WYNN, Circuit Judge:
In the late 1990s and early 2000s, legislatures across the country became increasingly concerned about unwanted commercial e-mail colloquially known as "spam." By 2004, thirty-five states had enacted some form of anti-spam legislation, though as might be expected each addressed the problem somewhat differently. See Roger Ford, Preemption of State Spam Laws by the Federal CAN-SPAM Act, 72 U. Chi. L.Rev. 355, 363 (2005). Among the common provisions in these statutes were the creation of private rights of action for internet service providers and large statutory damage provisions.
In this case, ostensible internet service provider Beyond Systems, Inc. seeks statutory damages from Kraft Foods, Inc. and Connexus Corporation under California's and Maryland's anti-spam statutes based upon several hundred e-mails which it alleges were unlawful spam. The district court summarily ruled that Beyond Systems consented to the harm underpinning its anti-spam claims and is therefore barred from recovery. We affirm the district court's judgment on this ground.
Beyond Systems is a Maryland corporation that provides at least a modicum of e-mail and server access to a limited number of clients. Paul Wagner owns Beyond Systems, whose servers are housed in his parents' Maryland residence. Paul's brother, James Joseph ("Joe") Wagner, owns Hypertouch, Inc., a nominal internet service provider in California that routes spam e-mails to Beyond Systems' Maryland servers, where they are cached in accounts designed to hold spam e-mails.
Hypertouch and Beyond Systems have histories of suing alleged spammers. To further its litigation strategy, Beyond Systems developed web pages with hidden e-mail addresses — that is, e-mail addresses embedded in the code that generates the webpages that are not visible to website visitors. The hidden e-mail addresses are discovered by "spam crawlers," computer programs spammers use to look for e-mail addresses and subscribe them to e-mail lists. Because only spam crawlers can find these hidden e-mail accounts, Beyond Systems uses them as "spam traps." As a result, spam-trap-based litigation has accounted for 90% of Beyond Systems' income in recent years.
Unlike other internet service providers that routinely try to block e-mail accounts from spam, Beyond Systems does nothing to filter or block spam e-mail. Further, Beyond Systems has increased its storage capacity to archive large volumes of spam messages, retaining them specifically to provide grounds for litigation.
Similar to Beyond Systems, Hypertouch operated in California with the same purpose of maximizing on spam-trap-based litigation. Pertinent to the issues in this matter, in 2005, Hypertouch sued Kraft under California's anti-spam law based on e-mails it received regarding Gevalia coffee, a Kraft brand. These e-mails allegedly had false headers, including incorrect "From" addresses, misleading subject lines, and other deficiencies which Hypertouch claimed violated California's law. Under a settlement agreement reached in that litigation, Hypertouch, on behalf of itself and its assignees, specifically disclaimed all rights it had to any causes of action based on the Gevalia e-mails sent to that point and agreed to cooperate with Kraft in identifying future e-mails that might violate California law.
In 2008, Beyond Systems brought Maryland and California state-law claims against Kraft and Connexus in the United States District Court for the District of Maryland. Beyond Systems alleged that it received a large volume of e-mails regarding Kraft's Gevalia coffee in violation of California's and Maryland's anti-spam statutes. Many of these e-mails were exactly the same ones that formed the basis of Hypertouch's 2005 suit.
After discovery concluded, the district court granted partial summary judgment in favor of Kraft on "any claims based on the same e-mails that were the subject of Hypertouch's June 29, 2006 Settlement Agreement with Kraft" and "any claims based on e-mails sent directly to Hypertouch after the Settlement Agreement, where Hypertouch failed to notify Kraft within twenty days of receipt." J.A. 655. Additionally, the district court granted partial summary judgment as to any e-mails barred by California's one-year statute of limitations.
The district court then bifurcated the trial on the remaining e-mails into a "liability" proceeding and a "damages" proceeding. Beyond Sys., Inc. v. Kraft Foods, Inc., 972 F.Supp.2d 748, 754 (D.Md.2013). During the liability proceeding, the district court held a jury trial, split into two phases, to determine whether Beyond Systems had standing to sue. Id.
