AI Case Brief
Generate an AI-powered case brief with:
Estimated cost: $0.001 - $0.003 per brief
Full Opinion
James S. GORDON, Jr., an individual doing business as gordonworks.com, Plaintiff-Appellant,
v.
VIRTUMUNDO, INC., a Delaware corporation; Adknowledge, Inc., a Delaware corporation; and Scott Lynn, an individual, Defendants-Appellees.
United States Court of Appeals, Ninth Circuit.
*1044 Timothy J. Walton, Walton & Rose, LLP, Palo Alto, CA, for plaintiff-appellant James S. Gordon, Jr.
Derek Newman (argued), Randall Moeller, Newman & Newman, Attorneys at Law, LLP, Seattle, WA, and Michael R. Geroe, General Counsel, Adknowledge, Inc., Santa Monica, CA, for defendants-appellees, Virtumundo, Inc., Adknowledge, Inc., and Scott Lynn.
Shannon E. Smith, Deputy Attorney General, Robert M. McKenna, Attorney General of Washington, Seattle, WA, for Amicus Curiae State of Washington.
Jason K. Singleton, Richard E. Grabowski, Singleton Law Group, Eureka, CA, for Amicus Curiae ASIS Internet Services, Joel Householter, and Ritchie Phillips.
Before RONALD M. GOULD, RICHARD C. TALLMAN, and CONSUELO M. CALLAHAN, Circuit Judges.
Opinion by Judge TALLMAN; Concurrence by Judge GOULD.
TALLMAN, Circuit Judge:
This case addresses unsolicited commercial e-mail, more commonly referred to as "spam."[1] While ignored by most and reviled *1045 by some, spam is largely considered a nuisance and a source of frustration to e-mail users who, at times, must wade through inboxes clogged with messages peddling assorted, and often unwanted, products and services. The rising tide of spam poses an even greater problem to businesses, institutions, and other entities through network slowdowns, server crashes, and increased costs. At the same time, commercial enterprise has staked its claim within the online world. The Internet is a unique medium that offers legitimate businesses a low-cost means to promote themselves and their wares and in turn fosters competition in the marketplace. Both consumers and Congress have come to view e-mail, when fairly employed, as an established and worthwhile device in the toolbox of accepted marketing practices.
After individual states initially wrestled with properly balancing the benefits and burdens of commercial e-mail, Congress enacted legislation in an effort to curb the negative consequences of spam and spamming practices without stifling legitimate commerce. Through this opinion we review the federal statutory scheme of the Controlling the Assault of Non-Solicited Pornography and Marketing ("CAN-SPAM") Act of 2003, 15 U.S.C. § 7701 et seq., and assume the formidable task of determining the statutory standing requirements and the scope of federal preemption intended by Congress.
In the case before us, James S. Gordon, Jr. and his company, Omni Innovations, LLC ("Omni"),[2] sued Virtumundo, Inc., Adknowledge, Inc., and Scott Lynn, the sole shareholder of both companies, seeking injunctive relief and significant damages based on the receipt of thousands of commercial e-mails. Defendants are in the online marketing business and widely transmit e-mail advertisements and solicitations to potential consumers on behalf of third-party clients. In the parlance of our time, they are "spammers."
Based on a dense record developed through substantial discovery, the district court granted summary judgment in favor of Virtumundo, Adknowledge, and Lynn (collectively, "Virtumundo") on all of Gordon's claims. We have jurisdiction over Gordon's appeal pursuant to 28 U.S.C. § 1291. Having carefully and independently evaluated the issues in light of the evidence, we agree that summary judgment was proper and therefore affirm.
I
Gordon is the original registrant of the Internet domain "gordonworks.com," which he hosts on server space that Omni leases from GoDaddy, a domain registrar and web hosting company that also sells e-business related software and services, see http://www.godaddy.com. The GoDaddy service allows users to virtually access the server through an ordinary Internet connection—in Gordon's case, a broadband connection from Verizon. Through a virtual desktop called a "Plesk," Gordon is able to manage his domain. He can post content on the Internet, create new e-mail accounts, and set user names and log-on passwords. There are, of course, substantial restrictions regarding Gordon's usage of the leased server space.
