bleepingcomputer – Techdirt (original) (raw)

Bizarre Decision Keeps Hope Alive In Enigma Software's Defamation Suit Against BleepingComputer

from the 'viewed-in-the-light-most-favorable-to-ignoring-tons-of-precedent...' dept

Enigma Software joined the long line of aggrieved companies who feel that legal threats and questionable lawsuits are the best form of reputation management. It sued BleepingComputer over a “defamatory review” — which was actually just a forum post by a member that detailed (with supporting links) its questionable SpyHunter software and its “rogue tactics” over the years.

In addition to the defamation claims, Enigma Software also argued that BleepingComputer only did this to steer site readers towards its own products, alleging a handful of Lanham Act violations.

Unfortunately, Enigma Software’s dubious claims have survived a motion to dismiss by BleepingComputer, thanks to some similarly dubious reasoning [PDF] by the judge presiding over the case. Not only are the Lanham Act claims given far too much credence (thanks to some twisted judicial analysis that assumes that because trademark is a part of the Lanham Act, false advertising claims under the Lanham Act are also intellectual property claims, exempt from Section 230 of the CDA), but the court’s decision to allow the lawsuit to process also punches a few more holes in Section 230 protections.

Because the author of the post was a third-party contributor, BleepingComputer should not have been held responsible for the content of the post. However, the court appears to be bothered that the user in question was referred to as a “staff member” by BleepingComputer, even if it was actually a volunteer administrative post and BleepingComputer did not directly control the content of the user’s contributions.

Eric Goldman, in his analysis of the decision, points out that BleepingComputer could have done a better job delineating between actual site administrators and those just helping out, along with providing more comprehensive disclaimers about “superusers” and their contributions to the site.

So what did Bleeping do wrong? In retrospect, calling super-users “staff members” is probably not the best titling. At least to this judge, “staff” sounds too much like “employee.” The court also says that site disclosures saying super-users could be “trusted to give correct…answers” meant that Bleeping communicated that these super-users were authorized to post on its behalf. I don’t see that interpretation of the disclosure at all, but it’s also easy to imagine rewording Bleeping’s disclosures to downgrade the risks. For example, Bleeping could make disclosures that super-users had been selected because of their consistently reliable advice, but they remain independent and fallible.

That being said, the court’s decision does more damage to Section 230 protections by holding websites responsible for the content of certain third-party posts. This determination may be only temporary and fall apart as the lawsuit proceeds, but it still gives those filing questionable lawsuits a glimmer of hope that their dubious claims might survive to fight another day. If nothing else, the assertions made by the court will keep the lawyers fed.

Still, I’m irritated by the court’s glossy handling of the Section 230 super-user precedent. I’m also frustrated by the court’s insensitivity to how this ruling undermines Section 230. It green-lights plaintiffs to allege that a user was the site’s implied agent to survive a Section 230 motion to dismiss, even if those allegations fail later in the case. Everyone loses (except the lawyers, of course) when unmeritorious cases get past a Section 230 motion to dismiss.

Other issues present themselves as well in this decision. The statute of limitations of defamation (one year) gets an extension, thanks to the court considering certain links to older posts as “republication,” flying in the face of several other decisions on the same topic. (It actually doesn’t say quite as much, but refuses to “resolve the issue” at this point.)

And, on the subject of linking to content to support claims made in an allegedly defamatory post, the court seems to find that something done to deter claims of defamation is actually just the creation of a defamatory echo chamber.

The court says this conclusion is reinforced by Bleeping’s and Quietman7’s self-laudatory statements about their credibility and expertise. Thus, the court distinguishes the recent trend of judges presuming that readers don’t take online comments seriously (a trend partially attributable to the NY Sandals case). Also, “[t]he manner of Quietman7’s written presentation—one using footnotes and citations—conveyed further that his advice was based on an ‘investigation’ of verifiable facts.” (Contrast the cases holding that linking to source materials can reduce defamation liability). The court disregards Quietman7’s qualifier statements “[m]y personal recommendation” and “[i]n my opinion.”

One of the most infuriating assertions made in this decision is that Enigma Software is still, somehow, a private entity that only needs to make the most minimal of damage assertions to continue pursuing this lawsuit.

