Opinion
MASTER CASE NO. C12-481RAJ
08-29-2013
SPAM ARREST, LLC, Plaintiff, v. REPLACEMENTS, LTD., et al., Defendants.
HONORABLE RICHARD A. JONES
ORDER
I. INTRODUCTION
This matter comes before the court on a motion calendar it created on August 20 to resolve the parties' cross-motions for summary judgment. Defendants Sentient Jet, LLC and Sentient Jet Charter, LLC (collectively "Sentient Jet") moved for summary judgment against all of the claims of Plaintiff Spam Arrest, LLC. Spam Arrest filed a cross-motion for summary judgment solely as to a subset of its breach of contract claims.
On August 20, the court issued a preliminary order addressing its likely conclusions as to the motions. The court set an August 28 oral argument to give the parties the opportunity to address the preliminary order. At oral argument, Spam Arrest addressed very few of the court's conclusions from the preliminary order. It did not dispute dozens of conclusions as to the inadequacy of its evidence. It did not mention its tort claim or its statutory claims. The court has revised its preliminary order to reflect Spam Arrest's minimal argument as well as Sentient Jet's input. None of those revisions, however, change the court's ultimate conclusions. Sentient Jet is entitled to summary judgment against all of Spam Arrest's claims.
II. SUMMARY OF DECISION
Spam Arrest says that Sentient Jet owes it more than $1,000,000 because Sentient Jet sent almost 600 unsolicited emails (or "spam," as such emails are ubiquitously known) promoting its jet-charter service to about 500 Spam Arrest customers. In doing so, Sentient Jet allegedly breached about 600 contracts it allegedly entered promising not to send spam to each of those Spam Arrest customers. Each contract contains a liquidated damages clause purporting to award Spam Arrest $2,000 for each piece of spam. 600 pieces of spam at $2,000 per piece is $1.2 million. But that figure accounts only for Sentient Jet's breaches of contract. Spam Arrest also claims that each piece of spam is a tortious interference with its relationship with its customers, most of whom pay a monthly fee. Spam Arrest asserts that each piece of spam is a violation of the Washington Consumer Protection Act ("CPA"). Finally, it contends that Sentient Jet violated the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030, by accessing Spam Arrest's computers without authorization.
See Gordon v. Virtumundo, Inc., 575 F.3d 1040, 1045 n.1 (9th Cir. 2009) (explaining how "spam" came to refer to unsolicited email).
After reviewing the parties' motions, however, the court concludes that Sentient Jet owes Spam Arrest nothing. Whereas Spam Arrest alleges that Sentient Jet breached about 600 contracts, there are open questions as to whether anyone at Sentient Jet was aware that he or she had entered even a single contract. Although the court cannot resolve those questions on summary judgment, it can determine that Spam Arrest has not offered evidence from which a jury could conclude that anyone who assented to a contract had authority to bind Sentient Jet. And even if the court were to assume that Sentient Jet entered at least one contract with Spam Arrest, Spam Arrest has not offered evidence from which a jury could conclude that Sentient Jet breached it.
Putting aside Spam Arrest's failure to raise a factual dispute as to the formation of a contract or its breach, it also has not proven any damages arising from a breach of contract. Its $2,000 liquidated damages provision is invalid, and Spam Arrest has offered no evidence that would permit a jury to conclude that Sentient Jet's alleged breach of any contract caused quantifiable damage. In particular, it cannot show that any customer left Spam Arrest as a result of email from Sentient Jet. Indeed, there is scarcely any evidence that any Spam Arrest customer has left as a result of receiving spam from anyone.
For many of the same reasons, Spam Arrest's tort claim and its statutory claims do not, as a matter of law, pass muster. Spam Arrest's tortious interference and CPA claim are not triable for the same reasons that its breach of contract claims are not. Spam Arrest's attempt to invoke the CFAA is doomed because there is no evidence that Sentient Jet has done anything that the statute prohibits.
The court will explain each of these conclusions in its later analysis. Before it does so, it explains Spam Arrest's anti-spam service and Sentient Jet's interaction with it.
III. REVIEW OF EVIDENCE
A. Spam Arrest Attempts to Require Every Person Who Emails a Customer to Enter a "Sender Agreement" Promising Not to Send That Customer Spam.
Spam Arrest sells (or in some cases gives away) an anti-spam service. Most anti-spam services operate by filtering, i.e., by using software to scan the content of incoming email for the hallmarks of spam, then segregating suspected spam from other email.
Spam Arrest's Director of Operations testified that its service cost less than $50 per year as of October 2012. Todaro Decl., Ex. 1 (Dkt. # 36) (Harb Depo. at 118). The Spam Arrest website offers a free 30-day trial with subscription prices starting at $3.75 per month. Id., Ex. 15 (Dkt. # 30-15). Spam Arrest's Director of Technical Operations testified that an unspecified number of customers pay as much as $396 per month. Nguyen Decl. ¶ 20 (Dkt. # 51).
Spam Arrest takes a different approach. Its customers give Spam Arrest access to their email accounts at third-party providers. Incoming email from a verified sender remains in a customer's inbox. Spam Arrest diverts email from unverified senders to a customer-accessible "unverified folder" on Spam Arrest's computers. An unverified sender must complete Spam Arrest's verification process. If she does, Spam Arrest automatically removes the email from the "unverified folder" and delivers it to its customer's inbox.
Spam Arrest's evidence regarding the delivery of email to its customers is vague in critical respects. There appears to be no dispute that email sent to one of its customers first arrives in the servers of the third party who hosts the customer's email account. Todaro Decl., Ex. 3 (Dkt. # 30-3) (Nguyen Depo. at 23, 47). In some cases, Spam Arrest automatically downloads incoming mail from the third-party servers. Id.; see also Harb Decl., Ex. A (Dkt. # 50-1) (compiling versions of Terms of Service Agreement, which require customer to grant Spam Arrest a license to access her third-party email account). In other cases, users forward their email to Spam Arrest. Todaro Decl., Ex. 3 (Dkt. # 30-3) (Nguyen Depo. at 23). It appears that even email from verified senders leaves the customer's third-party account and arrives at Spam Arrest, although Spam Arrest then "immediately" passes verified email back to its customer. Nguyen Decl. ¶ 51 (Dkt.# 51) ("All email to Spam Arrest customers flows through Spam Arrest's system). Unverified email, it appears, resides on Spam Arrest's servers (where a customer can access it) for seven days. Todaro Decl., Ex. 14 (Dkt. # 30-14) (Spam Arrest website FAQs).
The verification process begins with an automatically-generated "verification email" from Spam Arrest to the unverified sender. The verification email is a short message asking the sender to click on a hyperlink to "complete the verification process." Todaro Decl., Ex. 11 (Dkt. # 30-11) (p. 175 of 201). A sender who clicks the hyperlink will find herself at the "verification page" of Spam Arrest's website. A user who clicks the "Verify" button on the verification page becomes a verified sender.
According to Spam Arrest, however, clicking the "Verify" button also binds the sender to its "Sender Agreement," a two-paragraph contract at the end of the verification page, below the "Verify" button. Sentient Jet contends that no sender would have known she was entering a Sender Agreement because the verification process does not conspicuously disclose the agreement.
Prior to changes Spam Arrest made in October 2011, the verification email and verification page had no references to the Sender Agreement other than the Agreement itself. The verification email explained that "[w]hen you click the above link, you will be taken to a page with a graphic on it. Simply read the word in the graphic, type it into the form, and you're verified." Todaro Decl., Ex. 11 (Dkt. # 30-11) (p. 175 of 201). Clicking on the hyperlink would take the sender to a verification page that began with instructions to "type the verification code into the box below and click the 'verify' button to approve the delivery of the email. You will not need to do this again." Id. Just below was a CAPTCHA - in this case a graphic composed of distorted letters. The distorted letters formed a verification code, which the user entered in a box just below the graphic. Adjacent to the box was a "Verify" button.
A "Completely Automated Public Turing test to tell Computers and Humans Apart," or "CAPTCHA," is software that distinguishes human website users from automated users. Craigslist, Inc. v. Naturemarket, Inc., 694 F. Supp. 2d 1039, 1048 (N.D. Cal. 2010).
In October 2011, Spam Arrest made two changes to the verification process. First, it modified the verification email by adding one more clause to the critical sentence, which the court emphasizes by underlining: "[w]hen you click the above link, you will be taken to a page with a graphic on it. Simply read the word in the graphic, type it into the form, accept the Sender Agreement, and you're verified." Todaro Decl., Ex. 11 (Dkt. # 30-11) (p. 176 of 201). Second, it changed the verification page such that the vertical space between the CAPTCHA graphic and the box for entry of the verification code contained the following sentence: "I accept the Sender Agreement below." Id., Ex. 13 (Dkt. # 30-13) (p. 180 of 201).
