bad faith campaign of unfair competition” aimed
at “deceiving consumers and interfering with [Enigma’s]
customer relationships.”
12        ENIGMA SOFTWARE V. MALWAREBYTES
Enigma’s complaint alleged four claims, three under New
York state law and one under federal law. The first state-law
claim accused Malwarebytes of using deceptive business
practices in violation of New York General Business Law
§ 349. Enigma’s second and third state-law claims alleged
tortious interference with business and contractual relations
in violation of New York state common law. The federal
claim accused Malwarebytes of making false and misleading
statements to deceive consumers into choosing
Malwarebytes’s security software over Enigma’s, in violation
of the Lanham Act, 

(a)(1)(B).
Malwarebytes sought a change of venue. Although
Enigma maintained that venue was proper in New York
because Malwarebytes’s conduct affected users and
computers within that state, the conduct at issue had national
reach. The district court therefore granted Malwarebytes’s
motion to transfer the case to the Northern District of
California, where Malwarebytes is headquartered.
Malwarebytes then moved to dismiss for failure to state
a claim, arguing that it was immune from liability under
§ 230(c)(2) of the CDA. The district court granted the
motion, finding that under the reasoning of our decision in
Zango, Malwarebytes was immune under § 230 on all of
Enigma’s claims. The district court interpreted Zango to
mean that anti-malware software providers are free to block
users from accessing any material that those providers, in
their discretion, deem to be objectionable.             Given
Malwarebytes’s status as a provider of filtering software, and
its assertion that Enigma’s programs are potentially
unwanted, the district court held that Malwarebytes could not
be liable under state law for blocking users’ access to
Enigma’s programs.
ENIGMA SOFTWARE V. MALWAREBYTES                    13
With respect to the federal claim, the district court had to
consider the intellectual property exception to the CDA’s
immunity provision set forth in 

(e)(2). The
somewhat opaque exception states that § 230 immunity “shall
not be construed to limit or expand any law pertaining to
intellectual property.” Id. Enigma’s federal claim alleged
false advertising under the Lanham Act, and Enigma
contended that immunity did not apply because that statute
deals with intellectual property, i.e. trademarks. The district
court reasoned, however, that although the Lanham Act itself
deals with intellectual property, Enigma’s false advertising
claim did not relate to any type of intellectual property and
therefore § 230 immunity encompassed that claim as well.
Having concluded that Malwarebytes was immune on all four
claims, the district court dismissed the complaint and granted
judgment for Malwarebytes.
On appeal, Enigma primarily contends that the district
court erred in interpreting our Zango opinion to give online
service providers unlimited discretion to block online content,
and that the Good Samaritan blocking provision does not
provide such sweeping immunity that it encompasses
anticompetitive conduct.
DISCUSSION
I. Scope of § 230(c)(2) Immunity as Applied to State-
Law Claims
The district court held that our opinion in Zango
controlled, and interpreted Zango to mean that an online-
service provider cannot be liable for blocking internet users
from accessing online content that the provider considers
objectionable, regardless of the provider’s motivations or the
14        ENIGMA SOFTWARE V. MALWAREBYTES
harmful effects of the blocking. The scope of the statutory
catchall phrase, “otherwise objectionable,” was not at issue in
Zango, however. The central issue in Zango was whether
§ 230 immunity applies to filtering software providers like
the defendant Kaspersky in that case, and both parties in this
case. See 

. We held such providers
had immunity. 

 at 1177–78. At the end of our majority
opinion, we emphasized the relevant statutory language in
stating that § 230 permits providers to block material “that
either the provider or the user considers . . . objectionable.”
See id. at 1177 (original emphasis). The district court focused
on that sentence and reasoned that Malwarebytes had
unfettered discretion to select what criteria makes a program
“objectionable” under § 230, and further, that the court was
not to analyze Malwarebytes’s reasons for doing so.
The majority in Zango did not, however, address whether
there were limitations on a provider’s discretion to declare
online content “objectionable.” No such issue was raised in
the appeal. We noted that Zango “waived” the argument that
its software was not “objectionable.” See id. at 1176–77. We
therefore held that § 230 immunity covered Kaspersky’s
decision to block users from accessing the type of content at
issue in that case and concluded that § 230 permits providers
to block material that “the provider considers . . .
objectionable.” Id. at 1177.
It was Judge Fisher’s concurring opinion in Zango that
framed the issue for future litigation as to whether the term
“objectionable” might be construed in a way that would
immunize providers even if they blocked online content for
improper reasons. See id. at 1178–80 (Fisher, J. concurring).
Judge Fisher warned that extending immunity beyond the
facts of that case could “pose serious problems,” particularly
ENIGMA SOFTWARE V. MALWAREBYTES                   15
where a provider is charged with using § 230 immunity to
advance an anticompetitive agenda. See id. at 1178. He said
that an “unbounded” reading of the phrase “otherwise
objectionable” would allow a content provider to “block
content for anticompetitive purposes or merely at its
malicious whim.” Id.
District courts nationwide have grappled with the issues
discussed in Zango’s majority and concurring opinions, and
have reached differing results. Like the district court in this
case, at least two other federal district courts have relied on
Zango to dismiss software-provider lawsuits against
Malwarebytes where the plaintiff claimed that Malwarebytes
improperly characterized the plaintiff’s software as a PUP.
See PC Drivers Headquarters, LP v. Malwarebytes Inc.,