The court rejects Bleeping’s argument that Enigma is a limited-purpose public figure (which would require Enigma to allege facts showing Bleeping had actual malice) because Enigma’s complaint “does not allege any facts suggesting that ESG has taken a public position on the integrity of its business practices or the quality of its products.” FFS. While focusing on the complaint’s four corners is technically permissible under the legal standards for a motion to dismiss, the judge is allowed to take judicial notice of public statements where Enigma–LIKE EVERY OTHER BUSINESS IN THE UNIVERSE SINCE THE BEGINNING OF TIME–says it does a great job.

While this is not a decision in favor of one party or another, the judge’s determinations make it clear that BleepingComputer will be paying a whole lot more in legal fees before this lawsuit (hopefully) is resolved in its favor. Enigma’s claims — not including the severely-stretched “unfair competition” assertions — were so threadbare as to be almost nonexistent. Its defamation accusations included words not actually used in the post and some complete rewriting of certain post sentences in order to shore up its bogus claims.

Goldman’s very thorough assessment of the decision does find that BleepingComputer could have done a few things in a smarter way to avoid potential Section 230 entanglements, but his overall take is that a decent anti-SLAPP law would have gone a long way towards making this lawsuit disappear before dragging the defendants into expensive discovery proceedings. While he grants that motions to dismiss are viewed in the light most favorable to the non-moving party (Enigma Software), the court here has gone out of its way to keep a highly-questionable defamation lawsuit alive — and has done damage to Section 230 protections in doing so.

Filed Under: anti-slapp, cda 230, criticism, forums, lanham act, reviews, section 230, spyhunter
Companies: bleepingcomputer, enigma software

Enigma Software Decides The Best Way To Deal With A Negative Review Is To Sue The Reviewer

from the ungracious,-ESPECIALLY-in-defeat dept

Nothing pushes a negative review of your product out of the public eye faster than a lawsuit, am I right? That’s the line of thinking Enigma Software has chosen to entertain. It recently filed a lawsuit against BleepingComputer, alleging that its 2014 “review” (actually a forum post detailing Enigma’s SpyHunter history as “rogue” software and the deceptive business practices the company has deployed) is defamatory.

What would seem to be a mixture of opinion and fact-based assumptions (backed by links to other sources) is portrayed by Enigma as a malicious attempt by BleepingComputer to damage its reputation so the site can push readers to affiliate partners and advertisers.

Enigma Software claims in its lawsuit that BleepingComputer has the negative SpyHunter review because it takes part in an affiliate advertising program which grants BleepingComputer a commission for redirecting users to Malwarebyte’s site. The Enigma Software Group claims, “Bleeping not only has unlawfully benefited from its smear campaign to the detriment of ESG, it has damaged the reputation of ESG by refusing to take down its false and misleading statements which have been reposted numerous times on other anti-spyware related forums and websites.”

Other computer security sites have already leapt to BleepingComputer’s defense. Malwarebytes has donated $5,000 to the site’s legal fees and points out that BleepingComputer is not some fly-by-night operation that solely acts as a funnel to preferred vendors.

The content is provided by the volunteer efforts of security professionals and the more than 700,000 registered users who ask and answer all questions presented on the site. To summarize, Bleeping Computer is a valuable resource in the efforts to help users live in a malware free world.

Over at CSO’s Salted Hash, Steve Ragan points out the reputation Enigma claims BleepingComputer is destroying has already been severely damaged by the company’s own actions over the years.

[T]he lawsuit says, “Bleeping has a direct financial interest in driving traffic and sales to Malwarebytes and driving traffic and sales away from ESG.”

While that claim is true at face value, the affiliate programs used by Bleeping Computer help keep the website online and they use affiliate links for a number of vendors, not just Malwarebytes.

Also, most of the comments that are critical of Enigma Software and SpyHunter exist because the company has gained a bad reputation over the years due to spam, as well as questionable detection rates.

Ragan then runs down Enigma’s history, including the high number of refunds it’s had to hand out to maintain its A+ BBB rating, as well as the years it spent being blacklisted as a security risk by respected anti-virus firms.