Both versions of the verification page contain a Sender Agreement below the box into which a sender inputs the verification code and the adjacent "Verify" button. The Sender Agreement, which is the same in both versions, begins with the following statement:
By clicking the "VERIFY" button above, and in consideration for Spam Arrest, LLC forwarding your e-mail (and any e-mails you may send in the future) to the intended recipient (the "Recipient"), you agree to be bound by the following Sender Agreement . . . .Todaro Decl., Ex. 12 (Dkt. # 30-12) (p. 178 of 201). The complete Sender Agreement follows that introductory statement:
You represent and warrant to Spam Arrest and the Recipient that any e-mail you desire to send to the Recipient is not "unsolicited commercial e-mail" i.e., the e-mail does not primarily contain an advertisement or promotion of a commercial product, service or Web site; unless the Recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the Recipient's own initiative. Further, you represent and warrant that your transmission of any e-mail does not violate any local, state or federal law governing the transmission of unsolicited commercial email, including but not limited to, RCW § 19.190.020 or the CAN-SPAM Act of 2003. You understand and acknowledge that it is fair and reasonable that you agree to abide by the restrictions set forth in this agreement. You acknowledge and agree that this agreement is central to Spam Arrest's decision to forward your e-mails to the Recipient. Accordingly, if you violate this agreement, Spam Arrest and the Recipient shall be entitled to (1) temporary and/or permanent injunctive relief to restrain any further breaches or violations of this agreement; and (2) damages in the amount of two thousand dollars ($2,000.00) for each violation of this agreement. You acknowledge that such remedies are appropriate and reasonable in light of the costs and expenses Spam Arrest incurs as a result of eradicating and filtering unsolicited commercial e-mail. You acknowledge that the $2000.00 remedy is a reasonable estimate of Spam Arrest's and the Recipient's actual damages. This agreement is governed by the laws of the State of Washington and the exclusive venue for any action related to this agreement shall be held in the state and federal courts located in Washington. You hereby waive any right to object to venue or jurisdiction based on inconvenient forum, lack of personal jurisdiction or for any other reason.Todaro Decl., Exs. 12-13 (Dkt. ## 30-12, 30-13).
B. Sentient Jet Employees Email Spam Arrest Customers, Completing the Verification Process About 600 Times.
People using Sentient Jet's computers completed Spam Arrest's verification process about 600 times. Spam Arrest compiled a spreadsheet showing the date and time of each verification, as well as information about the Spam Arrest customer whom the verifier was emailing. SS. The spreadsheet reveals that those verifications correspond to emails sent to about 500 unique Spam Arrest customers. Id. More than 500 of the verifications took place in 2010 or 2011, although there are a few in 2012 and a few dozen from 2005 to 2009. Id.
The spreadsheet, which the court cites with the notation "SS," is the most comprehensive data set on the 600 Sentient Jet verifications at issue. Todaro Decl., Ex. 6 (Dkt. # 39); Nguyen Decl. ¶¶ 21-22 (Dkt. # 69) (explaining each column of data in spreadsheet). The court relied on the version Sentient Jet submitted, despite Spam Arrest's complaint that the version it produced in discovery is "similar" but perhaps not identical. Nguyen Decl., ¶¶ 21 (Dkt. # 39) (comparing Dkt. # 39 to Dkt. # 73-2). Sentient Jet submitted an electronic version of the spreadsheet, whereas Spam Arrest relied solely on an unwieldy 90-page printout for which it provided no courtesy copy.
No one knows who at Sentient Jet completed the verification process in any specific instance. No one has named any Sentient Jet employee who completed the verification process even once. Because the verification process does not require the sender to identify herself, Spam Arrest can point only to the IP address from which an email triggering the verification process came, that email's return address, and the date and time of verification. Nguyen Decl., Ex. D (Dkt. # 51-4). No one disputes that the 600 or so verifications on which Spam Arrest bases this lawsuit came from IP addresses associated with Sentient Jet. Various Sentient Jet employees in various departments might be responsible for these verifications. Johnson Decl. ¶ 8 (Dkt. # 32). They include employees with no power to bind Sentient Jet to any contract and employees who had power to bind Sentient Jet to jet-service contracts worth more than $100,000. Sentient Jet has hundreds of employees. Id. ¶ 12. Relatively few of the emails that triggered the verifications came from Sentient Jet addresses that correspond to an individual (e.g., rcampbell@sentient.com), most came from general-purpose addresses (e.g., info@sentient.com, charterinfo@sentient.com) to which many employees have access. Linke Decl., Ex. S (Dkt. # 52-19) (Johnson Depo. at 61-62, 68, 79, 89). There is no evidence from any Sentient Jet employee who recalls sending an email to any Spam Arrest customer, who recalls completing the Spam Arrest verification process, or who recalls entering a Sender Agreement. Johnson Decl. ¶ 12 (Dkt. # 32). One Sentient Jet employee was able to locate a single example of a verification email that Sentient Jet received. Linke Decl., Ex. S (Dkt. # 52-19) (Johnson Depo. at 92). With one possible exception, which the court will now discuss, there is no evidence that Sentient Jet explicitly authorized any employee to enter a contract on its behalf that would obligate it to pay $2,000 for every piece of spam. Johnson Decl. ¶ 12 (Dkt. # 32).
An IP address specifies the location at which a computer connects to the internet. Johnson v. Microsoft Corp., No. C06-900RAJ, 2009 U.S. Dist. LEXIS 58174, at *10-11 (W.D. Wash. Jun. 23, 2009).
There is patchy evidence that Sentient Jet's former Director of Marketing registered for Spam Arrest's "Known Sender Program." Spam Arrest sometimes requires senders who send more than 12 unverified emails per day to register for the Known Sender Program. Nguyen Decl. ¶ 14 (Dkt. # 51). The only evidence of the registration process is a page from the Spam Arrest website that explains that "companies performing a high volume of verifications are required to subscribe" to the Known Sender Program. Id., Ex. C (Dkt. # 51-3). The page requires the entry of a name, email address, and phone number. Id. Just below those entries is an "I Agree" button adjacent to this text: "By clicking on 'I Agree' you acknowledge that you understand, and agree to, the Spam Arrest Sender Agreement." Id. (punctuation in original). Although there is no evidence to prove as much, the court assumes that the underlined text served as a hyperlink to the Sender Agreement. What no one explains, however, is what relevance the Sender Agreement has in this context. A Sender Agreement is a promise not to send Spam to a specific Spam Arrest customer. The Known Sender page, however, does not target a specific Spam Arrest customer. Spam Arrest offers no explanation, and does not attempt to address the poor fit between its Known Sender registration page and its Sender Agreement.
When Spam Arrest responded to interrogatories from Sentient Jet in November 2012, it stated that Sentient Jet had not subscribed to the Known Sender Program. Todaro Decl., Ex. 9 (Dkt. # 41) (response to Interrog. No. 2). During discovery, however, Sentient Jet produced a document that suggests that Amy Kass (who worked as Sentient Jet's Director of Marketing from May 2010 until she left the company in November 2011) paid $99.95 in May 2010 to become a "Known Sender, 100 Verifications/Day." Linke Decl., Ex. J (Dkt. # 52-10); see also id., Ex. Q (Dkt. # 52-17) (Vaughn Depo. at 8) (describing Ms. Kass's roles at Sentient Jet). Although Spam Arrest later provided its own version of that record which included a few Sentient Jet IP addresses (Nguyen Decl., Ex. C (Dkt. # 69-3)), it has not explained what Ms. Kass paid for or how she (or any other Known Sender) was induced to pay for the privilege of being a Known Sender. Spam Arrest's counsel (whose personal knowledge of Spam Arrest's Known Sender practices is dubious) refers to the record that Sentient Jet produced as a "true and correct copy of a Known Sender Agreement entered on Sentient Jet's behalf by Amy Kass." Linke Decl. ¶ 11 (Dkt. # 52) (describing Ex. J). But the record is at most proof of a payment. It is not an "agreement" of any kind. The same is true of Spam Arrest's version of that record. Nguyen Decl. ¶¶ 16-18 (Dkt. # 69) & Ex. A (Dkt. # 69-1). Indeed, there is no competent evidence of any agreement associated with the Known Sender Program other than the Sender Agreement itself. The Known Sender registration page does not discuss an option or requirement to pay $99.95 or any other amount for the privilege of being a Known Sender. Nguyen Decl., Ex. C (Dkt. # 51-3).