The first phase presented the jury with the question as to whether Beyond Systems was an internet service provider (or its state law equivalent). This phase presented none of Beyond Systems' litigation activities, but instead focused exclusively on those services it provided to its customers, where its servers were housed, and other business-related activities. 972 F.Supp.2d at 754. The jury found that, according to this evidence, Beyond Systems was an internet service provider under California and Maryland law.
The second phase presented evidence of Beyond Systems' litigation activities, including its relationship to Hypertouch and the percentage of its revenue derived from anti-spam litigation, and asked the jury if the Appellant was a "bona fide" internet service provider. The jury found that it was not. Therefore, the district court determined as a matter of law, inter alia, that Beyond Systems had invited its own purported injury and thus could not recover for it. On appeal, we review this issue of law de novo. Wilson v. Dollar Gen. Corp., 717 F.3d 337, 342 (4th Cir.2013).
As an initial matter, we are bound to address the subject matter jurisdiction issue of whether Beyond Systems had Article III standing. Steel Co. v. Citizens for a Better Env't, 523 U.S. 83, 88-102, 118 S.Ct. 1003, 140 L.Ed.2d 210 (1998) (recognizing that standing to maintain a suit
To have standing, a party must allege that it suffered a "concrete" harm, there must be "a fairly traceable connection between the plaintiff's injury and the complained-of conduct of the defendant[,]" and the harm must be redressable. Id. at 103, 118 S.Ct. 1003 (internal quotation marks and citations omitted). The Supreme Court has also cautioned that the "absence of a valid ... cause of action" does not implicate the court's "power to adjudicate the case," id. at 89, 118 S.Ct. 1003, and we therefore take care not to conflate a standing inquiry with a merits inquiry.
Doing so here, we conclude that Beyond Systems had Article III standing. It claimed a harm — receiving spam e-mail — and Maryland and California law create an interest in being free from such harm. See, e.g., Cantrell v. City of Long Beach, 241 F.3d 674, 684 (9th Cir.2001) ("state law can create interests that support standing in federal courts"); Md.Code §§ 14-3002, 14-3003; Cal. Bus. and Prof. Code § 17529.5. Beyond Systems contended that Defendants sent false and deceptive spam e-mails, i.e., caused its claimed harm. And Maryland and California law provide statutory redress. Id. Accordingly, we conclude that Beyond Systems had Article III standing.
The central issue in this case is whether the common law doctrine of volenti non fit injuria precludes Beyond Systems' recovery under the California and Maryland anti-spam statutes. The district court held that it does. We agree.
California's anti-spam statute provides, in relevant part:
Cal. Bus. and Prof.Code § 17529.5.
Similarly, Maryland's anti-spam act provides, in relevant part:
Md.Code § 14-3002. Additionally, Maryland law allows "interactive computer service provider[s]" to pursue damages under the statute. Md.Code § 14-3003.
These state statutes exist against the backdrop of the Controlling the Assault of Non-Solicited Pornography and Marketing Act ("CAN-SPAM Act"), which Congress enacted to create a national uniform standard regarding spam control. 15 U.S.C. § 7701(a)(11). CAN-SPAM made it illegal to "initiate the transmission ... of a commercial electronic message ... that contains... header information
This Court has held that "Congress was operating in the vein of tort when it drafted the pre-emption clause's exceptions". Omega World Travel, Inc. v. Mummagraphics, Inc., 469 F.3d 348 (4th Cir.2006). Thus, in this Circuit, it is clear that a state's anti-spam statute is not preempted so long as it deals with falsity or deception in the vein of tort. Id.
While the highest court in Maryland has not spoken directly on the issue in this matter, we find the direct pronouncement of Maryland's second highest court to be informative as to the state of Maryland's law on this subject. In 2006, the Court of Special Appeals of Maryland made clear that violations of Maryland's anti-spam statute, "like violations of the Consumer Protection Act, are `in the nature of a tort.' Indeed, [because] both statutes regulate[] false and deceptive trade practices ... the same principles that guide us when faced with questions of individual liability for torts apply here." MaryCLE LLC v. First Choice Internet, Inc., 166 Md.App. 481, 890 A.2d 818, 846 (2006) (citation omitted).