It was through this vehicle that Gordon created a personal e-mail address: "jim@ gordonworks.com." Around September *1046 2003, Gordon created additional e-mail accounts through the gordonworks.com domain for about six friends and family members, which he monitored for "data collection" and "research purposes." Gordon registered jim@gordonworks.com and the gordonworks.com e-mail addresses of his "clients" in response to various online promotions and for numerous prize giveaways. Gordon estimates that, in doing so, he subscribed, or "opted in," to e-mail mailing lists somewhere between 100 and 150 times.[3]
Soon thereafter, these accounts began receiving e-mails from businesses marketing their goods and services. Some of these messages were transmitted by online marketers, such as Virtumundo, on behalf of their clients. At his instruction, Gordon's "clients" relinquished control of their e-mail accounts. They then set up their own domains through GoDaddy, which they housed on the server space leased by Omni. This enabled these individuals to create their own e-mail addresses "@" personalized domain names—e.g., "anthonycentral.com," "jaykaysplace.com," and "chiefmusician.net"—rather than gordonworks.com.
Gordon continued to maintain and monitor the abandoned gordonworks.com e-mail accounts. He described his ongoing efforts as "do[ing] research on the spam that comes through." At some later point, Gordon configured the e-mail server to provide an automated response to all commercial e-mail sent to gordonworks.com accounts. The response was titled "NOTICE OF OFFER TO RECEIVE UNSOLICITED COMMERCIAL EMAIL (SPAM)" and purported to consummate a "binding contract" by which the sender agreed to either cease and desist or pay Gordon $500 for each additional unsolicited e-mail subsequently delivered to the account. While he claims that online marketers, including Virtumundo, ignored his requests that all gordonworks.com e-mail addresses be removed from their mailing lists, Gordon does not provide evidence, apart from a general "belief," that he followed the "opt-out" procedure stated in the individual e-mail messages. Not surprisingly, the e-mail accounts continued to receive spam, which over time accumulated in the unused inboxes. At the time of his deposition in January 2007, these gordonworks.com e-mail accounts remained active. However, the only persons who actually used a gordonworks.com account were Gordon and his wife.
In 2004, Gordon began filing lawsuits in state and federal court against persons and companies who sent solicitations or advertisements to e-mail accounts hosted on Omni's leased server space. In February 2006, Gordon filed this lawsuit against Virtumundo in the Western District of Washington. He asserted various causes of action for violations of the CAN-SPAM Act, 15 U.S.C. § 7701 et seq., the Washington Commercial Electronic Mail Act ("CEMA"), Wash. Rev.Code § 19.190.010 et seq., the Washington Consumer Protection Act ("CPA"), Wash. Rev.Code § 19.86.010 et seq., and the Washington "Prize Statute," Wash. Rev.Code § 19.170.010 et seq. As relevant to this appeal, Gordon contends that Virtumundo sent, according to his most recent estimate, approximately 13,800 materially misleading or otherwise unlawful commercial e-mail messages to e-mail accounts hosted through gordonworks.com. Gordon sought injunctive relief, several millions of dollars *1047 in statutory and treble damages, and his attorney's fees and costs.[4]
In December 2006, the Honorable John C. Coughenour granted in part and denied in part Virtumundo's motion to dismiss for pleading deficiencies. The order dismissed Gordon's Prize Statute claims, in their entirety, and his CEMA and CPA claims to the extent they related to the gathering of "personally identifying information." Wash. Rev.Code § 19.190.080. The court gave leave to amend the complaint to cure pleading deficiencies, but Gordon never did so.
Virtumundo then moved for summary judgment on all remaining claims, which consisted of Gordon's CAN-SPAM Act claims and the surviving CEMA and CPA claims. By Order dated May 15, 2007, the district court granted the defense motion, see Gordon v. Virtumundo, Inc., No. 06-0204, 2007 WL 1459395 (W.D.Wash. May 15, 2007). Judge Coughenour concluded that both Gordon and Omni lacked standing to pursue a private action under the CAN-SPAM Act and that the state law claims failed as a matter of law based in part on federal preemption grounds.
Gordon alone now appeals this grant of summary judgment.[5]
II
We review a district court's grant of summary judgment de novo, and may affirm on any basis supported by the record. Burrell v. McIlroy, 464 F.3d 853, 855 (9th Cir.2006). Our review is governed by the same standard used by the trial court under Federal Rule of Civil Procedure 56. Adcock v. Chrysler Corp., 166 F.3d 1290, 1292 (9th Cir.1999). "Viewing the evidence in the light most favorable to the nonmoving party, we must determine whether there are any genuine issues of material fact and whether the district court correctly applied the relevant substantive law." Devereaux v. Abbey, 263 F.3d 1070, 1074 (9th Cir.2001) (en banc).
A determination of standing is a question of law that we review de novo, see Nat'l Res. Def. Council v. EPA, 542 F.3d 1235, 1244 (9th Cir.2008), as is a finding of federal preemption, see Indus. Truck Ass'n, Inc. v. Henry, 125 F.3d 1305, 1309 (9th Cir.1997).