Other than the record of Ms. Kass's payment, there is no evidence at all as to what she did about her participation in the Known Sender Program. There is no evidence that she discussed the program or Spam Arrest with any employee. There is no evidence that she was aware that other employees had entered or would enter Sender Agreements.
C. With the Exception of Seven Customers, No Evidence Permits a Conclusion as to Whether Anyone Consented to Receive Sentient Jet's Email.
No one knows what was in the 600 or so emails Sentient Jet sent to Spam Arrest customers that triggered the verification process. Sentient Jet sends commercial emails, and generally uses its "charterinfo@sentient.com" and "info@sentient.com" addresses for that purpose. Johnson Decl. ¶ 3 (Dkt. # 32), Linke Decl., Ex. S (Dkt. #52-19) (Johnson Dep. at 61-62). Although a jury might conclude that some (perhaps most) of the 600 emails were commercial solicitations, there is almost no evidence from which a jury could conclude that any specific Spam Arrest customer received a commercial solicitation from Spam Arrest.
The only customer-specific evidence is a set of seven declarations from Spam Arrest customers who state that they received unsolicited commercial email from Sentient Jet years ago. None of them can recall the content of the email or produce copies of the email. Linke Decl., Ex. I (Dkt. # 60-4)
With the exception of those seven Spam Arrest customers, the evidence does not permit the conclusion that Sentient Jet lacked consent from any of the people it emailed. There is no evidence that any customer complained contemporaneously about spam from Sentient Jet. The closest indication of customers' contemporaneous views is that some of them used a Spam Arrest feature to "block" email that purports to come from one or more specific Sentient Jet email addresses. Most of the blocked addresses, however, are "spoofed" addresses from people (or automated spam generators) unassociated with Sentient Jet. Todaro Decl., Ex. 7 (Dkt. # 30-7) (list of about 400 Spam Arrest "block" requests targeting addresses bearing sentient.com domain). Even as to blocked email addresses that correspond to actual Sentient Jet addresses, there is no evidence that equates a "block" with a lack of consent to receive the email or emails that led to the block. A Spam Arrest customer might, for example, consent to receive Sentient Jet emails, grow tired of them, then block future emails. Sentient Jet has produced unchallenged evidence that only 6 customers who blocked a Spam Arrest address later canceled their Spam Arrest subscription, and none of those did so within 31 days of the "block." Todaro Decl., Ex. 24 (Dkt. # 65) (Torelli Report at 7). With the exception of a few of the 7 customers who provided declarations and declared that they blocked a Sentient Jet address after receiving spam, Spam Arrest's block evidence would not permit a jury to infer a lack of consent.
"Spoofing" is the practice of making spam appear as if it came from a legitimate sender. See Karvaly v. eBay, Inc., 245 F.R.D. 71, 91 n.34 (E.D.N.Y. 2007). A spoofer might, for example, send an email bearing the return address "fakeaddress@sentient.com." Some spoofers use email addresses that appear to be randomly generated, e.g., tfjaqb@sentient.com. Others use addresses crafted to appear legitimate, e.g., bob.smith@sentient.com.
Sentient Jet falls short of proving as a matter of law that any specific Spam Arrest customer consented to receive email from Sentient Jet. Sentient Jet has purchased email addresses from numerous third parties. Johnson Decl. ¶ 4 (Dkt. # 32). At least some of those parties boast that the email addresses they sell belong to people who have consented to receive commercial email, and Sentient Jet asserts that its "practice" is to ensure that it has consent to send email. Linke Decl., Ex. S (Dkt. # 52-19) (Johnson Dep. at 101); see also Johnson Decl. at ¶¶ 19-21 (Dkt. # 32) (reviewing promotional materials from various email list providers). No evidence confirms that assertion. Sentient Jet admits, moreover, that it cannot ascertain the source from which it acquired many of the email addresses of Spam Arrest customers. Johnson Decl., ¶¶ 17, 22 (Dkt. # 32). Sentient Jet also obtains some (but probably not most) email addresses directly from people who provide addresses either after browsing Sentient Jet's websites or after direct contact with Sentient Jet representatives. Id. ¶ 4. Even as to those customers, however, there is no evidence of consent.
D. Spam Arrest Has No Evidence of Quantifiable Damages.
Assuming that Sentient Jet sent a piece of spam in violation of a Sender Agreement, there is no evidence that would permit a jury to assess damages flowing from that violation. Indeed, Spam Arrest has made no attempt to quantify its damages. It relies solely on the Sender Agreement's $2,000 liquidated damages clause. At oral argument, it for the first time stated that it wished to present evidence of actual damages or nominal damages at trial.
Spam Arrest contends that Sentient Jet spam imposed both operational costs (costs associated with the segregating and delivery of email by its computer systems) and damages from customers who left Spam Arrest after receiving spam. Spam Arrest's evidence of increased operational costs is paltry. A sender who falsely verifies a piece of spam theoretically imposes two types of operational cost: the cost of processing the false verification form, and the cost of delivering (or redelivering) spam to a customer's third-party inbox. Spam Arrest's Director of Operations speculated that Spam Arrest incurred operational costs, but admitted that she could not quantify them. Todaro Decl., Ex. 2 (Dkt. # 37) (Harb Depo. at 15-18). Its Director of Technical Operations was similarly unable to quantify any additional technical cost that Sentient Jet imposed. Id., Ex. 3 (Dkt. # 30-3) (Nguyen Depo. at 46).
Spam Arrest has no evidence of damages flowing from customers who left Spam Arrest because of Sentient Jet's spam. Indeed, it has scarcely any evidence that any customer has left Spam Arrest because of the receipt of spam from anyone. Spam Arrest has never attempted to learn if any customer left because he or she received spam. Todaro Decl., Ex. 1 (Dkt. # 36) (Harb Depo. at 114). Although its Director of Operations declares in cursory fashion that customers have canceled service or demanded refunds or credits as a result of receiving spam, Harb Decl. ¶ 8 (Dkt. # 58), Spam Arrest offers no business records or other evidence to support her statement. Spam Arrest admits that it has no evidence that any customer has left because of spam from Sentient Jet. Todaro Decl., Ex. 2 (Dkt. # 37) (Harb Dep. at 33, 53). Of the approximately 500 Spam Arrest customers who received email from Sentient Jet, about 440 of them are still customers. SS. As to the 60 or so who canceled, just one of them complained about the receipt of spam. Id. Many others provided reasons for cancellation that had nothing to do with the receipt of spam. Id. Most who cancelled provided no reason. Id.; see also Todaro Decl., Ex. 24 ( Dkt. # 65-2) (Torelli Report at 4 (summarizing account status and cancellation data)). Sentient Jet has produced unchallenged evidence that only 4 customers canceled their Spam Arrest subscriptions within 31 days of receiving a Sentient Jet email, and that all but one of those gave a reason for canceling that had nothing to do with the receipt of spam. Todaro Decl., Ex. 24 (Dkt. # 65-2) (Torelli Report at 4-5).
Spam Arrest's admission under oath is in sharp contrast to the following statement in its summary judgment motion: "Spam Arrest's business records show hundreds of customers cancelled their service after Defendants spammed them, sometimes within hours." Pltf.'s Mot. (Dkt. # 57) at 27-28. No evidence accompanies that statement.
With the foregoing evidence in mind, the court turns to the summary judgment motions. Sentient Jet asks for summary judgment against each of Spam Arrest's approximately 600 breach of contract claims, as well as its tortious interference claim and its claims invoking the CPA and the CFAA. Spam Arrest asks for summary judgment that Sentient Jet breached the Sender Agreement 253 times.
Spam Arrest compiled this 253-breach subset by focusing on Sender Agreements that Sentient Jet allegedly entered within six years of the beginning of this suit, as a result of verifications completed by persons using the charterinfo@sentient.com and info@sentient.com addresses, for the purpose of sending email to a person whose email address Sentient Jet obtained from a third party. Pltf.'s Mot. (Dkt. # 57) at 24. Spam Arrest did not reveal which of its customers met these conditions until it submitted a spreadsheet in conjunction with its reply brief on its summary judgment motion. Linke Decl., Ex. F (Dkt. # 74-3). The court counted 253 customers on the spreadsheet.
IV. ANALYSIS
The court applies the familiar summary judgment standard, which requires it to draw all inferences from the admissible evidence in the light most favorable to the non-moving party. Addisu v. Fred Meyer, Inc., 198 F.3d 1130, 1134 (9th Cir. 2000). Summary judgment is appropriate where there is no genuine issue of material fact and the moving party is entitled to a judgment as a matter of law. Fed. R. Civ. P. 56(a). The moving party must initially show the absence of a genuine issue of material fact. Celotex Corp. v. Catrett, 477 U.S. 317, 323 (1986). The opposing party must then show a genuine issue of fact for trial. Matsushita Elect. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 586 (1986). The opposing party must present probative evidence to support its claim or defense. Intel Corp. v. Hartford Accident & Indem. Co., 952 F.2d 1551, 1558 (9th Cir. 1991). The court defers to neither party in resolving purely legal questions. See Bendixen v. Standard Ins. Co., 185 F.3d 939, 942 (9th Cir. 1999).
