As we reported last month, the safe harbor in Section 230 of the Communications Decency Act (“CDA”) immunizes social media providers from liability based on content posted by users under most circumstances, but not from liability for content that the providers themselves generate. But what about when providers block Internet traffic such as “spam” – does the CDA immunize service providers from liability for claims related to messages not reaching their intended recipients?
In two recent unpublished cases, Holomaxx Techs. Corp. v. Microsoft Corp. and Holomaxx Techs. Corp. v. Yahoo! Inc., Judge Fogel of the Federal District Court for the Northern District of California held that the CDA does provide immunity in such circumstances. (Notably, Judge Fogel also decided earlier this year that Facebook postings qualify as “commercial electronic mail messages” regulated under CAN-SPAM, the federal anti-spam statute.) The Holomaxx holdings did not break new ground, but the cases clearly show that Section 230 of the CDA provides immunity not just with respect to user-posted content, but also for service providers’ blocking and restriction of messages.
Plaintiff Holomaxx Technologies runs an email marketing and ecommerce business development service. After what it alleged was MSN’s and Yahoo!’s continued refusal to deliver its legitimate emails, Holomaxx sued both companies for state law tort claims alleging interference with contract and business advantage, defamation, false light, and unfair competition, and for federal claims under the Wiretap Act, the Computer Fraud and Abuse Act, and the Stored Communications Act. Seeking both damages and an injunction, Holomaxx claimed that MSN and Yahoo! “knowingly relie[d] on faulty spam filters” and that it was “entitled to send legitimate, permission-based emails to its clients’ customers now.”
In its complaints against Microsoft and Yahoo!, Holomaxx explained that it delivers for its customers ten million email messages a day, including three million to Hotmail/MSN users and six million to Yahoo! users. Holomaxx claimed that it sent only legitimate, requested emails to consenting users and complied with CAN-SPAM. According to Holomaxx, MSN’s and Yahoo!’s email filtering systems began blocking, rerouting, and/or throttling Holomaxx-generated emails to MSN and Yahoo! users, and MSN and Yahoo! ignored its requests to be unblocked and failed to identify specific problems with Holomaxx’s emails. Also according to Holomaxx, MSN and Yahoo! users acted in bad faith because they did not work with Holomaxx in the manner prescribed by the abuse desk guidelines of the Messaging Anti-Abuse Working Group, to which both companies belong and which Holomaxx characterized as an “industry standard.” Finally, Holomaxx claimed that anticompetitive purposes drove MSN’s and Yahoo!’s blocking, and that the fact that the two companies had initially resumed delivery of Holomaxx emails and then stopped again showed that the companies acted in bad faith.
MSN and Yahoo! moved to dismiss, citing CDA Section 230(c)(2), which on its face immunizes service providers for “any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers … objectionable,” and arguing that the facts that Holomaxx alleged were insufficient to overcome this statutory immunity.
Agreeing, Judge Fogel called CDA immunity “robust” and, citing the Ninth Circuit’s opinion in Fair Housing Council v. Roommates.com, LLC, noted that “all doubts must be resolved in favor of immunity.” The court cited Zango v. Kaspersky, where the Ninth Circuit explained that the CDA “plainly immunizes” providers that “make[s] available software that filters or screens material that the user or the provider deems objectionable.” In Zango, the Ninth Circuit affirmed the district court’s dismissal of a software maker’s suit against an anti-adware security firm for allegedly making it difficult for users who had installed the security firm’s anti-adware tools to use the plaintiff’s software. However, the Ninth Circuit explained that a provider might lose immunity where it “block[s] content for anticompetitive purposes or merely at its malicious whim.” Under that standard, the question was whether Holomaxx alleged sufficient facts to show that MSN and Yahoo! acted in an “absence of good faith” when they blocked Holomaxx’s emails.
The answer was no. The court discounted Holomaxx’s reliance on the MAAWG guidelines because Holomaxx had not shown them to be an industry standard.
The fact that the companies temporarily resumed delivery of Holomaxx’s emails did not demonstrate an anticompetitive motive because the CDA gives providers wide discretion in deeming content objectionable. As to alleged malice, the court explained that, “[T]o permit Holomaxx to proceed solely on the basis of a conclusory allegation that Yahoo! acted in bad faith essentially would rewrite the CDA.” (Note: On its face, the CDA did not apply to Holomaxx’s Wiretap Act and Stored Communications Act claims; the court dismissed those claims because it found that Holomaxx failed to adequately allege how MSN or Yahoo! had violated those statutes.)
A leading commentator has noted that the Ninth Circuit’s Zango case provided website operators a “high degree of freedom to make judgments about how to best serve their customers.” The Holomaxx dismissals confirm that point. With social media spam on the rise even as email spam decreases and web-based email in general declines, both the Holomaxx and Zango cases could assist social media providers in their efforts to prevent unsolicited messages and abuse while at the same time maintaining the instant, social, viral qualities that keep users engaged and advertisers paying.
One final point – as one observer notes, Holomaxx’s compliance with CAN-SPAM, described in great detail in each of the complaints, did not matter to Judge Fogel’s holding. That is, the mere fact that Holomaxx’s marketing messages were legal, did not compel Microsoft or Yahoo! to either deliver those messages or lose CDA immunity. Thus, the court rejected an argument that might have resulted implicitly in the requirements of CAN-SPAM setting a ceiling, rather than a floor, for service providers’ anti-abuse efforts.