Similarly, the second highest court in California provides us with guidance on the state of California law on this issue. In 2011, the California Court of Appeal concluded "that the CAN-SPAM Act's savings clause applies to any state law that prohibits material falsity or material deception in a commercial e-mail...." Hypertouch, Inc. v. ValueClick, Inc., 192 Cal.App.4th 805, 833, 123 Cal.Rptr.3d 8 (Cal. Ct.App.2011). The California court thereby limited the application of California's anti-spam law to deceptive e-mails. Id. Thus, neither the California nor the Maryland anti-spam statutes, both of which are in the vein of a tort, is preempted.
Generally, tort-related statutes like these anti-spam laws are not exempt from common law principles. This makes sense, "because statutes creating torts rarely bother to set forth all the ancillary doctrines-governing such issues as causation, immunity, or, here, derivative liability-that are necessary to compose a complete regime of tort liability." Shager v. Upjohn Co., 913 F.2d 398, 404 (7th Cir. 1990). See also, e.g., Busching v. Sup. Ct., 12 Cal.3d 44, 52, 115 Cal.Rptr. 241, 524 P.2d 369 (1974) ("[I]t is not to be presumed that the legislature in the enactment of statutes intends to overthrow long-established principles of law unless
It is a general maxim of tort law that "no wrong is done to one who consents." Restatement (Second) of Torts 892A cmt. a (1979). As such, "[o]ne who effectively consents to conduct of another intended to invade his interests cannot recover in an action of tort for the conduct or for harm resulting from it." Id. § 892A. This principle has been known as "volenti non fit injuria," or "to a willing person it is not a wrong." Black's Law Dictionary 1805 (10th ed.2014).
Maryland and California abide by volenti non fit injuria. As the Maryland Court of Special Appeals has recognized, "[a]ll intended wrongs have in common the element that they are inflicted without the consent of the victim. Those who, with full knowledge, assent to the invasion of their interests may not complain." Janelsins v. Button, 102 Md.App. 30, 648 A.2d 1039, 1042 (1994) (internal quotation marks and citation omitted); see also, e.g., Brazerol v. Hudson, 262 Md. 269, 277 A.2d 585 (1971) (landowners who consented to entry of dump truck on their land to transport materials to adjoining property could not recover for trespass and alleged crack in their basement wall). California has gone so far as to codify the maxim: "He who consents to an act is not wronged by it." Cal. Civ.Code § 3515; see also Pinney & Topliff v. Chrysler Corp., 176 F.Supp. 801, 810 (S.D.Cal.1959) (referring to Section 3515 as "a codification of the maxim volenti non fit injuria").
We take pause to note that this doctrine is separate and distinct from that of "assumption of risk," with assumption of risk serving as a defense when the tort is based on the defendant's negligent or reckless conduct, while the volenti doctrine applies when the plaintiff has consented to the defendant's intentional conduct. See Restatement (Second) of Torts Chapter 17A, scope note; id. § 892A cmt. a. In a similar vein, while the Maryland Court of Special Appeals observed in Janelsins that "the two doctrines substantively amount to flip sides of a single conceptual principle," it joined California in holding that "the doctrine of assumption of risk does not bar recovery for intentional torts." 648 A.2d at 1044-45.
We agree with the district court that the evidence was "overwhelming" that Beyond Systems consented to the harm it claims it suffered. Beyond Sys., Inc., 972 F.Supp.2d at 770. Beyond Systems created fake e-mail addresses, solely for the purpose of gathering spam. It embedded these addresses in websites so that they were undiscoverable except to computer programs that serve no other function than to find e-mail accounts to spam. Beyond Systems increased its e-mail storage capacity to retain a huge volume of spam, by which it hoped to increase its eventual recovery under anti-spam statutes. And it intentionally participated in routing spam e-mail between California and Maryland to increase its exposure to spam and thereby allow it to sue under both states' laws. Accordingly, we agree with the district court that Beyond Systems' consent to — and indeed its solicitation of — the harm at issue in this case prohibits Beyond Systems
For the reasons above, we find that Beyond Systems cannot recover for the e-mails sent from Kraft or Connexus to Beyond Systems' servers. And because we resolve this matter as detailed above, we need not and therefore do not address the parties' other arguments. We thus affirm the district court's judgment.
AFFIRMED.