 (N.D. Cal. 2019); PC Drivers
Headquarters, LP v. Malwarebytes, Inc., No. 1:18-CV-234-
RP, 

, at *1 (W.D. Tex. Apr. 23, 2018).
Other district courts have viewed our holding in Zango to
be less expansive. See Song fi Inc. v. Google, Inc., 

, 884 (N.D. Cal. 2015) (noting that just because
“the statute requires the user or service provider to
subjectively believe the blocked or screened material is
objectionable does not mean anything or everything YouTube
finds subjectively objectionable is within the scope of Section
230(c),” and concluding that, “[o]n the contrary such an
‘unbounded’ reading . . . would enable content providers to
‘block content for anticompetitive reasons[.]’”) (quoting
Judge Fisher’s concurrence in Zango); Sherman v. Yahoo!
Inc., 

, 1138 (S.D. Cal. 2014) (same); see
also Holomaxx Techs. v. Microsoft Corp., 

, 1104 (N.D. Cal. Mar. 11, 2011) (acknowledging that a
provider’s subjective determination of what constitutes
16        ENIGMA SOFTWARE V. MALWAREBYTES
objectionable material under § 230(c)(2) is not limitless, but
finding that the harassing emails in that case were reasonably
objectionable).
We find these decisions recognizing limitations in the
scope of immunity to be persuasive. The courts interpreting
Zango as providing unlimited immunity seem to us to have
stretched our opinion in Zango too far. This is because the
focus of that appeal was neither what type of material may be
blocked, nor why it may be blocked, but rather who benefits
from § 230 immunity. The issue was whether § 230
immunity applies to filtering-software providers. See Zango,

. We answered that question in the
affirmative, explaining that Kaspersky was the type of
“interactive computer service” to which § 230(c)(2) expressly
referred, and that Kaspersky was engaged in the type of
conduct to which § 230(c)(2) generally applies. Id.
at 1175–76.
As relevant here, the majority opinion in Zango
establishes only that Malwarebytes, as a filtering-software
provider, is an entity to which the immunity afforded by
§ 230 would apply. The majority opinion does not require us
to hold that we lack the authority to question Malwarebytes’s
determinations of what content to block. We must therefore
in this case analyze § 230 to decide what limitations, if any,
there are on the ability of a filtering software provider to
block users from receiving online programming.
The legal question before us is whether § 230(c)(2)
immunizes blocking and filtering decisions that are driven by
anticompetitive animus. The majority in Zango had no
occasion to address the issue, and the parties in that case were
not competitors. See 

 (explaining
ENIGMA SOFTWARE V. MALWAREBYTES                  17
Kaspersky is a security software provider; Zango provides an
online service for users to stream movies, video games, and
music). This is the first § 230 case we are aware of that
involves direct competitors.
In this appeal, Enigma alleges that Malwarebytes blocked
Enigma’s programs for anticompetitive reasons, not because
the programs’ content was objectionable within the meaning
of § 230, and that § 230 does not provide immunity for
anticompetitive conduct. Malwarebytes’s position is that,
given the catchall, Malwarebytes has immunity regardless of
any anticompetitive motives.
We cannot accept Malwarebytes’s position, as it appears
contrary to CDA’s history and purpose. Congress expressly
provided that the CDA aims “to preserve the vibrant and
competitive free market that presently exists for the Internet
and other interactive computer services” and to “remove
disincentives for the development and utilization of blocking
and filtering technologies.” § 230(b)(2)–(3). Congress said
it gave providers discretion to identify objectionable content
in large part to protect competition, not suppress it. Id. In
other words, Congress wanted to encourage the development
of filtration technologies, not to enable software developers
to drive each other out of business.
In the infancy of the internet, the unwillingness of
Congress to spell out the meaning of “otherwise
objectionable” was understandable. The broad grant of
protective control over online content may have been more
readily acceptable in an era before the potential magnitude of
internet communication was fully comprehended. Indeed, the
fears of harmful content at the time led Congress to enact, in
the same statute, an outright ban on the dissemination of
18        ENIGMA SOFTWARE V. MALWAREBYTES
online pornography, a ban which the Supreme Court swiftly
rejected as unconstitutional a year later. See Reno v. ACLU,