A. Breach of Contract
To prevail in any one of its hundreds of breach of contract claims, Spam Arrest bears the burden of proving the existence of a contract that imposes a duty, a breach of that duty, and damages. Myers v. Dep't of Soc. & Health Servs., 218 P.3d 241, 243 (Wash. Ct. App. 2009) (reciting elements of a breach of contract claim); Jacob's Meadow Owners Ass'n v. Plateau 44 II, LLC, 162 P.3d 1153, 1165 (Wash. Ct. App. 2007) (noting that plaintiff bears the burden of proving existence of contract); Peoples Mortgage Co. v. Vista View Builders, 496 P.2d 354, 356 (Wash. Ct. App. 1972) (noting that plaintiff bears the burden of proving breach).
1. The Court Cannot Decide on Summary Judgment Whether Spam Arrest's Verification Process Informs a Sender that She is Assenting to the Sender Agreement.
In Sentient Jet's view, Spam Arrest cannot prove mutual assent to enter any Sender Agreement because no one who completes Spam Arrest's verification process knows that he or she is entering a contract. In Washington, "parties must objectively manifest their mutual assent" in order to form a contract. Keystone Land & Development Co. v. Xerox Corp., 94 P.3d 945, 949 (Wash. 2004). Subjective evidence, including evidence that a party did not read the contract to which she manifested assent, is not relevant. Yakima County Fire Prot. Dist. No. 12 v. City of Yakima, 858 P.2d 245, 255 (Wash. 1993); Ford v. Trendwest Resorts, Inc., 12 P.3d 613, 616 (Wash. Ct. App. 2000) ("[T]he unexpressed subjective intention of the parties is irrelevant; the mutual assent of the parties must be determined by their objective acts or outward manifestations."), rev'd on other grounds, 43 P.3d 1223 (Wash. 2002). Whether parties manifested mutual assent is a question of fact. Sea-Van Investments Assocs. v. Hamilton, 881 P.2d 1035, 1039 (Wash. 1994). So long as a Sentient Jet sender could have seen a reasonably conspicuous reference to the Sender Agreement while completing the verification process, a jury could conclude that the sender manifested assent. See Mortenson v. Timberline Software Corp., 998 P.2d 305, 313 (Wash. 2000) (affirming summary judgment, concluding that references in "numerous locations" to license agreement was sufficient to manifest assent, even if purchaser "never saw the terms of the license").
The parties devote much attention to courts not applying Washington law who have considered "clickwrap" and "browsewrap" contracts that are now ubiquitous in online commerce. So far as the court is aware, only one court has applied Washington law to these online contracts. Kwan v. Clearwire Corp., No. C09-1392JLR, 2011 U.S. Dist. LEXIS 150145, at *19-24 (W.D. Wash. Jan 3, 2012) (reviewing authority from many jurisdictions regarding "clickwrap" and "browsewrap" contracts). Neither the Kwan decision nor any other authority of which the court is aware suggests that Washington law applies differently to online contracts. It remains Spam Arrest's obligation to demonstrate mutual assent by objective evidence.
Disputed issues of fact prevent the court from deciding whether anyone at Sentient Jet assented to a Sender Agreement. After October 2011, a sender would have seen (or reasonably should have seen) one reference to the Sender Agreement in the verification email and one in the portion of the verification page that precedes the box for entry of the verification code. A reasonable jury could reach different conclusions as to whether those disclosures were sufficiently conspicuous. Among other things, the jury would consider whether Spam Arrest's use of a CAPTCHA tends to obscure the disclosure of the Sender Agreement. Sentient Jet offers evidence that the standard use of a CAPTCHA is not to indicate assent to a contract, but to differentiate humans from computers. It is possible (although far from certain) that objectively reasonable senders associate CAPTCHAs so strongly with their identification function that they do not notice Spam Arrest's use of the CAPTCHA as a means to manifest mutual assent. In short, factual disputes prevent the court from deciding whether senders who verified after October 2011 manifested assent to the Sender Agreement. Sentient Jet conceded as much at oral argument.
Sentient Jet's evidence comes from its counsel, who offers examples from internet commerce sites of the use of CAPTCHAs solely to distinguish human web users from computers. Todaro Decl. ¶¶ 16-17 (Dkt. # 30), Exs. 17-18 (Dkt. ## 30-17, 30-18). Spam Arrest correctly points out that counsel is not competent to opine on all uses of CAPTCHAs. Nonetheless, counsel is as competent as any web user to query, based on everyday experience, whether web users believe that CAPTCHAs exist only to identify a user as human. The court notes that Spam Arrest points to no other person or entity who uses a CAPTCHA as a means of manifesting assent to a contract.
As to verifications prior to October 2011, it was possible for a sender to complete Spam Arrest's verification process without seeing any notice of the Sender Agreement. Spam Arrest did not mention the Sender Agreement in its verification email and did not mention it on its verification page until after the CAPTCHA whose completion was the sole obstacle to completing the verification process. Thus, depending on the size and resolution of a sender's computer screen and the size and magnification of the sender's browser window, the sender might complete the verification process without encountering anything that would put her on notice of a contract. There is evidence that one user was able to achieve a combination of screen resolution and browser size such that the sender agreement was not visible. Denton Decl., Ex. 1 (Dkt. # 33). There is, however, no competent evidence of how many Sentient Jet senders completed the verification process in that visual environment. Neither party presents probative evidence of how senders were likely to view the verification page. For these reasons, the court cannot decide on summary judgment whether Sentient Jet senders before October 2011 (who make up the majority of the 600 senders at issue) manifested assent to the Sender Agreement.
2. Spam Arrest Cannot Prove that Anyone with Authority to Bind Sentient Jet Entered the Sender Agreement.
Assuming that Spam Arrest could demonstrate that a Sentient Jet employee manifested assent to a Sender Agreement, it remains its burden to demonstrate that the employee had the authority to bind Sentient Jet. Schoonover v. Carpet World, Inc., 588 P.2d 729, 733 (Wash. 1978) ("[T]he burden of establishing the requisite authority rests upon the one who asserts it."). An agent's authority derives entirely from the acts of her principal. Actual authority, whether express or implied, is authority that the principal expressly or impliedly invests in an agent. King v. Riveland, 886 P.2d 160, 165 (Wash. 1994). The doctrine of apparent authority permits an agent acting in excess of her actual authority to bind her principal if the principal's conduct leads a third party to believe the agent had authority. Udall v. T.D. Escrow Servs., Inc., 154 P.3d 882, 888 (Wash. 2007) ("An agent has apparent authority when a third party reasonably believes the agent has authority to act on behalf of the principal and that belief is traceable to the principal's manifestations."). Apparent authority requires both that the third party actually believe that the agent has authority and that the belief is objectively reasonable. Id. The agent's conduct is irrelevant to establishing apparent authority; only the principal's manifestations matter. Ranger Ins. Co. v. Pierce County, 192 P.3d 886, 890-91 (Wash. 2008). Apparent authority is judged from circumstances at the time the purported agent entered the contract. Associated Indem. Corp. v. King County Sch. Dist., 47 P.2d 10, 13 (Wash. 1935).
Spam Arrest makes its burden to proven agency more onerous by failing to offer evidence that any specific Sentient Jet employee completed the verification process. Thus, even if it could identify an employee with authority, it could not show that employee actually bound Sentient Jet to a Sender Agreement. Spam Arrest insists that Sentient Jet employees with authority to bind the company to $100,000 charter jet contracts necessarily had authority to enter the Sender Agreement. Spam Arrest is probably incorrect as a matter of law. Authority to obligate the company to a contract at the core of its business, without more, is unlikely to carry authority to bind the company to contracts (particularly contracts carrying a $2,000 price tag for a single email) far afield from that core business. But the court need not decide the issue, because there is no evidence that any employee with power to bind Sentient Jet to a charter jet contract purported to bind Sentient Jet to a Sender Agreement.
