Because it immunizes ISPs for liability that others produce on their websites (think YouTube, Twitter, and Facebook), Section 230 of the Communications Decency Act of 1996 has been the subject of extensive scholarly debate. On the one hand, it’s praised for enabling the modern internet to revolutionize society and become a haven for free expression and ideas. On the other, it’s drawn criticism for spawning noxious content and an overwhelming amount of hate speech, misinformation, and polarizing content.

At, we believe Section 230 has played a vital and beneficial role in shaping the internet. When it comes to cybersecurity and the fairness of the app marketplace, a critical issue for our members, Section 230 is generally interpreted to give security companies legal authority to block an app if they have a good faith basis to believe the app may harm consumers. We think that’s good for responsible businesses, consumers, and internet safety overall.

But we think it’s nonsensical – under a plain reading of the statute, or fairness in general – for the blocking authority under Section 230 to be interpreted as absolute and unlimited. Yet this is the extreme position that Malwarebytes is taking in Enigma Software Group USA vs. Malwarebytes Inc., a legal case currently before the United States Court of Appeals for the 9th Circuit. Malwarebytes maintains that Section 230 allows it to wield unfettered power to block any app it wants to, any time it wants to, without any consequences whatsoever – an argument that would apply even if the app is a competitor (like Engima) that may be competing fairly, or an app that already complies with the loftiest industry standards and respects consumer privacy and security.

This is a highly troubling position that does violence to what stands for. It repudiates standards that offer clarity and compliance to an internet that so badly needs them. It undermines efforts to create a marketplace that respects consumers’ security and privacy. It harms the movement to unite responsible companies around a common set of rules. It thereby creates a wildly unpredictable app marketplace – and certainly not a fair one. The result: more chaos, more siloed and custom security approaches, and an uneven playing field for even well-intentioned businesses seeking to be on the right side of compliance. This will likely lead some app makers to abandon compliance completely, repurpose their efforts to evading security company detection, and simply disregard consumer safety and welfare altogether.

We’ll be watching the case closely at, and we invite all our members – and anybody else interested in a safer internet – to do the same. 

In fact, you can actually tune in to the oral argument live on February 15, 2019, at 9 am Pacific time. Just click on the link to the livestream that morning shortly before 9 am,, and then click on “San Francisco CR3.” That should bring you to the particular hearing room where lawyers for the two sides will duke it out before three of the 9th Circuit Court judges.