All Things Newz
Law \ Legal

App Store Protected By CDA Immunity (and Limitation Of Liability) For Losses From Fraudulent Crypto Wallet App – Fin Tech


Background

The issue of fraudulent crypto-related mobile apps has received
much attention of late. Back in July 2022, the FBI issued a notice, warning financial institutions and
investors about instances where criminals created spoofed
cryptocurrency wallet apps to trick consumers and steal their
cryptocurrency. There have also been reports of phishing websites
that attempt to trick consumers into entering credentials, thereby
enabling hackers to access victims’ crypto wallets. In response
to these developments, Senator Sherrod Brown recently sent a letter to Apple, among others, expressing his
concern about fraudulent cryptocurrency apps and asking for more
information about the particulars of Apple’s process to review
and approve crypto apps for inclusion in the App Store.

In a recent ruling, a California district court held that Apple,
as operator of that App Store, was protected from liability for
losses resulting from that type of fraudulent activity. (Diep v. Apple Inc., No. 21-10063
(N.D. Cal. Sept. 2, 2022)). This case is important in that, in a
motion to dismiss, a platform provider was able to use both
statutory and contractual protections to avoid liability for the
acts of third party cyber criminals.

The Facts and Decision

The case involved claims brought by a putative class of users
who downloaded a fraudulent third party digital wallet app that
allowed hackers to steal users’ cryptocurrency. An App Store
user alleged that she downloaded the fraudulent app that spoofed a
legitimate app and, during registration, she typed in her personal
information and linked her cryptocurrency to the app by inputting
her private key. Plaintiff soon discovered her cryptocurrency was
gone and her account deleted, and subsequently learned that the
digital wallet app she had downloaded was really a phishing program
created for the sole purpose of stealing users’ crypto and
routing it to the hackers’ personal accounts.

Plaintiff sought to hold Apple liable for its role in vetting
and making the fraudulent app available in the App Store. In
September 2021, Plaintiff brought the putative class action against
Apple, as operator of the App Store, alleging claims under various
federal laws, including the Computer Fraud and Abuse Act (CFAA), as
well as under state consumer protection laws. Plaintiff generally
asserted that Apple was liable in authorizing and distributing a
fraudulent app in its App Store while representing that its App
Store is “a safe and trusted place” and that Apple
ensures “that the apps we offer are held to the highest
standards for privacy, security, and content….”

Apple moved to dismiss the amended complaint on a number of
grounds, including that it was immune under CDA Section 230 for its
conduct in hosting the third party digital wallet app and that the
limitation of liability provision within its terms of service
negated Plaintiff’s claims related to third party apps. The
court granted the motion to dismiss, holding that in
fact, Apple was protected by Section 230 of the Communications
Decency Act (“CDA”) from such liability. Beyond failing
to convince the court that Apple’s actions fell outside CDA
Section 230, Plaintiff was also unsuccessful in overcoming the
argument that the limitation of liability clause in Apple’s
terms was enforceable with respect to the various claims.

The Communications Decency Act

Section 230 of the CDA states that “[n]o provider or user
of an interactive computer service shall be treated as the
publisher or speaker of any information provided by another
information content provider.” 47 U.S.C. § 230(c)(1). As
courts uniformly recognize, the CDA immunizes online services
against all kinds of claims for third-party content that they
publish.

After easily determining the App Store is an “interactive
computer service” under the CDA, the court had to determine
whether Plaintiff’s claims attempted to treat Apple as a
publisher or speaker with respect to content on the App Store.
Courts have generally found that publishing activity includes
reviewing, editing, and deciding whether to publish or to withdraw
from publication third-party content, and here, the court found
that Apple’s review and authorization of the crypto app for
distribution on the App Store was “inherently publishing
activity.”

Under the final prong of the CDA, the court quickly found the
published material (i.e., the crypto app) was not developed by
Apple but was provided by another content provider. The plaintiffs
argued that a statutory exception to the CDA for enforcement of
federal criminal statutes (47 U.S.C. § 230(e)(1)) should apply
to civil claims under federal statutes which provide for both civil
and criminal causes of action, including the CFAA; however, the
court stated that it was well-settled that § 230(e)(1)’s
limitation on CDA immunity extends only to criminal prosecutions,
and not to civil actions based on criminal statutes

As for the plaintiffs’ state law consumer protection claims,
the court ruled that as asserted, the claims were insufficiently
pled and, in any event, essentially sought to hold Apple liable for
its publication of the crypto app, conduct already protected by CDA
Section 230.

The court also found an alternative basis for dismissal, ruling
that the limitation of liability contained in Apple’s terms,
which provides that the company is not liable for damages
“arising out of or related to use of” third-party apps,
was enforceable as against plaintiff’s claims stemming from
harms caused by third party apps.

Final Thoughts

Advances in distributed ledger technology for financial services
have led to dramatic growth in markets and services related to
cryptocurrency and digital assets in general. While this brings the
potential of welcome financial innovations, it also opens new
avenues for cyber criminals to perpetuate financial scams and
theft, including through spoofed crypto apps and phishing
sites.

This case suggests that at least under facts such as these,
interactive platforms shall not be the source of a remedy for every
person or business that is defrauded through a third party
application available on their platforms. A different result might
impair the ability to do business as a platform provider. The case
is also a more general reminder that CDA Section 230 can be a
powerful shield that protects against liability for many types of
third party content.

The case further highlights the importance of a well-drafted
limitation of liability clause in user agreements.

The case also highlights that providers of all types of
interactive services must be very careful in making statements
regarding the security of user data. While Apple was able to avoid
liability in this case, a slightly different set of facts could
possibly have resulted in a different outcomes on some of the
issues in this case.

Finally, given the realities of the world of digital fraud in
which we live, this case emphasizes that investors must exercise
great vigilance before downloading any digital wallet app or
inputting their e-wallet credentials into any application.


App Store Protected by CDA Immunity (and Limitation of Liability)
for Losses from Fraudulent Crypto Wallet App

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.



Source link

Related posts

How is the ATO impacting insolvencies within the building and construction industries? – Insolvency/Bankruptcy

When Do Secured Lenders Have To Pay For Operating Expenses? – Landlord & Tenant – Leases

12 Patents Surrounding Automobile Transactions Found Ineligible Under Section 101 – Patent