III
A
We first turn to Gordon's CAN-SPAM Act claims. The CAN-SPAM Act became effective on January 1, 2004, and was enacted in response to mounting concerns associated with the rapid growth of spam e-mails. Congress determined:
(1) there is a substantial governmental interest in regulation of commercial electronic mail on a nationwide basis;
(2) senders of commercial electronic mail should not mislead recipients as to the source or content of such mail; and
(3) recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source.
15 U.S.C. § 7701(b).[6] The Act does not *1048 ban spam outright, but rather provides a code of conduct to regulate commercial e-mail messaging practices. Stated in general terms, the CAN-SPAM Act prohibits such practices as transmitting messages with "deceptive subject headings" or "header information that is materially false or materially misleading." See 15 U.S.C. § 7704(a)(1), (2). The Act also imposes requirements regarding content, format, and labeling. For instance, unsolicited e-mail messages must include the sender's physical postal address, indicate they are advertisements or solicitations, and notify recipients of their ability to decline further mailings. 15 U.S.C. § 7704(a)(5). Moreover, in order to comply with the Act, each message must have either a functioning return e-mail address or a comparable mechanism that allows a recipient to "opt out" of future mailings. 15 U.S.C. § 7704(a)(3).[7]
The CAN-SPAM Act's enforcement provision empowers the Federal Trade Commission, state attorneys general, and other state and federal agencies to pursue legal actions to enforce the Act's provisions. 15 U.S.C. § 7706(a), (b), (f). Congress also provided a limited private right of action, which states: A "provider of Internet access service adversely affected by a violation of" § 7704(a)(1), (b), or (d), or "a pattern or practice that violates" § 7704(a)(2) through (5) of the Act "may bring a civil action in any district court" to enjoin further violation by a defendant or to recover either actual or statutory damages, whichever is greater. 15 U.S.C. § 7706(g)(1). Statutory damages under the CAN-SPAM Act are substantial and can equal as much as $300 per unlawful e-mail.[8] 15 U.S.C. § 7706(g)(3). The Act also authorizes an award of attorneys' fees and costs against any party at the district court's discretion. 15 U.S.C. § 7706(g)(4).
Therefore, in any private action claiming CAN-SPAM Act violations, a threshold issue is whether the plaintiff satisfies the statutory standing requirements. On its motion for summary judgment, Virtumundo challenged Gordon's and Omni's ability to pursue a private action under § 7706(g)(1). The district court conducted a thorough analysis of the existing case law, the CAN-SPAM Act itself, and the legislative history. Based upon the well-developed facts of the summary judgment record, the district court concluded that Plaintiffs had not demonstrated adequate harm—i.e., an "adverse effect," as the district court called it—and therefore lacked standing with respect to these federal claims. Gordon, 2007 WL 1459395, at *8.
We agree that Gordon lacks standing to bring a private action under the CAN-SPAM Act. We commend the district court's pioneering analysis in this uncharted territory, and reach a similar conclusion based on our assessment of the CAN-SPAM Act's statutory standing requirement and the appellate record.
B
As recognized by several courts, the case law regarding the relevant legal standards *1049 under the CAN-SPAM Act is "scant," ASIS Internet Servs. v. Optin Global, Inc., No. 05-05124, 2008 WL 1902217, at *15 (N.D.Cal. Apr.29, 2008), and few courts have construed the standing provision, ASIS Internet Servs. v. Active Response Group, No. 07-6211, 2008 WL 2952809, at *2 (N.D.Cal. July 30, 2008). Neither we nor any of our sister circuits have comprehensively addressed this issue. We endeavor to do so here, at least in part.
1
We begin by acknowledging that the CAN-SPAM standing inquiry involves two general components: (1) whether the plaintiff is an "Internet access service" provider ("IAS provider"), and (2) whether the plaintiff was "adversely affected by" statutory violations. See, e.g., Brosnan v. Alki Mortgage, LLC, No. 07-4339, 2008 WL 413732, at *1-*2 (N.D.Cal. Feb.13, 2008). Beyond that, however, the statutory standing provision read as a whole is ambiguous—a point upon which all parties agree. We therefore employ familiar techniques of statutory construction to evaluate Congress's intent with regard to both components and their relation to one another.
While over time courts have developed various canons to assist with statutory interpretation, this "is an area in which absolutist rules do not [always] lead to sensible or accurate results." Mt. Graham Red Squirrel v. Madigan, 954 F.2d 1441, 1453 (9th Cir.1992). "[I]t is," after all, "the duty of a court in construing a law to consider the circumstances under which it was passed and the object to be accomplished by it." United States v. Curtis-Nev. Mines, Inc., 611 F.2d 1277, 1280 n. 1 (9th Cir.1980) (quoting United States v. Anderson, 9 Wall. 56, 76 U.S. 56, 65-66, 19 L.Ed. 615 (1869)); accord Callejas v. McMahon, 750 F.2d 729, 731 (9th Cir. 1984). Therefore, especially in this highly technical and evolving field, "[c]ommon sense not dogma is what is needed in order to explore the actual meaning of legislative enactments." Mt. Graham Red Squirrel, 954 F.2d at 1453.