To circumvent its inability to prove that any specific Sentient Jet employee completed the verification process, Spam Arrest asserts that every Sentient Jet employee who might have completed the verification process had authority to enter the Sender Agreement. It reasons that every Sentient Jet employee who completed the verification process had authority to send email on Sentient Jet's behalf, so every one of those employees had authority to enter a Sender Agreement incidental to sending email. The court disagrees. Employees who have authority to use corporate email addresses probably have authority to undertake certain acts incidental to sending email. Without additional evidence, however, no jury could conclude that this generic authority includes authority to enter a contract that imposes $2,000 in liquidated damages for every email sent in violation of the contract. It is not reasonable, either from the point of view of the employee or of Spam Arrest, to assume that the authority to engage in an act that typically costs nothing implies authority to bind the company to pay $2,000 for the same act. As a matter of law, Sentient Jet's authorization for its employees to use its email addresses did not vest them with actual or apparent authority to enter the Sender Agreement.
Evidence regarding Sentient Jet's participation in Spam Arrest's Known Sender Program is also insufficient to establish anyone's authority to enter the Sender Agreement. At the threshold, Spam Arrest has not produced evidence that would permit the jury to conclude that Sentient Jet entered a contract reflecting participation in the Known Sender Program. At most, there is evidence that Sentient Jet's former Director of Marketing, Amy Kass, may have paid about $100 in connection with the program in May 2010, that she may have done so for the right to complete up to 100 verifications per day, and that she may have "agreed" to a single-recipient Sender Agreement in the process. Assuming that a jury could infer Ms. Kass's actual authority from her title alone, there is no evidence that Spam Arrest knew that Ms. Kass was Sentient Jet's Director of Marketing. Other than the thin evidence regarding her interaction with the Known Sender Program, there is no evidence about what Ms. Kass did. There is no evidence that she completed the verification process as to one or more emails. There is therefore no evidence that she was aware of the verification process, much less that she was aware that Sentient Jet employees were completing the verification process. There is no evidence that Ms. Kass discussed the Known Sender Program or anything else about Spam Arrest with anyone at Sentient Jet. There is no evidence that the frequency of Sentient Jet's verifications increased or decreased following her alleged entry into the Known Sender Program. There is no evidence that she advised Sentient Jet employees that they had authority to enter the Sender Agreement, either before or after her interaction with the Known Sender Program. On this evidence, no jury could conclude that Ms. Kass's actions gave actual authority to anyone to enter the Sender Agreement. And, because no one at Spam Arrest knew who Ms. Kass was, her participation in the Known Sender Program gave Spam Arrest no basis to conclude that Sentient Jet's employees had apparent authority to enter the Sender Agreement. Indeed, there is no evidence that Spam Arrest even knew that Ms. Kass had participated in the Known Sender Program until after it filed this lawsuit, and thus no basis to conclude that it subjectively believed that she had authorized anybody at Sentient Jet to enter Sender Agreements.
The dearth of evidence regarding Ms. Kass is emblematic of another gap in Spam Arrest's evidence - there is no evidence that anyone who could have authorized Sentient Jet employees to enter Sender Agreements was aware (until this lawsuit was filed) that employees were entering Sender Agreements. If there were such evidence, it would support the conclusion that Sentient Jet gave one or more of its employees express or implied authority to continue entering Sender Agreements. If there were evidence that Spam Arrest knew that someone with authority at Sentient Jet was aware its employees were entering Sender Agreements, a jury might conclude that those employees had apparent authority. But there is no such evidence.
In its reply brief, Spam Arrest for the first time contended that even if Sentient Jet's employees had no authority to enter Sender Agreements, Sentient Jet later ratified them. Putting aside that the argument is untimely, Spam Arrest ignores that ratification requires a principal to accept the benefits of a contract "with full knowledge of the material facts . . . ." Barnes v. Treece, 549 P.2d 1152, 1157 (Wash. Ct. App. 1976); see also Riss v. Angel, 934 P.2d 669, 683 (Wash. 1997). There is no evidence that anyone with authority at Sentient Jet knew that employees were entering Sender Agreements until Spam Arrest sued.
Spam Arrest contended in an earlier brief that the Washington Supreme Court had "ratified" a plaintiff's belief as to the apparent authority of a salesman based on the salesman's apparent control of a corporate office. Pltf.'s Mot. (Dkt. # 57) at 18 (citing Walker v. Pac. Mobile Homes, Inc., 413 P.2d 3 (Wash. 1966)). The Walker court did not discuss ratification of an agent's unauthorized acts.
For all of these reasons, the court concludes that Spam Arrest has not offered evidence from which a jury could find that any employee except perhaps Ms. Kass bound Sentient Jet to a Sender Agreement.
3. Spam Arrest's Evidence Does Not Permit the Conclusion that Anyone at Sentient Jet Breached the Sender Agreement.
Assuming Spam Arrest could prove that a person at Sentient Jet with authority had manifested mutual assent to the Sender Agreement, it remains its burden to prove that Sentient Jet breached the contract. Peoples Mortgage, 496 P.2d at 356. In particular, it must prove that Sentient Jet sent "unsolicited commercial email" within the meaning of the Sender Agreement. The Sender Agreement defines "commercial email" as email that "primarily contain[s] an advertisement or promotion of a commercial product, service, or Web site . . . ." It defines all email as "unsolicited," "unless the Recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the Recipient's own initiative." In this case, Sentient Jet did not breach the Sender Agreement unless it sent an email without consent. Spam Arrest bears the burden of proving the absence of consent just as it does all other aspects of breach.
Although Spam Arrest finally conceded at oral argument that it bears the burden of proving consent, it attempted in its briefing to shift that burden to Sentient Jet. It did not, however, point to any precedent for a court shifting the burden of proving an aspect of breach to the breaching party. The court is aware of only one comparable circumstance: Washington courts require a defendant to prove payment where the plaintiff alleges breach of contract by nonpayment, reasoning that it is easier for a defendant to prove payment than it is for a plaintiff to prove non-payment. W. Coast Credit Corp. v. Pedersen, 390 P.2d 551, 553 (Wash. 1964). Similarly, Spam Arrest asserts that it is easier for Sentient Jet to prove that it obtained consent than for Spam Arrest to prove otherwise. It does not explain the assertion. Spam Arrest need only ask a customer if he consented, as it did with seven customers in this case. Even assuming that Washington law permits a court to shift the burden of proving breach based solely on which party is more likely to have proof, the circumstances of this case do not warrant a shift.
Spam Arrest's other attempts to shift the burden of proving consent fare no better. It points to non-contract causes of action (like the tort of conversion, or a violation of the Telephone Consumer Protection Act) for which consent is an affirmative defense. Spam Arrest brought a breach of contract claim (600 of them, actually), and in doing so accepted its burden to prove breach. It also argues that the Sender Agreement itself shifts the burden of proving consent. The court finds no support for that argument in the agreement's language.
Because Spam Arrest bears the burden of proof, Sentient Jet can force Spam Arrest to produce some evidence to meet that burden merely by pointing out "that there is an absence of evidence to support the nonmoving party's case." Celotex, 477 U.S. at 325. As to all but 7 of the 500 Spam Arrest customers that Sentient Jet emailed, Sentient Jet has done so.
The court begins with the 7 Spam Arrest customers who provided declarations that they did not consent to receive email from Sentient Jet. The court assumes for purposes of these motions that the declarations are admissible evidence that would permit a jury to conclude that these customers did not consent. A jury could also conclude, based on evidence of Sentient Jet's marketing practices, that these customers received unsolicited commercial email. Sentient Jet does not deny that the emails it sent to Spam Arrest customers, particularly those bearing the info@sentient.com or charterinfo@sentient.com return addresses, were commercial. Evidence from these 7 customers, however, reveals nothing about the remaining 493 who received email from Sentient Jet. Spam Arrest has no evidence that these 7 customers are representative of others, and no argument that it can discharge its burden of proof by ignoring the vast majority of the customers withheld consent. As Sentient Jet notes, this case is not a class action, it is a single plaintiff's attempt to prove about 600 breaches of contract.
Sentient Jet asks the court to strike these declarations because, among other things, Spam Arrest did not specifically identify these customers as witnesses until it filed its summary judgment motion. Were it necessary, the court would give Sentient Jet the opportunity to depose these customers. It is not necessary, however, because there is no evidence from which a jury could conclude that Sentient Jet is bound to a Sender Agreement as to these seven customers.
Beyond these seven customers, there is little evidence that Sentient Jet sent emails without consent. If there were any evidence of the content of the commercial emails that Sentient Jet sent, a jury might be able to infer lack of consent. An email that begins "To Whom it May Concern," for example, is much more likely to have been sent without consent than an email that begins "Dear Ms. Lewis, we have learned from one of our marketing partners that you are interested in charter jet travel." Spam Arrest admits, however, that it does not know the content of any email Sentient Jet sent to one of its customers. Todaro Decl., Ex. 2 (Dkt. # 37) (Harb Depo. at 29). On this record, a reasonable jury would at most be able to conclude that Sentient Jet sent commercial email to Spam Arrest customers.