877–79 (striking down 

).
We must today recognize that interpreting the statute to
give providers unbridled discretion to block online content
would, as Judge Fisher warned, enable and potentially
motivate internet-service providers to act for their own, and
not the public, benefit. See 

 (Fisher, J.,
concurring). Immunity for filtering practices aimed at
suppressing competition, rather than protecting internet users,
would lessen user control over what information they receive,
contrary to Congress’s stated policy. See § 230(b)(3) (to
maximize user control over what content they view). Indeed,
users selecting a security software provider must trust that the
provider will block material consistent with that user’s
desires. Users would not reasonably anticipate providers
blocking valuable online content in order to stifle
competition. Immunizing anticompetitive blocking would,
therefore, be contrary to another of the statute’s express
policies: “removing disincentives for the utilization of
blocking and filtering technologies.” Id. § 230(b)(4).
We therefore reject Malwarebytes’s position that § 230
immunity applies regardless of anticompetitive purpose. But
we cannot, as Enigma asks us to do, ignore the breadth of the
term “objectionable” by construing it to cover only material
that is sexual or violent in nature. Enigma would have us
read the general, catchall phrase “otherwise objectionable” as
limited to the categories of online material described in the
seven specific categories that precede it. See 

(c)(2) (describing material that is “obscene, lewd,
lascivious, filthy, excessively violent, harassing or otherwise
objectionable.”). Enigma argues that its software has no such
ENIGMA SOFTWARE V. MALWAREBYTES                      19
content, and that Malwarebytes therefore cannot claim
immunity for blocking it.
Enigma relies on the principle of ejusdem generis, which
teaches that when a generic term follows specific terms, the
generic term should be construed to reference subjects akin
to those with the specific enumeration. See, e.g., Norfolk &
W. Ry. Co. v. Am. Train Dispatchers Ass’n, 

, 129
(1991). But the specific categories listed in § 230(c)(2) vary
greatly: Material that is lewd or lascivious is not necessarily
similar to material that is violent, or material that is harassing.
If the enumerated categories are not similar, they provide
little or no assistance in interpreting the more general
category. We have previously recognized this concept. See
Sacramento Reg’l Cty. Sanitation Dist. v. Reilly, 

, 1270 (9th Cir. 1990) (“Where the list of objects that
precedes the ‘or other’ phrase is dissimilar, ejusdem generis
does not apply”).
We think that the catchall was more likely intended to
encapsulate forms of unwanted online content that Congress
could not identify in the 1990s. But even if ejusdem generis
did apply, it would not support Enigma’s narrow
interpretation of “otherwise objectionable.” Congress wanted
to give internet users tools to avoid not only violent or
sexually explicit materials, but also harassing materials.
Spam, malware and adware could fairly be placed close
enough to harassing materials to at least be called “otherwise
objectionable” while still being faithful to the principle of
ejusdem generis. Several district courts have, for example,
regarded unsolicited marketing emails as “objectionable.”
See, e.g., Holomaxx, 

; e360Insight,
LLC v. Comcast Corp., 

, 608–610 (N.D.
Ill. 2008); see also Smith v. Trusted Universal Standards In
20        ENIGMA SOFTWARE V. MALWAREBYTES
Elec. Transactions, Inc., No. CIV09-4567-RBK-KMW, 

