The closest analog would be antivirus software deciding your legitimate app was malware, but I can't find any lawsuits over that with some quick searching. Anyone remember one?
Punishing anti-malware software for false positives may feel like it could be warranted at times (at least in cases of anti-competitive actions or extreme incompetence), but it seems like it would set an extremely poor precedent. Even worse would be someone winning a case like "yes, there was malware, but you should have sent users though anyway."
Which kind of points to the reason why you probably won't see a case like this go far. Whether or not it's bad from the website's point of view, users chose to install a browser that blocks what it thinks are infected sites, and there's still the option (however small or hidden) to click through or disable the warning. There are also tools to figure out why you're blocked (I'm not sure about Microsoft or Opera's system, but I assume so), even if they can be annoyingly slow in internet time.
I don't think there's any more case than suing over a browser displaying a broken lock icon (or not loading a page at all) when you serve content over mixed secure and insecure connections, or warning that a self-signed certificate is untrusted and may be an attempt to hijack and redirect you.
Have you actually looked a twitter page that uses Twitpic? The text Chrome produces reads:
"Danger: Malware Ahead! Content from twitpic.com, a known malware distributor has been inserted into this page. Visiting this page now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion."
If this turns out to be a false positive, it certainly looks as though Google has committed a serious act of libel against a competitor by claiming that they are known to be malicious and involved in crime. Furthermore they prevented millions of customers from reaching another competitor (and partner of the first competitor) in order to deliver this message.
There's no mention of the possibility of there being a false positive, or how the conclusion was reached, or the general rate of false positives, or the fact that it's Google's opinion.
The fact that we assume it's an automated detection system doesn't absolve Google of responsibility for what they are communicating and the damage it can do to their competitors reputations.
If it does turn out to be a false positive, will Google contact all the people who saw that message to inform them that they were wrong?
You actually get two slightly different warnings, depending upon whether the content is embedded or not. If you go to Twitpic directly you'll see "Google has blocked access to twitpic.com for now", a generally more gentle warning than the one you cite (which you'll see if you're viewing embedded content instead).
It's interesting there are two warnings, only one of which seems to be potentially libelous (if it was a false positive, which at this point is uncertain, especially if the content came in from an ad network).
I doubt you'd consider it a "minor shortlived inconvenience" if Google informed millions of people that your business was a known distributor of malware.
Google can perfectly well block the malware without making such an accusatory statement. It's not a tradeoff, so I don't really know why you are defending them.
Security is sometimes a trade-off but in this case there is no trade-off involved. Google can just as easily block the malware without the potentially defamatory language.
The accuracy of the algorithm is utterly irrelevant.
The browser works on behalf of the user, not on behalf of the site operator. In the matter of keeping malware off the user's computer, nobody gives two shits what the site operator wants.
Punishing anti-malware software for false positives may feel like it could be warranted at times (at least in cases of anti-competitive actions or extreme incompetence), but it seems like it would set an extremely poor precedent. Even worse would be someone winning a case like "yes, there was malware, but you should have sent users though anyway."
Which kind of points to the reason why you probably won't see a case like this go far. Whether or not it's bad from the website's point of view, users chose to install a browser that blocks what it thinks are infected sites, and there's still the option (however small or hidden) to click through or disable the warning. There are also tools to figure out why you're blocked (I'm not sure about Microsoft or Opera's system, but I assume so), even if they can be annoyingly slow in internet time.
I don't think there's any more case than suing over a browser displaying a broken lock icon (or not loading a page at all) when you serve content over mixed secure and insecure connections, or warning that a self-signed certificate is untrusted and may be an attempt to hijack and redirect you.