• by Wendy Davis  @wendyndavis, June 5, 2023

Siding against Malwarebytes, a federal appeals court on Friday revived claims that the cybersecurity company engaged in false advertising by flagging programs by Enigma Software, a rival, as possible threats.

In a 2-1 decision, a panel of the 9th Circuit Court of Appeals rejected Malwarebytes' argument that its statements regarding Enigma -- including that its programs were potentially unwanted, “threats,” and “malicious” -- were opinions, which are protected by the First Amendment.

“Enigma has alleged that Malwarebytes disparaged Enigma’s products for commercial advantage by making misleading statements of fact,” Circuit Judge Richard Clifton wrote in an opinion joined by International Trade Judge M. Miller Baker. “If those allegations are true, and at this stage we must presume that they are, trying to wrap them in a First Amendment flag does not make them any less offensive or any less actionable.”

Chief Judge Patrick Bumatay dissented, writing that Malwarebytes' statements regarding Enigma were “nonactionable opinions,” and therefore couldn't support Enigma's claims.

“When a cybersecurity company flags another company’s products as 'potentially unwanted programs,' 'threats,' or 'malicious,' could it be liable for false advertising under the Lanham Act? The answer is plainly 'no,'” Bumatay wrote.

He added that those characterizations “are subjective statements, not readily verifiable.”

The panel also revived a claim that Malwarebytes wrongly interfered with Enigma's business contracts.

Malwarebytes can still ask the entire 9th Circuit to hear the case, or can ask the Supreme Court to intervene.

The battle between the companies began in 2016, when Enigma alleged that its programs -- including SpyHunter and RegHunter -- were wrongly tagged as threats and blocked by Malwarebytes.

For its part, Malwarebytes alleged that Enigma “uses deceptive scare tactics” to “trick” consumers into purchasing subscriptions.

Malwarebytes suffered a key defeat earlier in the proceedings, when it unsuccessfully argued it was protected by Section 230 of the Communications Decency Act. That law contains a provision that shields computer services from liability for restricting objectionable material.

The 9th Circuit ruled in 2019 that Section 230 didn't apply because Malwarebytes competes with Enigma.

Malwarebytes then asked the Supreme Court to hear the matter. The court declined to do so in 2020.

A trial judge subsequently dismissed Enigma's lawsuit on the grounds that its allegations, even if proven true, wouldn't show that Malwarebytes wrongly disparaged a competitor.

Enigma appealed that ruling to the 9th Circuit, which reversed the trial judge on Friday.

Friday's appellate decision doesn't mean Malwarebytes will ultimately lose the case, but suggests that the seven-year-old case will continue to linger in court -- which could drive up the company's legal costs.

For that reason, the ruling “reinforces how expensive it is for Malwarebytes to defend its classifications,” Santa Clara University Eric Goldman says.

He adds that the new decision carries “chilling consequences for the entire industry.”

Goldman previously argued to the Supreme Court that the 9th Circuit's 2019 ruling depriving Malwarebytes of the protection of Section 230 could hinder other anti-threat software vendors.