If Sentient Jet were to present the same evidence at trial that it presented in its motion, a jury might also conclude that Sentient Jet obtains from third parties most of the email addresses to which it sends commercial email. No jury could conclude that those third parties obtained consent from the consumers whose email addresses it sold to Sentient Jet. There is no competent evidence underlying Sentient Jet's assertion that it obtained any Spam Arrest customer's address from a third party who first obtained consent. No jury could conclude, for example, that Spam Arrest derives consent from a third party based on the third party's advertisement boasting about its consent practices. Among other things, that evidence is inadmissible hearsay as to the truth of the boasts. Moreover, Sentient Jet offers no evidence at all as to where it obtained many of the addresses of the Spam Arrest customers at issue. A jury could speculate, however, based both on Sentient Jet's evidence and common experience, that some of those consumers may have consented to the receipt of commercial email.
Based on this thin evidence, a jury could only speculate as to whether any Spam Arrest customer (beyond the seven who provided declarations) consented to receive email from Sentient Jet. The line between permissible inference and impermissible speculation is not always easy to draw. The court finds, however, that the bare fact that a person received a commercial email from a marketer who obtained the person's address from a third party is insufficient to permit anything but speculation as to whether the person consented to receive the email. To rule otherwise would be to create a presumption that no one consents to receive commercial email, and the court declines to do so.
Evidence that some Spam Arrest customers blocked Sentient Jet addresses is also insufficient to permit the conclusion that Sentient Jet lacked consent. As the court noted, many of the addresses that customers blocked were spoofed addresses with no connection to Sentient Jet. Even as to legitimate Sentient Jet addresses, only speculation can transform evidence of a blocked address into evidence that a customer did not consent to receiving prior emails from that address.
4. Spam Arrest's Liquidated Damages Clause is Invalid.
Even if Spam Arrest could provide sufficient evidence that Sentient Jet bound itself to a Sender Agreement and breached it, it would still need to prove damages. Until oral argument, Spam Arrest relied solely on the Sender Agreement's $2,000 liquidated damages clause.
Liquidated damages are "a sum of money agreed upon in advance that is a reasonable forecast of just compensation for the harm caused by breach" of a contract. Minnick v. Clearwire US, LLC, 275 P.3d 1127, 1131 (Wash. 2012). Washington law favors "[t]rue liquidated damages clauses, those that are not penalties . . . ." Walter Implement, Inc. v. Focht, 730 P.2d 1340, 134 (Wash. 1987). In determining whether a liquidated damages clause is valid, the court considers a number of factors. The most important factor is whether the liquidated damages are, at the time of contracting, a reasonable estimate of the losses that will arise from a breach. Wallace Real Estate Inv., Inc. v. Groves, 881 P.2d 1010, 1017 (Wash. 1994) (adopting a "single-factor approach, which focuses on the reasonableness of the preestimate of loss"); see also Watson v. Ingram, 881 P.2d 247, 249 (Wash. 1994) (adopting "the date of contract formation as the proper timeframe" for evaluating the reasonableness of the estimate). There is no requirement "that the parties specifically discuss anticipated losses from a breach." Wallace, 881 P.2d at 1018. Courts give some weight to contract clauses that declare a liquidated damages clause reasonable (like the one in the Sender Agreement "acknowledg[ing] that the $2000.00 remedy is a reasonable estimate of Spam Arrest's and the Recipient's actual damages"), but the clauses are "not necessarily controlling or conclusive." Walter Implement, 730 P.2d at 1343.
A court cannot reject liquidated damages merely because they are greater than actual damages. Watson v. Ingram, 881 P.2d 247, 251 (Wash. 1994). Indeed, there is no requirement that the plaintiff prove actual damages in order to rely on a liquidated damages clause. Wallace, 881 P.2d at 1017. Nonetheless, the court may consider actual damages "in evaluating the reasonableness of the preestimate," and "where [actual damages] are so disproportionate to the estimate that to enforce the estimate would be unconscionable." Id. A court should consider whether the damages arising from a breach were "easy or difficult to estimate in advance." Kettner v. Buchanan, 984 P.2d 1047, 1049 (Wash. Ct. App. 1999). A plaintiff need not, however, prove that actual damages were difficult to prove as a condition for the recovery of liquidated damages. Wallace, 881 P.2d at 1017. Instead, "[t]he greater the prospective difficulty of estimating possible damages, the greater the range of reasonableness used in assessing a liquidated damages provision." Watson, 881 P.2d at 251. The court also considers the sophistication of the contracting parties. Id. at 1019.
Taking all of these considerations into account, the court holds that the Sender Agreement's liquidated damage clause is invalid. No reasonable finder of fact could conclude that $2,000 was a reasonable forecast of damages arising from a breach of the Sender Agreement. The evidence suggests that Spam Arrest has never attempted to forecast or calculate the damages arising from a breach of any Sender Agreement, and instead plucked the $2,000 figure from thin air. Even now, forced to defend the $2,000 figure as a reasonable forecast, Spam Arrest is unable to draw a plausible connection between the $2,000 it claims and the damages it suffers as a result of the breach of a single Sender Agreement. Although forecasting damages from a single breach of a Sender Agreement is difficult, that difficulty does not justify $2,000 in liquidated damages. Evidence from Spam Arrest's business records demonstrates that under any theory of loss, $2,000 is a gross overestimate. Evidence from its expert witness confirms that the $2,000 is justifiable only as a deterrent, not as a reasonable forecast of damages.
a. Spam Arrest's Actual Damages from the Breach of a Sender Agreement Are Virtually Always Less than $2,000.
The court begins its assessment of the Sender Agreement's liquidated damages by considering Spam Arrest's actual damages. Although Spam Arrest asserts that it bears a direct operational cost from its computer systems handling spam that violates Sender Agreements, the most charitable reading of the evidence supports only the conclusion that this cost is nowhere near $2,000. Given the evidence the court reviewed in Part III.C, it would be difficult to conclude that Spam Arrest's direct operational costs as a result of a single breach approach even $0.02. Spam Arrest could receive, at most, nominal damages if it relied solely on the operational costs it incurred as a result of Sentient Jet's spam. See Ford, 43 P.3d at 1229 (remanding for nominal damages award on contract claim where plaintiff had no proof of the amount of his damages).
Spam Arrest might plausibly lose revenue as a result of a customer receiving spam. It is plausible (although far from certain) that every piece of spam a customer receives makes it incrementally more likely that the customer will leave Spam Arrest. If a customer leaves, Spam Arrest loses that customer's future subscription fees.
There is no evidence that the loss of a customer costs Spam Arrest, on average, anywhere near $2,000 in direct revenue. Of the 500 or so Spam Arrest customers corresponding to Sentient Jet's verifications, only a few have paid Spam Arrest more than $1,000, and all paid less than $1,200. SS. Many more (about 60) of those customers have never paid Spam Arrest anything. Id. Most of the 500 customers have paid roughly $100 to $300 over the course of their relationship with Spam Arrest. There is no evidence that other Spam Arrest customers have paid more on average. There is, in short, no evidence that $2,000 is a reasonable forecast of lost revenue directly from any customer as a result of a breach.
Perhaps because it cannot justify a $2,000 award as a reasonable estimate of direct revenue loss, Spam Arrest relies instead on a theory of "downstream revenue" loss. The "downstream revenue" associated with customer X is the revenue Spam Arrest earns from new customers who subscribe after learning about the company by completing the verification process after emailing customer X. By implanting cookies on senders' computers during the verification process, Spam Arrest is able to calculate how much downstream revenue a customer generates. Nguyen Decl. ¶¶ 6-8 (Dkt. # 69). Those calculations assume that any customer who joined Spam Arrest after completing the verification process did so because of the verification process. Spam Arrest has no evidence to substantiate that assumption. Its downstream revenue data thus starts on shaky ground.
The court observes that neither party has addressed whether "downstream revenue" is recoverable as a matter of contract law. Washington law limits contract damages to those that were "reasonably foreseeable" by the breaching party when it entered the contract. Larsen v. Walton Plywood Co., 390 P.2d 677, 681 (Wash. 1964). Could Sentient Jet have reasonably foreseen "downstream revenue" losses as a result of sending spam in violation of the Sender Agreement? The court declines to answer the question because no party has raised it.