, at *6 (D.N.J. May 4, 2010). But we do not, in
this appeal, determine the precise relationship between the
term “otherwise objectionable” and the seven categories that
precede it. We conclude only that if a provider’s basis for
objecting to and seeking to block materials is because those
materials benefit a competitor, the objection would not fall
within any category listed in the statute and the immunity
would not apply.
Malwarebytes’s fallback position is that, even if it would
lack immunity for anticompetitive blocking, Malwarebytes
has found Enigma’s programs “objectionable” for legitimate
reasons based on the programs’ content. Malwarebytes
asserts that Enigma’s programs, SpyHunter and RegHunter,
use “deceptive tactics” to scare users into believing that they
have to download Enigma’s programs to prevent their
computers from being infected. Enigma alleges, however,
that its programs “pose no security threat” and that
Malwarebytes’s justification for blocking these “legitimate”
and “highly regarded” programs was a guise for
anticompetitive animus.
The district court interpreted our holding in Zango to
foreclose this debate entirely, implicitly reasoning that if
Malwarebytes has sole discretion to select what programs are
“objectionable,” the court need not evaluate the reasons for
the designation. Because we hold that § 230 does not provide
immunity for blocking a competitor’s program for
anticompetitive reasons, and because Enigma has specifically
alleged that the blocking here was anticompetitive, Enigma’s
claims survive the motion to dismiss. We therefore reverse
the dismissal of Enigma’s state-law claims and we remand for
further proceedings.
ENIGMA SOFTWARE V. MALWAREBYTES                   21
II. The Federal Claim and the CDA’s Intellectual
Property Exception
Enigma’s fourth claim is a claim for false advertising
under the Lanham Act, a statute dealing with a form of
intellectual property, i.e. trademarks. Enigma alleges that
Malwarebytes publicly mischaracterized Enigma’s programs
SpyHunter and RegHunter as potentially unwanted or PUPs,
and it did so in order to interfere with Enigma’s customer
base and divert those customers to Malwarebytes.
Section 230(e)(2) of the CDA contains an exception to
immunity for intellectual property claims. See 

(e)(2). This exception, known as the intellectual
property carve out, states that § 230 immunity shall not “limit
or expand any law pertaining to intellectual property.” Id. In
light of that exception, Enigma contends that immunity would
not bar Enigma’s Lanham Act claim, even if immunity is
available to Malwarebytes on the state law claims. Although
Enigma’s claim does not itself involve an intellectual
property right, Enigma characterizes its federal false
advertising claim as one “pertaining to intellectual property”
within the meaning of § 230(e)(2) because the Lanham Act
deals with intellectual property. The district court rejected
this argument, and rightly so.
This is because even though the Lanham Act is known as
the federal trademark statute, not all claims brought under the
statute involve trademarks. The Act contains two parts, one
governing trademark infringement and another governing
false designations of origin, false descriptions, and dilution.
Compare 

 (trademark infringement) with 

§ 1125 (the rest). The latter, § 1125, creates two bases of
liability, false association and false advertising. Compare
22        ENIGMA SOFTWARE V. MALWAREBYTES
§ 1125(a)(1)(A) (false association) with § 1125(a)(1)(B)
(false advertising). Thus, although “much of the Lanham Act
addresses the registration, use, and infringement of
trademarks and related marks, . . . § 1125(a) is one of the few
provisions that goes beyond trademark protection.” Dastar
Corp. v. Twentieth Cent. Fox Film Corp., 

, 28–29
(2003).
In this appeal, we must decide whether the exception to
immunity contained in § 230(e)(2) applies to false advertising
claims brought under the Lanham Act. Our court has not
addressed the issue, although we have considered the
exception as it would apply to state law claims. See Perfect
10 v. CCBill, LLC, 

, 1118–19 (9th Cir. 2009)
(concluding that the intellectual property exception in
§ 230(e)(2) was not intended to cover intellectual property
claims brought under state law); see also Gen. Steel Domestic
Sales, L.L.C. v. Chumley, 

, 1182 (10th Cir.
2016) (declining to analyze the intellectual property
exception; explaining that because Ҥ 230 does not contain
the grant of immunity from suit contended for, it is
unnecessary to discuss its applicability to the Lanham Act
false advertising claims”).
We have observed before that because Congress did not
define the term “intellectual property law,” it should be
construed narrowly to advance the CDA’s express policy of
providing broad immunity. See Perfect 10, 488 F.3d at 1119.
One of these express policy reasons for providing immunity
was, as Congress stated in § 230(b)(2), “to preserve the
vibrant and competitive free market that presently exists for
the Internet and other interactive computer services,
unfettered by Federal or State regulation.” 

(b)(2). The intellectual property exception is a
ENIGMA SOFTWARE V. MALWAREBYTES                   23
limitation on immunity, and the CDA’s stated congressional
purpose counsels against an expansive interpretation of the
exception that would diminish the scope of immunity. If the
intellectual property law exception were to encompass any
claim raised under the Lanham Act—including false
advertising claims that do not directly involve intellectual
property rights—it would create a potential for new liability
that would upset, rather than “preserve” the vibrant culture of
innovation on the internet that Congress envisioned. 

