CDA Immunity Protects Internet Service Provider For Erroneously Identifying Bank’s Legitimate Web Site As A Fraudulent Phishing Scam
Case: Associated Bank-Corp. v. Earthlink, Inc. (W.D. Wis. Case No. 05-C-0233-S, 9/14/05)
The One Sentence Summary: The District Court for the Western District of Wisconsin ruled that Section 230(c) of the Communications Decency Act of 1996 which provides "[n]o provider . . . of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider," protected Earthlink from liability to Associated Bank Corp. for mistakenly identifying Associated’s web site as a scam employed by identity thieves.
What They Were Fighting About: Earthlink, an internet service provider, provides more than five million subscribers throughout the United States with access to the internet. It also provides additional software and services designed to block spam, pop-up windows, and to alert customers to fraudulent websites. One of these tools is “ScamBlocker,” a service that aims to protect customers from phisher scams. A phisher scam involves sending fraudulent e-mails purporting to be from a customer’s bank and implying that something is wrong with the customer’s account. The e-mail has a link the customer can click, which directs the customer to what appears to be her bank’s web-site but is actually a site controlled by the scam artist. The fraudulent site encourages the customer to enter her personal account information, which the scam artist then uses for criminal purposes. EarthLink’s “ScamBlocker” service works by redirecting the customer to a Scam Alert page when the user clicks a link to a site listed in the ScamBlocker database as being the address of a fraudulent phishing site. The Scam Alert page tells the user that she may be attempting to visit a fraudulent web site. A user can then choose to either continue and access the potentially fraudulent web site, or can choose to abort the attempt to access the web page. A third-party vendor identifies the fraudulent web-sites listed in the ScamBlocker service’s database. EarthLink direclty inputs the third-party's list of phishing sites into EarthLink's ScamBlocker database without altering the content.
Associated Bank-Corp operates a legitimate online banking web site. During a period of fewer than 48 hours in April of 2005, EarthLink’s ScamBlocker service erroneously identified Associated Bank-Corp’s legitimate web-site as a fraudulent phishing site. Earthlink users attempting to access Associated Bank’s web site would have been directed to a Scam Alert page which informed them that they had attempted to access a web site that might be a fraudulent phishing site. Earthlink corrected the problem the same day Associated Bank-Corp notified Earthlink of the mistake.
Associated Bank-Corp sued Earthlink for tortious interference with business relations, negligence, and fraudulent representation, and sought injunctive relief.
District Court Holdings: The District Court granted EarthLink’s motion for summary judgment. The Court held:
The One Sentence Summary: The District Court for the Western District of Wisconsin ruled that Section 230(c) of the Communications Decency Act of 1996 which provides "[n]o provider . . . of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider," protected Earthlink from liability to Associated Bank Corp. for mistakenly identifying Associated’s web site as a scam employed by identity thieves.
What They Were Fighting About: Earthlink, an internet service provider, provides more than five million subscribers throughout the United States with access to the internet. It also provides additional software and services designed to block spam, pop-up windows, and to alert customers to fraudulent websites. One of these tools is “ScamBlocker,” a service that aims to protect customers from phisher scams. A phisher scam involves sending fraudulent e-mails purporting to be from a customer’s bank and implying that something is wrong with the customer’s account. The e-mail has a link the customer can click, which directs the customer to what appears to be her bank’s web-site but is actually a site controlled by the scam artist. The fraudulent site encourages the customer to enter her personal account information, which the scam artist then uses for criminal purposes. EarthLink’s “ScamBlocker” service works by redirecting the customer to a Scam Alert page when the user clicks a link to a site listed in the ScamBlocker database as being the address of a fraudulent phishing site. The Scam Alert page tells the user that she may be attempting to visit a fraudulent web site. A user can then choose to either continue and access the potentially fraudulent web site, or can choose to abort the attempt to access the web page. A third-party vendor identifies the fraudulent web-sites listed in the ScamBlocker service’s database. EarthLink direclty inputs the third-party's list of phishing sites into EarthLink's ScamBlocker database without altering the content.
Associated Bank-Corp operates a legitimate online banking web site. During a period of fewer than 48 hours in April of 2005, EarthLink’s ScamBlocker service erroneously identified Associated Bank-Corp’s legitimate web-site as a fraudulent phishing site. Earthlink users attempting to access Associated Bank’s web site would have been directed to a Scam Alert page which informed them that they had attempted to access a web site that might be a fraudulent phishing site. Earthlink corrected the problem the same day Associated Bank-Corp notified Earthlink of the mistake.
Associated Bank-Corp sued Earthlink for tortious interference with business relations, negligence, and fraudulent representation, and sought injunctive relief.
District Court Holdings: The District Court granted EarthLink’s motion for summary judgment. The Court held:
- Section 230(c) of the federal Communications Decency Act of 1996 protected Earthlink from liability. That statute provides in relevant part: “”[n]o provider . . . of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” 47 U.S.C. § 230(c)(1).
- Earthlink was an “interactive computer service” under Section 230(f)(2) of the Act.
- Section 230 of the Act therefore immunized Earthlink from liability because a reasonable trier of fact could not infer that Earthlink acted as an information content provider, given that the information erroneously identifying Associated’s web site as a fraudulent phishing site came from a third-party vendor and Earthlink did not modify the list of phishing sites when it input the sites into its ScamBlocker database.
The District Court’s logic may be flawed. The opinion does not identify whether Earthlink itself created the message users saw on the Scam Alert page, or whether the third-party vendor who provided Associated’s internet address to Earthlink also created the message users saw. If Earthlink itself drafted the erroneous warning on the Scam Alert page, arguably Earthlink was doing more than re-publishing information provided by another information content provider.
0 Comments:
Post a Comment
<< Home