There are a few points that heavily influence our analysis, which we identify at the outset. First, despite what Gordon and likeminded anti-spam enthusiasts might contend, the purpose of the CAN-SPAM Act was not to stamp spam out of existence. While Gordon is likely not alone in his deep-seated hostility toward spam and those who profit from it, there are beneficial aspects to commercial e-mail, even bulk messaging, that Congress wanted to preserve, if not promote. Indeed, the Act recognizes e-mail's value as a worthwhile commercial tool:
Electronic mail has become an extremely important and popular means of communication, relied on by millions of Americans on a daily basis for personal and commercial purposes. Its low cost and global reach make it extremely convenient and efficient, and offer unique opportunities for the development and growth of frictionless commerce.
15 U.S.C. § 7701(a)(1); see also S.Rep. No. 108-102, at 2 (2003), as reprinted in 2004 U.S.C.C.A.N. 2348, 2349 ("Unlike direct mail delivered through the post office to consumers, [e-mail] can reach millions of individuals at little to no cost and almost instantaneously."). The tailored regulations, which target deceptive and predatory practices and attempt to alleviate the negative effects of spam without unduly stifling lawful enterprise, embody the fine balance struck by Congress.
Second, Congress conferred standing only on a narrow group of possible plaintiffs: the Federal Trade Commission, certain state and federal agencies, state attorneys general, and IAS providers adversely affected by violations of the CAN-SPAM *1050 Act. See 15 U.S.C. § 7706(a), (b), (f), (g). The decision to restrict the right of action does not reflect an indifference or insensitivity to the effects of spam on consumers. The contrary is true. The CAN-SPAM Act's express findings and legislative history are littered with references to the burdens shouldered by individuals, businesses, and other institutions. The Act itself recognizes the "costs to recipients ... for the storage of [unsolicited commercial e-mail], or for the time spent accessing, reviewing, and discarding such mail, or both." 15 U.S.C. § 7701(a)(3). We surmise that Congress's intent was to limit enforcement actions to those best suited to detect, investigate, and, if appropriate, prosecute violations of the CAN-SPAM Act—those well-equipped to efficiently and effectively pursue legal actions against persons engaged in unlawful practices and enforce federal law for the benefit of all consumers.
Third, our review of the congressional record reveals a legitimate concern that the private right of action be circumscribed and confined to a narrow group of private plaintiffs: "[Section 7706](g) provides for a limited right of action by bona fide Internet service providers." 150 Cong. Rec. E72-02 (Jan. 28, 2004) (remarks of Rep. Dingell) (emphasis added); accord id. at E73-01 (remarks of Rep. Tauzin). It is perhaps a sad reality that Congress must specify a bona fide IAS provider, as possibly distinct from a non-genuine IAS provider. But this demonstrates to us that lawmakers were wary of the possibility, if not the likelihood, that the siren song of substantial statutory damages would entice opportunistic plaintiffs to join the fray, which would lead to undesirable results. While Congress did not intend that standing be limited to fee-for-service operations,[9] we think it did intend to exclude plaintiffs who, despite certain identifying characteristics, did not provide the actual, bona fide service of a legitimate operation. See 150 Cong. Rec. E72-02 ("[W]e intend that Internet access service providers provide actual Internet access service to customers."). We believe that Congress's clear intention to restrict private action remains of great importance and guides the proper standing analysis.
Fourth and finally, we must factor into the calculus the unique nature of the subject matter at issue. Especially in this arena, the engine of innovation moves far more quickly and nimbly than the methodical pace of legislation. That is readily apparent here. In the few years since the CAN-SPAM Act became effective, the uses of the Internet and the prevalence and variety of available online services have multiplied exponentially. The marketplace has developed a panoply of related products and services not available when Congress authored the federal legislation. Significantly, no longer are typical Internet users primarily limited to accessing e-mail accounts and searching for content or information. With the rise of social networking sites, blogs, and other user-driven websites, the ability to post content on the Internet or to create forums for others to do so is no longer a privilege reserved for the technologically savvy or the financially elite. The rate of development will only accelerate. As this inevitably occurs and the gateway to the online world further widens for the masses, courts should be mindful that the lines Congress intended to draw when *1051 drafting the statutory text might lose clarity.