Spam Arrest touts evidence that its top producers of downstream revenue are lucrative assets. According to Spam Arrest, its 5 top downstream revenue producers each brought in more than $100,000 in downstream revenue, another 93 have produced more than $10,000, and 235 have produced more than $2,000. These figures are suspect, to say the least. They are not estimates of a single level of downstream revenue (i.e., the amount of revenue that Spam Arrest earns from customers who joined as a result of verifying email sent to customer X), but of four levels of downstream revenue (i.e., the amount of revenue that Spam Arrest earns from customers who joined as a result of verifying email sent to customer X, or to any downstream customer of customer X, or to any downstream customer of a customer of customer X, or to any downstream customer of a customer of a customer of customer X). Because of the four-level calculation, it is virtually assured that Spam Arrest's top producer data is duplicative, and perhaps wildly so. For example, imagine that customer X produces a single downstream customer Y, who produces a single downstream customer Z who pays Spam Arrest $100,000 in subscription fees. In Spam Arrest's view, both customer X and customer Y are producers of $100,000 in downstream revenue, even though the company has received only $100,000. Spam Arrest produces no business records to document its downstream revenue calculations. Its counsel insisted at oral argument that its downstream revenue calculations do not improperly duplicate revenue, but counsel's insistence is no substitute for evidence. The evidence, from Spam Arrest's Director of Technical Operations, reveals a methodology that will inevitably lead to multiple customers receiving credit for the same downstream revenue. Nguyen Decl. ¶¶ 6-8 (Dkt. # 69). Nonetheless, the court will consider Spam Arrest's data as to its top producers of downstream revenue. That data serves only to emphasize that $2,000 is not a reasonable forecast of damages from a breach of a Sender Agreement.
The most salient feature of Spam Arrest's top producer data is that the overwhelming majority of Spam Arrest's customers produce less than $2,000 in downstream revenue. Compiling Spam Arrest's yearly subscriber and cancellation figures, Todaro Decl., Ex. 9 (Dkt. # 41), Spam Arrest has had about 268,000 customers since 2002. About 67,000 of them were customers as of October 2012. Id. Taking Spam Arrest's top producer data at face value, less than one half of one percent (0.5%) of its current customers have produced at least $2,000 in downstream revenue. Less than one eight of one percent (0.125%) of the customers Spam Arrest has had since 2002 have produced at least $2,000 in downstream revenue. Spam Arrest's profit-and-loss statements from 2006 to 2011 show that the $1.9 million its 333 top producers have brought in is a sizeable fraction of its total revenue (about $6.9 million) from subscribers during that period. Todaro Decl., Ex. 10 (Dkt. # 42). Estimating that Spam Arrest has had about 200,000 customers since 2006, customers other than its top producers have produced an average of $25 in downstream revenue. Indeed, even if the court ignores the data from the top producers, Spam Arrest's customers since 2006 have produced a rough average of $35 in downstream revenue. Spam Arrest makes no attempt to explain how $2,000 can be a reasonable forecast of damages when its data show that 99.5% of its customers produce less than $2,000 in downstream revenue, and that an average customer produces less than $50 in downstream revenue.
In connection with its expert's report, Spam Arrest compiled a spreadsheet of the downstream revenue generated by each of the 999 customers who have resulted in the most new customers. Linke Decl., Ex. A (Dkt. # 60-1) (Shavell Rep., Ex. F). Those 999 customers produced roughly $4 million of the $6.9 million Spam Arrest earned from its subscribers from 2006 to 2011. Id. The remaining 199,000 customers produced an average of about $14.50 in downstream revenue. The court's figures are rough, in part because Spam Arrest's subscriber and cancellation data reaches back to 2002, whereas its revenue information reaches back only to 2006.
Moreover, whether Spam Arrest justifies its liquidated damages as a forecast of direct revenue loss or downstream revenue loss, it cannot ignore that it has virtually no evidence that its customers leave because they receive spam. The data that the court just summarized suggest that about 200,000 people who never received an email from Sentient Jet have left Spam Arrest in the past decade. The court has no idea why they left because Spam Arrest has produced no evidence. Indeed, Spam Arrest admits that it has not attempted to determine if its customers leave because they receive spam. As to the 500 or so customers who allegedly received spam from Sentient Jet, about 450 of them are still Spam Arrest customers. Most of the 50 or so who canceled were silent as to their reasons. Those who gave a reason generally offered one unrelated to Spam Arrest's spam-protection prowess. Only one of the 500 customers complained that Spam Arrest was ineffective at filtering out spam. On this record, any reasonable forecast of damages resulting from a piece of spam sent in breach of a Sender Agreement would have to reflect a substantial discount to account for the lack of evidence that spam makes customers leave Spam Arrest.
b. The $2,000 Figure Bears None of the Hallmarks of a Reasonable Forecast of Damages from a Breach of the Sender Agreement.
If Spam Arrest were to make a reasonable forecast of downstream revenue loss, it would almost certainly have to begin by acknowledging that each Sender Agreement is an agreement not to send spam to a single Spam Arrest customer. If that customer were one of Spam Arrest's few "top producers," Spam Arrest might have a reasonable basis to forecast high damages in the event of a breach of the Sender Agreement. Conversely, if that customer were one who had never produced any revenue ("downstream" or otherwise) for Spam Arrest, Spam Arrest would have little basis to forecast any damages. Spam Arrest could, of course, develop numerous approaches to estimating probable future losses (at the time of entry into a Sender Agreement) based on a comparison of a customer's revenue history and the length of his or her tenure as a customer to a comparable average customer's revenue production. But Spam Arrest does none of this. It imposes a $2,000 liquidated damages figure without regard to the characteristics of the customer whom the Sender Agreement protects and without regard to data that exists at the time a sender enters a Sender Agreement.
Spam Arrest selectively quotes Washington precedent to argue that so long as liquidated damages fall within the range of "possible" or "potential" damages, they are a reasonable forecast of damages. E.g., Pltf.'s Mot. (Dkt. # 57) at 22; Pltf.'s Reply (Dkt. # 68) at 10. In its view, $2,000 is a reasonable estimate because its "possible" damages might exceed $100,000 in downstream revenue loss. While the range of "possible" damages is relevant in forecasting damages, an estimate is not reasonable merely because it falls within that range. Even accepting Spam Arrest's dubious downstream revenue data, the probability that the loss of any customer will lead to as much as $2,000 in revenue loss is microscopic. Put simply, even if the court accepts that Spam Arrest's "possible" damages are $2,000 or more, its damages will be less in the overwhelming majority of cases.
The court acknowledges that Spam Arrest faces substantial difficulty in forecasting the harm arising from a breach of a Sender Agreement. It knows that it will be difficult to determine the extent to which any particular breach of a Sender Agreement causes a customer to leave. It knows that it will be difficult to estimate the damages that arise from a customer leaving. These difficulties do not excuse Spam Arrest's failure to consider relevant evidence in making a reasonable forecast. They do not excuse Spam Arrest's failure to compile basic data revealing the extent to which spam causes it to lose customers. They do not excuse the gross disproportion between even the most charitable estimate of damages arising from a breach of the Sender Agreement and the $2,000 that Spam Arrest claims in liquidated damages.
c. Spam Arrest's Expert Does Not Opine on Whether $2,000 Is A Reasonable Forecast of Damages from a Breach.
Spam Arrest hired Dr. Steven Shavell, an economics expert with an impressive resume, to bolster its case for imposing $2,000 in liquidated damages. Dr. Shavell's opinions, however, support the conclusion that although the $2,000 figure makes sense as a deterrent to breach of a Sender Agreement, it makes no sense at all as a reasonable forecast of damages arising from breach. Dr. Shavell points out, reasonably enough, that Spam Arrest will not pursue remedies for every breach of a Sender Agreement, and thus it is very unlikely that any person who breaches a Sender Agreement would pay $2,000. People who consider breaching the Sender Agreement, in his view, implicitly discount the $2,000 figure sharply to account for the low odds that they will ever pay damages. Shavell Report ¶¶ 37-42. Dr. Shavell refers to the discounted figure as the "effective damages." Id. ¶¶ 37-38. He opines that Spam Arrest must choose a liquidated damages amount that is high enough so that the associated "effective damages" amount is sufficient to deter violations of the Sender Agreement. Id. ¶¶ 50-54. The court has no quarrel with Dr. Shavell's reasoning. The problem is that his reasoning is wholly divorced from the analysis of liquidated damages clauses that Washington law requires.
Dr. Shavell's report is Exhibit A to one of Spam Arrest's counsel's declarations. Dkt. # 60-1.
Spam Arrests cites no law permitting a party to impose liquidated damages solely as a deterrent to breach, and the court is aware of none. If a liquidated damages clause that complies with Washington law incidentally serves as a deterrent to breach, so be it. But a party cannot justify a liquidated damages clause by touting its deterrent value. Were it otherwise, parties could inflate liquidated damages simply by declaring that a bigger award is a bigger deterrent. This is the hallmark of a penalty, not a reasonable forecast of damages.