He also notes, as BleepingComputer did in its disputed forum post, that SpyHunter has never been classified as malware or targeted for removal by competing anti-virus products, but that’s apparently largely due to Engima’s past litigious efforts, rather than Enigma dropping the more questionable “features” of its product — like automatic renewals, suspicious scan results and its “pay-to-clean” pricing. (The scan is free. The removal requires a six-month subscription, which will be automatically renewed by Enigma in perpetuity unless otherwise instructed.)

The lawsuit is already off on the wrong foot, what with it clearly being filed solely to shut down criticism. While Enigma may find New York’s lack of a universal anti-SLAPP statute useful (the current version only protects speech related to the discussion of public permits, and even then, it only protects certain people [bloggers, non-traditional journalists] from SLAPP lawsuits brought by government entities), it’s now facing Marc Randazza, who has taken up BleepingComputer’s defense.

Adding to this is the fact that the specific statements Enigma claims are false and defamatory aren’t even directly quoted from the posted review. They’re rephrased to put words in the mouth of the forum moderator who posted it. This low-level deception might have made sense if Enigma hadn’t included a screenshot of the post it’s misquoting as an exhibit in the filing.

Here are Enigma’s claims, followed by the actual wording used by BleepingComputer.

In these posts, Bleeping makes the following assertions falsely and without any reasonable basis to believe that the statements were true when made:

That SpyHunter 4 or ESG engage in “deceptive advertising which violates several consumer protection laws in many states”;

[The “quoted” statement does not actually appear in this post, or in any of the ones following it in the thread.]

ES: That SpyHunter 4 or ESG has a “history of employing aggressive and deceptive advertising”;

BC: SpyHunter by Enigma Software Group USA, LLC is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List because of the company’s history of employing aggressive and deceptive advertising.

[This claim is backed up by a footnote linking to an outside source that reinforces BC’s claim.]

ES: That SpyHunter 4 is a “rogue product”;

BC: SpyHunter by Enigma Software Group USA, LLC is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List…

BC: SpyHunter is not classified as malware or rogue security software and other antivirus and antimalware vendors do not target it for removal.

ES: That SpyHunter 4 or ESG have not cooperated in submitting their program for testing “most likely due to the program’s ineffectiveness and high rate of false positives?”;

[Again, this “quoted” phrase does not appear in the post, or in any the moderator’s posts in the same thread. The moderator notes it has not been tested by other AV firms to determine its effectiveness, but does not make any related claim about false positives or ineffectiveness. The closest thing to it is this sentence, which is clearly an opinion.]

In my opinion SpyHunter is a dubious program with a high rate of false positives.

[This is backed up by a link to supporting information from an outside source.]

ES: That SpyHunter 4 or ESG engage in deceptive pricing;

BC: While there are mixed reviews for SpyHunter, some good and some bad, my main concern is the reports by customers of deceptive pricing, continued demands for payment after requesting a refund, lack of adequate customer support, removal (uninstall) problems and various other issues with their computer as a result of using this product. For example, some users are not aware that when purchasing SpyHunter, they have agreed to a subscription service with an automatic renewal policy.

[Again, these statements are supported by links to information sources. The addition of “my main concern” clearly shows the moderator is making a statement of opinion based on available information. And the connecting phrase “reports by customers” makes it clear he’s making an inference based on statements by others.]

ES: That most users of SpyHunter 4 “are not aware that when purchasing SpyHunter, they have agreed to a subscription service with an automatic renewal policy”; and

[See the above quote and note, again, that multiple links in the review direct readers to outside sites backing up this statement, like the numerous complaints about this practice found at ComplaintsBoard and the Better Business Bureau.]

ES: That SpyHunter 4 is “malware” or “rogue security software” despite not being classified as such by security vendors.

BC: SpyHunter by Enigma Software Group USA, LLC is a program that was previously listed as a rogue product…

BC: SpyHunter is not classified as malware or rogue security software and other antivirus and antimalware vendors do not target it for removal.

[These two directly contradict the assertion being made by Enigma in its lawsuit. The author of the post never states that SpyHunter is “malware” or “rogue security software.”]

Enigma doesn’t have much of a case. But it has just enough of one to be troublesome. It’s forced others to bend to its will in the past by aggressively litigating, and it can drain BleepingComputer of time, energy and money just by forcing it to defend itself from ridiculous claims.

Filed Under: anti-slapp, defamation, free speech, reviews, slapp, software, spyhunter
Companies: bleepingcomputer, enigma software