With these principles in mind, we apply a standing analysis that encapsulates Congress's will when it provided a limited private right of action.
2
We first address whether Gordon is a "provider of Internet access service" who, if adversely affected by a statutory violation, has private standing to bring CAN-SPAM Act claims. The CAN-SPAM Act defines "Internet access service" by reference to the Communications Act, see 15 U.S.C. § 7702(11), which provides:
The term "Internet access service" means a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.
47 U.S.C. § 231(e)(4). We have not previously spoken "as to who is an `Internet access service' provider" within the meaning of the CAN-SPAM Act, see Ferguson v. Quinstreet, Inc., No. 07-5378, 2008 WL 3166307, at *5 (W.D.Wash. Aug.5, 2008), and note the ambiguity of this statutory definition.
District courts in our circuit have interpreted the definition of "Internet access service" broadly to encompass a wide range of services, and not merely traditional Internet Service Providers ("ISPs")—i.e., the service that connects customers to the Internet itself. See Hypertouch, Inc. v. Kennedy-Western Univ., No. 04-05203, 2006 WL 648688, at *3 (N.D.Cal. March 8, 2006) (stating that "a provider of e-mail service alone, without any other services, qualifies" as an IAS provider under the CAN-SPAM Act). For instance, one such court reasoned that, although the definition "appears primarily to contemplate services that provide consumers their initial connection point to the Internet, the language is broad enough to encompass entities such as Facebook," a popular social networking site, "that provide further access to content and communications between users for persons who may initially access the Internet through a conventional [ISP]." Facebook, Inc. v. ConnectU LLC, 489 F.Supp.2d 1087, 1094 (N.D.Cal.2007); see also MySpace, Inc. v. The Globe.com, Inc., No. 06-3391, 2007 WL 1686966, at *3 (C.D.Cal. Feb.27, 2007) (holding that MySpace had standing under the CAN-SPAM Act and interpreting the definition of "Internet access service" broadly to "include[] traditional [ISPs], any email provider, and even most website owners"). Gordon claims IAS-provider status, asserting that through the gordonworks.com domain and the leased server space he enables users to access Internet content and e-mail. On a superficial level, this proposition is hard to dispute. In the most general terms, a "service that enables users to access" online content or e-mail could encompass the proprietor of an Internet coffee shop or, as one district court suggested, "any person who allows another person to use their computer to access the Internet," Ferguson, 2008 WL 3166307, at *5. Indeed, at some level, common utility services play a role in enabling users to access Internet content. Without question, this was not what Congress intended when it was defining the private right of action.
While we agree that statutory standing is not limited to traditional ISPs, we reject any overly broad interpretation of "Internet access service" that ignores congressional intent. Contrary to Gordon's suggestion, providing e-mail accounts cannot alone be sufficient. Many employers and institutions, for example, provide their employees *1052 or members with e-mail accounts and service—including our court. The findings codified in the statute note Congress's concern pertaining to the growth of unsolicited commercial e-mail and its imposition of "monetary costs on providers of Internet access services," which have standing to sue, as well as on "businesses, and educational and nonprofit institutions that carry and receive such mail." 15 U.S.C. § 7701(a)(6). Clearly, Congress viewed IAS providers as distinct from entities that merely "carry [or] receive such mail." Standing under the CAN-SPAM Act requires more. See, e.g., White Buffalo Ventures, LLC v. Univ. of Texas at Austin, 420 F.3d 366, 373 (5th Cir.2005) ("[W]e are hard-pressed to find that providing email accounts and email access does not bring [the University of Texas] within the statutory definition ...." (emphasis added)). There may well be a technical or hardware component implicit in the definition. But, we find the parties' briefing on the topic inadequate to reach an informed decision here. Because it is not necessary to our holding, we decline this opportunity to set forth a general test or define the outer bounds of what it means to be a provider of "Internet access service."
Nevertheless, we conclude that Gordon does not fit any reasonable definition of "Internet access service" provider. Gordon is a registrant of a domain name, which he, through Omni, hosts on leased server space. He neither has physical control over nor access to the hardware, which GoDaddy owns, houses, maintains, and configures. From our review of the record, Gordon's service appears to be limited to using his "Plesk" control panel, which he accesses via an ordinary Internet connection through an ISP, to set up e-mail accounts and log-in passwords and to execute other administrative tasks. Verizon enables his online access. GoDaddy provides the service that enables ordinary consumers to create e-mail accounts, register domain names, and build personalized web pages. Gordon has simply utilized that service for himself and on behalf of others. It matters not that he entered the keystrokes or clicked the mouse. Nor is it relevant that he created gordonworks.com e-mail addresses for family and friends, and not merely himself. While Verizon and GoDaddy might have a compelling argument that they are IAS providers within the meaning of the CAN-SPAM Act, Gordon's claim that he holds such elite status is unconvincing.