At oral argument, Spam Arrest appeared to concede that Dr. Shavell's opinions as to the deterrent value of the liquidated damages clause were irrelevant to the analysis that Washington law requires. It nonetheless insisted that Dr. Shavell also opined that $2,000 was a reasonable estimate of loss. It did not cite a word from his expert report. The court finds nothing in that report that suggests that $2,000 is a reasonable forecast of damages. At most, his report recycles Spam Arrest's view that because $2,000 is in the range of its "possible" damages, it is not excessive. At Dr. Shavell's deposition, he stated that "it is unlikely that on average each piece of spam causes $2,000 worth of harm. That's extremely unlikely." Todaro Decl., Ex. 22 (Dkt. # 62-3) (Shavell Dep. at 89-90). A liquidated damage clause need not precisely forecast an average loss, but it cannot "forecast" a loss that Spam Arrest knows (or should have known) will never occur for at least 99.5% of its customers.
For the foregoing reasons, the court concludes that even construing the evidence in the light most favorable to Spam Arrest, $2,000 is not a reasonable forecast of damages arising from breach of a Sender Agreement. The liquidated damages clause is invalid as a matter of law.
The court now summarizes its disposition of Spam Arrest's approximately 600 breach of contract claims. Although a jury might conclude that one or more Sentient Jet employees was aware (or had an objective basis to be aware) that she was entering a Sender Agreement, no jury could conclude that any Sentient Jet employee who did so had power to bind the company. Even if one of those employees had power to bind the company, no jury could conclude that employee actually sent an email that violates the Sender Agreement the employee entered. Finally, even if a jury could find that Sentient Jet was bound to a Sender Agreement and breached it, the $2,000 liquidated damage clause is invalid.
The court summarily rejects Sentient Jet's contention that the Sender Agreement is void under Washington law because it is contrary to the policy expressed in a federal anti-spam statute. Def.'s Mot. (Dkt. # 35) at 16 (citing the "CAN-SPAM Act", 15 U.S.C. § 7704).
The court now considers Spam Arrest's non-contract, claims, even though Spam Arrest mentioned none of them at oral argument.
B. Tortious Interference
To prove that Sentient Jet tortuously interfered with contracts or business expectancies, Spam Arrest must prove the following:
(1) the existence of a valid contractual relationship or business expectancy; (2) that defendants had knowledge of that relationship; (3) an intentional interference inducing or causing a breach or termination of the relationship or expectancy; (4) that defendants interfered for an improper purpose or used improper means; and (5) resultant damage.Leingang v. Pierce County Medical Bureau, 930 P.2d 288, 300 (Wash. 1997).
For reasons the court has already stated, with one possible exception, there is no evidence from which a jury could conclude that anything Sentient Jet did caused the breach or termination of any customer's relationship with Spam Arrest. That one exception, consisting of a single entry on a spreadsheet suggesting that a customer left Spam Arrest because of his dissatisfaction over receiving spam, is insufficient to create a triable issue of fact as to whether Sentient Jet was even part of the cause of that customer's dissatisfaction. Spam Arrest correctly notes that in cases where it is impossible to determine which of many tortious actors actually caused a harm, courts will nonetheless deem each of the actors responsible for the harm. E.g., Cox v. Spangler, 5 P.3d 1265, 1271-72 (Wash. 2000). But as to the single customer who received email from Sentient Jet and left Spam Arrest after complaining of spam, there is no evidence from which a jury could conclude that Sentient Jet was even one of the senders of spam who caused this customer to leave. For at least that reason, Spam Arrest cannot prove that Sentient Jet interfered with any contract or business expectancy.
C. Consumer Protection Act
A CPA claim has five elements: "(1) [an] unfair or deceptive act or practice; (2) occurring in trade or commerce; (3) public interest impact, (4) [an] injury to plaintiff in his or her business or property, [and] (5) causation." Hangman Ridge Training Stables, Inc. v. Safeco Title Ins., 719 P.2d 531, 523 (Wash. 1986).
Here, the only "unfair or deceptive act or practice" to which Spam Arrest points is Sentient Jet's alleged transmission of email to Spam Arrest customers without their consent. As the court has already stated, Spam Arrest has not provided evidence from which a jury could conclude that a person with authority to bind Sentient Jet sent email to any Spam Arrest customer without consent.
Spam Arrest also suggests that it is pursuing the CPA claims of its customers, noting that they suffered injury from the receipt of spam. With the exception of the seven customers who provided declarations, it has no evidence of its customers' injuries. Each of those seven customers, moreover, lives outside Washington. Spam Arrest does not explain how non-Washingtonians could invoke the Washington Consumer Protection Act against Sentient Jet (a company headquartered in Massachusetts).
Spam Arrest's subscriber agreements contain a clause in which the subscriber assigns all legal claims arising out of the receipt of spam. E.g., Harb Decl. ¶ 13 (Dkt. # 58) & Ex. A (May 11, 2012 Terms of Service Agreement at p. 7 of 8) (Dkt. # 50-1). It is not clear if Spam Arrest purports to pursue its customers' claims in this suit. If so, it has presented no evidence of their damages other than the seven customer declarations the court has referenced.
--------
D. Computer Fraud and Abuse Act
The CFAA, which criminalizes unauthorized access to computer systems, also provides a limited civil cause of action. 18 U.S.C. § 1830(g). Among other things, that cause of action requires proof that a defendant violated the statute. Spam Arrest contends that Sentient Jet violated the statute's prohibition on "intentionally access[ing] a protected computer without authorization" and causing damage as a result of that access. 18 U.S.C. § 1830(a)(5)(C). Spam Arrest also acknowledges that its CFAA claim requires it to prove that Sentient Jet caused a loss over a one-year period "aggregating at least $5,000" in value. 18 U.S.C. § 1830(c)(4)(A)(i)(I).
Spam Arrest contends that Sentient Jet accessed its computers without authorization both to complete the verification process and to send emails in violation of the Sender Agreement. Neither contention withstands scrutiny as a matter of statutory interpretation. Spam Arrest gives authorization to any email sender to access its computers for the purpose of completing the verification process. Even if a sender completes the verification process by falsely indicating that the email she sends is not spam, the user still has authorization to access Spam Arrest's computers, at least for the purpose of completing the verification process. Nothing advises any user that her right to submit the verification form depends on the accuracy of any statement she makes on that form. As to accessing Spam Arrest's computers by sending email, there is no evidence that anyone at Sentient Jet actually knew that email it sent to Spam Arrest customers passed through Spam Arrest's computers. The emails were addressed to third-party email accounts. Putting that fatal defect aside, Spam Arrest authorizes everyone, spammers or not, to send email to its customers. Spam Arrest simply segregates spam from other emails. Although what Spam Arrest does with an email to one of its customers depends on whether the sender is verified, the authorization to send email via Spam Arrest's computers does not. Moreover, no Ninth Circuit court has ever held that the mere act of sending an email constitutes access to a computer through which the email passes on the way to its recipient.
Spam Arrest implicitly recognizes that it grants free access to its computers for the purpose of completing the verification process and sending emails to its customers, and instead insists that Sentient Jet "exceeded [its] authorized access" by "repeatedly sending spam." Pltf.'s Mot. (Dkt. # 57) at 31. Spam Arrest does not, however, attempt to rely on any portion of the CFAA that makes it unlawful to exceed authorized access. In the Ninth Circuit, moreover, a person with authority to access a computer does not "exceed[] authorized access" within the meaning of the CFAA merely by violating restrictions on the use of the computer. United States v. Nosal, 676 F.3d 854, 863 (9th Cir. 2012). The court declines Spam Arrest's request that the court disregard the Nosal court's interpretation of the CFAA because Nosal concerned an alleged criminal violation of the statute. A statute's words do not mean one thing in a civil case and another in a criminal case. The Nosal court's interpretation of the CFAA binds this court.
Spam Arrest's CFAA claim also fails for at least two of the reasons that its breach of contract claim fails. It cannot prove that Sentient Jet (as opposed to its employees) accessed Spam Arrest's computers; and it cannot prove (except for seven customers) that Sentient Jet sent emails to Spam Arrest's customers without their consent (and thus that whatever "access" Sentient Jet had to Spam Arrest's computers was unauthorized).
The court's disposition today makes it unnecessary to decide whether Spam Arrest's evidence is sufficient to permit a jury to conclude that Sentient Jet's access to Spam Arrest's computers caused at least $5,000 in loss over any one-year period.
V. CONCLUSION
For the reasons previously stated, the court GRANTS summary judgment for Sentient Jet on all of Spam Arrest's claims. The clerk shall TERMINATE the August 20 motion calendar, DISMISS this case with prejudice, and enter judgment for Sentient Jet.
______________________
The Honorable Richard A. Jones
United States District Court Judge