We therefore hold that the intellectual property exception
contained in § 230(e)(2) encompasses claims pertaining to an
established intellectual property right under federal law, like
those inherent in a patent, copyright, or trademark. The
exception does not apply to false advertising claims brought
under § 1125(a) of the Lanham Act, unless the claim itself
involves intellectual property.
Here, Enigma’s Lanham Act claim derives from the
statute’s false advertising provision. Enigma alleges that
Malwarebytes mischaracterized Enigma’s most popular
software programs in order to divert Enigma’s customers to
Malwarebytes. These allegations do not relate to or involve
trademark rights or any other intellectual property rights.
Thus, Enigma’s false advertising claim is not a claim
“pertaining to intellectual property law” within the meaning
of § 230(e)(2). The district court correctly concluded that the
intellectual property exception to immunity does not
encompass Enigma’s Lanham Act claim.
The district court went on to hold, however, as it did with
the state law claims, that Malwarebytes is nevertheless
immune from liability under our decision in Zango. As we
have explained with respect to the state law claims, Zango did
24        ENIGMA SOFTWARE V. MALWAREBYTES
not define an unlimited scope of immunity under § 230, and
immunity under that section does not extend to
anticompetitive conduct. Because the federal claim, like the
state claims, is based on allegations of such conduct, the
federal claim survives dismissal. We therefore reverse the
district court’s judgment in favor of Malwarebytes and
remand for further proceedings on this claim as well.
CONCLUSION
The judgment of the district court is reversed and the case
is remanded for further proceedings consistent with this
opinion.
REVERSED and REMANDED.
RAWLINSON, Circuit Judge, dissenting:
In his concurring opinion in Zango, Inc. v. Kaspersky
Lab, Inc., 

, 1179–80 (9th Cir. 2009), Judge
Fisher acknowledged that “until Congress clarifies the statute
or a future litigant makes the case for a possible limitation,”
the “broadly worded” Communications Decency Act (the
Act) afforded immunity to a distributor of Internet security
software. Congress has not further clarified the statute and
Enigma Software has not persuasively made a case for
limitation of the statute beyond its provisions.
The majority opinion seeks to limit the statute based on
the fact that the parties are competitors. See Majority
Opinion, p. 4. However, nothing in the statutory provisions
or our majority opinion in Zango supports such a distinction.
ENIGMA SOFTWARE V. MALWAREBYTES                      25
Rather the “broad language” of the Act specifically
encompasses “any action voluntarily taken [by a provider] to
restrict access to . . . material that the provider . . . considers
to be . . . otherwise objectionable.” 

(c)(2)(A)
(emphasis added). Under the language of the Act, so long as
the provider’s action is taken to remove “otherwise
objectionable” material, the restriction of access is
immunized. See 

 The majority’s real complaint is not that
the district court construed the statute too broadly, but that the
statute is written too broadly. However, that defect, if it is a
defect, is one beyond our authority to correct. Baker Botts
LLP v. ASARCO LLC, 

, 2169 (2015).
In particular, the majority holds that the criteria for
blocking online material may not be based on the identity of
the entity that produced it. See Majority Opinion, p. 10.
Unfortunately, however, that conclusion cannot be squared
with the broad language of the Act. Under the language of
the statute, if the blocked content is “otherwise objectionable”
to the provider, the Act bestows immunity. Zango, 

 (“[T]he statute plainly immunizes from suit a
provider of interactive computer services that makes available
software that filters or screens material that the user or the
provider deems objectionable.”) (emphasis in the original);
1174 (“According protection to providers of programs that
filter adware and malware is also consistent with the
Congressional goals for immunity articulated in [47 U.S.C.]
§ 230 itself.”). Although the parties were not direct
competitors, the plaintiff in Zango asserted similar anti-
competition effects. See id. at 1171–72. The majority’s
policy arguments are in conflict with our recognition in
Zango that the broad language of the Act is consistent with
“the Congressional goals for immunity” as expressed in the
language of the statute. Id. at 1174. As the district court
26         ENIGMA SOFTWARE V. MALWAREBYTES
cogently noted, we “must presume that a legislature says in
a statute what it means and means in a statute what it says
there.” Connecticut Nat’l Bank v. Germain, 

,
253–54 (1992) (citations omitted).
I respectfully dissent.