In addition to his nominal role in providing Internet-related services, we are also troubled by the extent to which Gordon fails to operate as a bona fide e-mail provider. As discussed in greater detail below, Gordon has purposefully avoided taking even minimal efforts to avoid or block spam messages. Instead, Gordon devotes his resources to adding his "clients'" e-mail addresses to mailing lists and accumulating spam through a variety of means for the purpose of facilitating litigation.
Gordon's arguments of technical compliance with this standing component, without any regard for the overarching congressional purpose, are not compelling. The record here is sufficiently developed. We hold that Gordon is not an "Internet access service" provider within the meaning of the CAN-SPAM Act.
3
We next turn to the "adversely affected by" component of the CAN-SPAM Act's standing inquiry. Gordon has undoubtedly encountered a large volume of commercial e-mail. This, however, is not enough to establish statutory standing. In order to pursue a private right of action, an IAS provider must demonstrate that it has been "adversely affected by a violation of... or a pattern or practice that violates" the Act. 15 U.S.C. § 7706(g)(1) (emphasis *1053 added). As with other issues on this appeal, we find little guidance in existing case law as to the meaning of the nebulous text.
a
The CAN-SPAM Act itself does not delineate the types of harm suggested by the "adversely affected by" language. The district court, acknowledging this ambiguity, confronted the question by reference to traditional methods of statutory interpretation and ultimately concluded that the harm "must be both real and of the type uniquely experienced by IASs for standing to exist." Gordon, 2007 WL 1459395, at *7 (emphasis added).[10] To our knowledge, all courts that have addressed the issue have similarly concluded that the type of harm envisioned by Congress did not encompass the ordinary inconveniences experienced by consumers and end users. See Active Response, 2008 WL 2952809, at *5. We have considered the statutory text and the legislative record, and we agree.
It is notable that Congress conferred standing only on adversely affected IAS providers, but not adversely affected consumers. Logically, the harms redressable under the CAN-SPAM Act must parallel the limited private right of action and therefore should reflect those types of harms uniquely encountered by IAS providers. The Committee Report identified the cost of "investing in new equipment to increase capacity and customer service personnel to deal with increased subscriber complaints ... [and] maintaining e-mail filtering systems and other anti-spam technology on their networks to reduce the deluge of spam" as undesirable consequences facing the typical ISP. S.Rep. No. 108-102, at 6. "All courts that have construed the statute" have similarly defined the harms upon which standing may be predicated to include "network crashes, higher bandwidth utilization, and increased costs for hardware and software upgrades, network expansion and additional personnel." Active Response, 2008 WL 2952809, at *5. We conclude that these sorts of ISP-type harms are what Congress had in mind.[11]
We do not purport to enumerate each and every harm that might satisfy the CAN-SPAM Act's standing provision. Nor do we suggest that the list is finite. At minimum, however, the harm must be both real and of the type experienced by ISPs. While the harm need not be significant *1054 in the sense that it is grave or serious, the harm must be of significance to a bona fide IAS provider—something beyond the mere annoyance of spam and greater than the negligible burdens typically borne by an IAS provider in the ordinary course of business. In most cases, evidence of some combination of operational or technical impairments and related financial costs attributable to unwanted commercial e-mail would suffice. See Hypertouch, 2006 WL 648688, at *4 (finding evidence of "decreased server response and crashes," "higher bandwidth utilization," and "expensive hardware and software upgrades" sufficient harm for statutory standing).
Courts must of course be careful to distinguish the ordinary costs and burdens associated with operating an Internet access service from actual harm. We expect a legitimate service provider to secure adequate bandwidth and storage capacity and take reasonable precautions, such as implementing spam filters, as part of its normal operations. Courts should take an especially hard look at the cited harm if it suspects at the outset that a plaintiff is not operating a bona fide Internet access service, as is the case here.
Defining the type of harm required for CAN-SPAM Act standing is, however, only one part of the equation. Section 7706(g)(1) also inquires whether the contemplated harm is attributable to the type of practices circumscribed by the Act—i.e., whether an IAS provider was adversely affected by misconduct. After all, network slowdowns, server crashes, increased bandwidth usage, and hardware and software upgrades bear no inherent relationship to spam or spamming practices. On the contrary, we expect these issues to arise as a matter of course and for legitimate reasons as technology, online media, and Internet services continue to advance and develop. Therefore, evidence of what could be routine business concerns and operating costs is not alone sufficient to unlock the treasure trove of the CAN-SPAM Act's statutory damages.
