Another Spam Litigation Factory Unravels –- Beyond Systems v. Kraft
[Post by Venkat Balasubramani]
Beyond Systems, Inc. v. Kraft Foods, Inc., PJM 08-409 (D.Md. Aug. 12, 2013).
We keep blogging significant spam cases, but in recent years we’ve noted the decrease in spam litigation (perhaps owing to a shift in focus to other ills, such as text spam litigation). But a federal court in Maryland issued a blockbuster order unraveling the spam litigation operation of two brothers, Joe and Paul Wagner, and their entities Hypertouch, Inc. and Beyond Systems, Inc. (The order follows a jury trial which was held in 2012.) This is an absolutely devastating order that builds on Gordon v. Virtumundo, the 9th Circuit case that put an end to another spam plaintiff’s pioneering efforts. (See Eric’s post on that case: “An End to Spam Litigation Factories?–Gordon v. Virtumundo“.)
Background: As the post-trial order notes, Beyond sued Kraft under Maryland’s anti-spam law, for some 600,000 emails that were sent advertising Gevalia coffee. Beyond is an entity set up by Paul Wagner. Paul resides in the District of Columbia and had been pursuing junk fax litigation there. When Maryland passed an anti-spam law (one of the first of its kind, and which was the subject of a a First Amendment challenge) he saw this as a possible opportunity. Paul placed a computer in his parents’ home in Maryland. That computer would receive messages from Hypertouch, his brother’s entity in California. As the court notes, “[s]uspected spam would go through Joe’s Hypertouch servers in California, then be routed by Hypertouch’s routing tables to Paul at [Beyond] in Maryland.” Indeed, there was hunger on Beyond’s part for the emails from Hypertouch. At one point, Paul wrote to Joe complaining that Beyond was “not getting the spam . . . from [Joe’s] servers.” The judge continued:
The Wagner brothers’ focus on receiving as much spam as possible was dramatically portrayed by Paul’s frustration when he was not getting enough of it.
Interestingly, the court notes that Hypertouch and Beyond employed a “multi-jurisdictional strategy”. Hypertouch would sue in California, and then Beyond would sue in Maryland . . . over the same emails. They apparently took this route “in a number of cases, including lawsuits against Kennedy-Western University and World Avenue.” They also took the same route in this case. Hypertouch sued Kraft/Connexus (the alleged sender) and settled. (Here is Eric’s 2005 (!) post noting the filing of Hypertouch’s lawsuit against Kraft: “Hypertouch Inc. v. Kraft Foods Inc.–New CAN-SPAM Lawsuit“.) Beyond then sued in Maryland. Unfortunately for Beyond, Kraft and Connexus decided to fight back.
The court’s order delves somewhat into the finances of Beyond. In recent years, approximately 90% of its revenue was from litigation: “a total in excess of $1 million.” It did receive revenue from other sources over the years totaling $300,000. Paul Wagner testified that “all of [Beyond’s] activity sort of relates to litigation.” He spent 40 hours a week on lawsuits.
Beyond Lacks Standing: Not surprisingly, the court concludes that Beyond lacks standing. In order to have standing, the court says that Beyond has to satisfy both federal and state standing rules. With respect to state law standing requirements, the court posts the following question:
Can a company provide de minimis email and internet services while actually existing primarily to attract and trap spam and sue upon it, or, in order to qualify and sue, is the company obligated to provide substantial bona fide internet services . . . .
The Maryland statute says that an “interactive computer service provider” means an “information service, system, or access software provider that provides or enables computer access by multiple users to a computer service.” Looking at this definition, the court says that in order to sue under it, an entity must be a “bona fide” ISP—i.e., merely satisfying the technical requirements is insufficient. The court says that the statute’s concern with only remedying harms suffered by bona fide ISPs is apparent. The court also notes that using a looser definition implicates CAN-SPAM’s preemption:
Whether a professional plaintiff or a student who sets up as an internet service provider in the corner coffee shop [can] bring suit under statute statutes may well implicate preemption concerns under CAN-SPAM.
Allowing non-bona fide ISPs to assert claims under state spam laws would create the patchwork of state regulation that CAN-SPAM says should be avoided.
The court also says that Beyond failed to demonstrate any adverse impact, and thus it fails to satisfy the injury requirement of both state and federal standing rules. Beyond said that an ISP’s injury is irrelevant and the mere fact that spam was sent and received is all that is necessary to establish a violation under the statute. The court says that Maryland’s spam statute should not be construed—as Beyond suggests—to impose liability without harm. The court distinguishes the ValueClick case from California on the basis that there was no allegation or admission of manufactured harm there.
Finally, the court also invokes the principle of “volenti non fit injuria,” which translates into “the man who is the author of his own hurt has no right to complain”. (Apparently traced back to Aristotle, Roman law, and Justinian’s code.) Citing to Judge Gould’s concurrence in Virtumundo, the court says the “undisputed facts [in this case] show that [Beyond] consented to the alleged harm about which is complains.”
Yowza. This is an absolutely devastating order that I assume will put an end to Beyond’s (and maybe Hypertouch’s) litigation efforts. Kudos to Kraft and Connexus for, as the court notes, “going to the mattresses.” I would guess Beyond will appeal this ruling, but I can’t imagine the appeal garnering much sympathy.
There are lots of takeaways from this ruling (ranging from the importance of standing requirements to people’s ever-present willingness and enthusiasm to take advantage of litigation opportunities–if you build a statute, they will come). But I see two big ones.
First, statutory definitions are tough to get right in general and in particular in this setting. (Eric has posted on this a bunch, including recently with reference to state social media password laws. “Big Problems in California’s New Law Restricting Employers’ Access to Employees’ Online Accounts“.) Defining a service provider as anyone who provides “access by multiple users” may have sounded good when the Maryland statute was enacted, but is a pretty much meaningless definition today.
It’s also heartening overall to see the legal system’s ability to sniff out litigation factories. Beyond (and Hypertouch) have filed a lot of lawsuits over spam emails. These are emails that Beyond admitted in this trial were collected purposefully. In fact, taking their argument to its logical conclusion, they would be able to route “the same email . . . to every state that has an anti-spam statute” and then file lawsuits based on these emails in different jurisdictions. They generated a nice quantity of settlements, but ultimately someone decided to put up a fight, and in the ensuing trial, the facts came out. A lot of resources were spent (and settlements paid) along the way, but the system ultimately put an end to the litigation gravy train. Although the facts are slightly different, RIghthaven is another example of the system ferreting out an unworthy litigant. (In contrast to Righthaven, Beyond satisfied the technical requirements of the statute, so that’s a key difference between the two.)
[image credit: Shutterstock - Matthew Cole - "Illustration of a Honey Bee on a White Background"]