To give the statutory text meaning there must be, at bare minimum, a demonstrated relationship between purported harms and the type of e-mail practices regulated by the Act—i.e., a showing that the identified concerns are linked in some meaningful way to unwanted spam and, in turn, represent actual harm. The e-mails at issue in a particular case must, at the very least, contribute to a larger, collective spam problem that caused ISP-type harms.[12]
*1055 We note, in passing, that the threshold of standing should not pose a high bar for the legitimate service operations contemplated by Congress. In some civil actions—where, for example, well-recognized ISPs or plainly legitimate Internet access service providers file suit—adequate harm might be presumed because any reasonable person would agree that such entities dedicate considerable resources to and incur significant financial costs in dealing with spam. See S.Rep. No. 108-102, at 2-3 (recounting reports by America Online, Microsoft, and Earthlink regarding the effects of increasing volumes of spam). Where, by comparison, a private plaintiff's status as an IAS provider is questionable and reasonably contested, courts should not only inquire into the plaintiff's purported Internet-related service operations but also closely examine the alleged harms attributable to spam. We have confidence in our district courts to review the individual characteristics of the plaintiffs on a case-by-case basis and make a reasoned decision whether a purported IAS provider is truly the type of bona fide IAS provider adversely affected by commercial e-mail messaging that Congress envisioned when it enacted the CAN-SPAM Act.
b
In opposition to Virtumundo's summary judgment motion, Gordon argued that he had been adversely affected by spam because he and his "clients" had been "forced to wade through thousands of e-mails sent by" Virtumundo that "clogged" his service. Applying the proper interpretation of the CAN-SPAM Act's standing provision, we conclude that Gordon also fails the "adversely affected by" component. It is readily apparent that Gordon, an individual who seeks out spam for the very purpose of filing lawsuits, is not the type of private plaintiff that Congress had in mind when it fashioned § 7706(g)(1)'s standing provision. While many anti-spam enthusiasts may applaud his zealous counter-attack against alleged spammers, Gordon's passion for the cause does not displace the will of Congress in drafting a narrow private right of federal action.
Gordon has failed to argue, let alone come forth with evidence, that, even if he was an IAS provider, he has suffered any real harm contemplated by the CAN-SPAM Act. He has not hired additional personnel, nor has he experienced technical concerns or incurred costs that can be necessarily attributed to commercial e-mail. It is also compelling that Gordon purposefully refuses to implement spam filters in a typical manner or otherwise make any attempt to block allegedly unwanted spam or exclude such messages from users' e-mail inboxes. In fact, Gordon acknowledges that he was able to "blacklist" domain names at the server level, so that the GoDaddy server would reject e-mails from online marketers such as Virtumundo. Still, even without taking even basic precautions, he has not "come close" to using the 500 gigabytes of bandwidth available to him through GoDaddy. He has presented nothing beyond the negligible burdens typically experienced by bona fide IAS providers. As the district court concluded, Gordon has "suffered no harm related to bandwidth, hardware, Internet connectivity, network integrity, overhead costs, fees, staffing, or equipment *1056 costs." Gordon, 2007 WL 1459395, at *8. Indeed, given his heavy dependence on the services and hardware of third parties, it would be difficult, if not impossible, for him to incur many of these harms.[13]
Gordon's claimed harms almost exclusively relate to litigation preparation, not to the operation of a bona fide service. Gordon made no real effort to avoid, block, or delete commercial e-mail, but instead has voluntarily assumed the role of a spam sleuth. He expends time and resources seeking out and capturing massive volumes of spam, which he collects and then organizes for use in his prolific lawsuits. He admits setting up domains as "spam traps" with the sole purpose of snagging as many e-mail marketing messages as possible. The record reveals that gordonworks.com was one such trap. He is not alone in his litigation enterprise. His "clients" also use their personalized domains to gather commercial e-mails, which they then send to Gordon in enormous unsorted batches of 10,000 to 50,000 messages to fuel his various anti-spam lawsuits.[14] In exchange, Gordon's "clients" share in settlement proceeds. Gordon apportions the bounty according to each individual's contribution to the particular lawsuit—i.e., the number of e-mails provided to Gordon for use against a specific defendant.
Gordon admits operating an anti-spam business, which entails, in his words, "[n]otifying spammers that they're violating the law" and filing lawsuits if they do not stop sending spam.[15] As Gordon concedes, he is a professional plaintiff. Reply Br. of Appellant at 5. Since at least 2004, Gordon has held no employment. He has never been compensated for any of his purported Internet services, and his only income source has come from monetary settlements from his anti-spam litigation campaign. Likewise, his company, Omni, generates no revenue and is financed strictly through these lawsuits against e-mail marketers. While the term "professional," as in "professional plaintiff," is not a "dirty word," see Murray v. GMAC Mortgage Corp., 434 F.3d 948, 954 (7th Cir.2006), and should not itself undermine one's ability to seek redress for injuries suffered, Gordon's status is uniquely relevant to the statutory standing question here. Cf. Hypertouch, 2006 WL 648688, at *4 n. 2 (rejecting defendant's argument that Hypertouch was a "professional plaintiff" that entered the ISP business for the sole purpose of bringing anti-spam lawsuits).
*1057 Because we are tasked with determining whether Gordon has been adversely affected by conduct regulated by the CAN-SPAM Act, it is highly significant that the burdens Gordon complains of are almost exclusively self-imposed and purposefully undertaken. Here, Gordon acknowledges that he benefits from the receipt of spam through his research and monetary settlements. The fact that Gordon derives substantial financial benefit but endures no real ISP-type harm from commercial e-mail, coupled with his unusual efforts to seek out and accumulate—rather than avoid or block—spam, demonstrates that he has not been adversely affected by alleged violations of the federal act in any cognizable way.
We do not discount the harmful effects spam and spamming practices, both lawful and unlawful, have upon businesses and consumers, and we recognize the need of bona fide IAS providers, both small and large, for a legal remedy against law-breaking spammers. We, like Congress, are sympathetic to legitimate operations hampered by a deluge of unwanted e-mail marketing. Our record, however, conclusively demonstrates that this is not the case before us. Gordon has created a cottage industry where he and his "clients" set themselves up to profit from litigation. The CAN-SPAM Act was enacted to protect individuals and legitimate businesses—not to support a litigation mill for entrepreneurs like Gordon.
As discussed above, it is undisputed that Gordon encounters huge quantities of commercial e-mail. Nevertheless, he is neither a bona fide IAS provider nor has he been adversely affected by alleged violations of the CAN-SPAM Act. We conclude that Gordon lacks standing to pursue claims under § 7706(g)(1), and affirm the district court's summary judgment dismissal of all his federal claims.
IV
Gordon also appeals the adverse summary judgment dismissing his claims for alleged violations of CEMA, Washington's statute regulating commercial e-mail messages. See Wash. Rev.Code § 19.190.010 et seq. Like many other states, Washington has enacted legislation that seeks to curb e-mail abuses. CEMA states in relevant part:
(1) No person may initiate the transmission, conspire with another to initiate the transmission, or assist the transmission, of a commercial electronic mail message from a computer located in Washington or to an electronic mail address that the sender knows, or has reason to know, is held by a Washington resident that:
(a) Uses a third party's internet domain name without permission of the third party, or otherwise misrepresents or obscures any information in identifying the point of origin or the transmission path of a commercial electronic mail message; or
(b) Contains false or misleading information in the subject line.
Wash. Rev.Code § 19.190.020. The statute also prohibits certain practices aimed at inducing a person to reveal personally identifying information. Wash. Rev.Code § 19.190.080. Like its federal counterpart, CEMA provides for sizeable statutory damages or actual damages, whichever is greater.[16] Wash. Rev.Code § 19.190.040.
*1058 A
At the outset, we must frame the issue as it comes to us. First, Virtumundo does not contest Gordon's standing to bring CEMA claims. In contrast to the more restrictive standing requirement of the CAN-SPAM Act, CEMA authorizes a recipient of a commercial e-mail message or an "interactive computer service" to bring a private action. Id.
Of Gordon's various CEMA claims on appeal, only his claim relating to allegedly deficient headers requires detailed discussion. Gordon has no viable CEMA claim based on the body of the e-mail messages at issue. Unlike the CAN-SPAM Act, CEMA "does not regulate the body of the e-mail." State v. Heckel, 122 Wash.App. 60, 93 P.3d 189, 194 (2004), review denied, 153 Wash.2d 1021, 108 P.3d 1229 (2005) ("Heckel II"). Similarly, the state statute does not purport to regulate "opt-out" mechanisms. Therefore, Gordon's CEMA claims, by nature of the state statute, are limited to the information contained in the e-mail headers and subject lines.
We further conclude, however, that summary judgment was properly granted on Gordon's claim that Virtumundo's e-mail subject lines are deceptive. In opposition to Virtumundo's summary judgment motion, Gordon failed to identify or describe any specific e-mail or subject line text and simply countered that "Gordon contests" the position that the subject lines are not misleading. Gordon does not attempt to better articulate this claim on appeal.
The "party opposing summary judgment must direct [the court's] attention to specific, triabl