Gordon v. Virtumundo, Inc.

TALLMAN, Circuit Judge:

This case addresses unsolicited commercial e-mail, more commonly referred to as “spam.”1 While ignored by most and re*1045viled by some, spam is largely considered a nuisance and a source of frustration to email users who, at times, must wade through inboxes clogged with messages peddling assorted, and often unwanted, products and services. The rising tide of spam poses an even greater problem to businesses, institutions, and other entities through network slowdowns, server crashes, and increased costs. At the same time, commercial enterprise has staked its claim within the online world. The Internet is a unique medium that offers legitimate businesses a low-cost means to promote themselves and their wares and in turn fosters competition in the marketplace. Both consumers and Congress have come to view e-mail, when fairly employed, as an established and worthwhile device in the toolbox of accepted marketing practices.

After individual states initially wrestled with properly balancing the benefits and burdens of commercial e-mail, Congress enacted legislation in an effort to curb the negative consequences of spam and spamming practices without stifling legitimate commerce. Through this opinion we review the federal statutory scheme of the Controlling the Assault of Non-Solicited Pornography and Marketing (“CAN-SPAM”) Act of 2003, 15 U.S.C. § 7701 et seq., and assume the formidable task of determining the statutory standing requirements and the scope of federal preemption intended by Congress.

In the case before us, James S. Gordon, Jr. and his company, Omni Innovations, LLC (“Omni”),2 sued Virtumundo, Inc., Adknowledge, Inc., and Scott Lynn, the sole shareholder of both companies, seeking injunctive relief and significant damages based on the receipt of thousands of commercial e-mails. Defendants are in the online marketing business and widely transmit e-mail advertisements and solicitations to potential consumers on behalf of third-party clients. In the parlance of our time, they are “spammers.”

Based on a dense record developed through substantial discovery, the district court granted summary judgment in favor of Virtumundo, Adknowledge, and Lynn (collectively, “Virtumundo”) on all of Gordon’s claims. We have jurisdiction over Gordon’s appeal pursuant to 28 U.S.C. § 1291. Having carefully and independently evaluated the issues in light of the evidence, we agree that summary judgment was proper and therefore affirm.

I

Gordon is the original registrant of the Internet domain “gordonworks.com,” which he hosts on server space that Omni leases from GoDaddy, a domain registrar and web hosting company that also sells e-business related software and services, see http://www.godaddy.com. The GoDaddy service allows users to virtually access the server through an ordinary Internet connection — in Gordon’s case, a broadband connection from Verizon. Through a virtual desktop called a “Plesk,” Gordon is able to manage his domain. He can post content on the Internet, create new e-mail accounts, and set user names and log-on passwords. There are, of course, substantial restrictions regarding Gordon’s usage of the leased server space.

It was through this vehicle that Gordon created a personal e-mail address: “jim@ gordonworks.com.” Around September *10462003, Gordon created additional e-mail accounts through the gordonworks.com domain for about six friends and family members, which he monitored for “data collection” and “research purposes.” Gordon registered jim@gordonworks.com and the gordonworks.com e-mail addresses of his “clients” in response to various online promotions and for numerous prize giveaways. Gordon estimates that, in doing so, he subscribed, or “opted in,” to e-mail mailing lists somewhere between 100 and 150 times.3

Soon thereafter, these accounts began receiving e-mails from businesses marketing their goods and services. Some of these messages were transmitted by online marketers, such as Virtumundo, on behalf of their clients. At his instruction, Gordon’s “clients” relinquished control of their e-mail accounts. They then set up then-own domains through GoDaddy, which they housed on the server space leased by Omni. This enabled these individuals to create their own e-mail addresses “@” personalized domain names — e.g., “anthonycentral.com,” “jaykaysplace.com,” and “chiefmusician.net” — rather than gordonworks.com.

Gordon continued to maintain and monitor the abandoned gordonworks.com email accounts. He described his ongoing efforts as “do[ing] research on the spam that comes through.” At some later point, Gordon configured the e-mail server to provide an automated response to all commercial e-mail sent to gordonworks.com accounts. The response was titled “Notice of Offer to Receive Unsolicited Commercial Email (SPAM)” and purported to consummate a “binding contract” by which the sender agreed to either cease and desist or pay Gordon $500 for each additional unsolicited e-mail subsequently delivered to the account. While he claims that online marketers, including Virtumundo, ignored his requests that all gordonworks.com e-mail addresses be removed from their mailing lists, Gordon does not provide evidence, apart from a general “belief,” that he followed the “opt-out” procedure stated in the individual e-mail messages. Not surprisingly, the e-mail accounts continued to receive spam, which over time accumulated in the unused in-boxes. At the time of his deposition in January 2007, these gordonworks.com email accounts remained active. However, the only persons who actually used a gordonworks.com account were Gordon and his wife.

In 2004, Gordon began filing lawsuits in state and federal court against persons and companies who sent solicitations or advertisements to e-mail accounts hosted on Omni’s leased server space. In February 2006, Gordon filed this lawsuit against Virtumundo in the Western District of Washington. He asserted various causes of action for violations of the CAN-SPAM Act, 15 U.S.C. § 7701 et seq., the Washington Commercial Electronic Mail Act (“CEMA”), Wash. Rev.Code § 19.190.010 et seq., the Washington Consumer Protection Act (“CPA”), Wash. Rev.Code § 19.86.010 et seq., and the Washington “Prize Statute,” Wash. Rev.Code § 19.170.010 et seq. As relevant to this appeal, Gordon contends that Virtumundo sent, according to his most recent estimate, approximately 13,800 materially misleading or otherwise unlawful commercial e-mail messages to e-mail accounts hosted through gordonworks.com. Gordon sought injunctive relief, several millions of dollars *1047in statutory and treble damages, and his attorney’s fees and costs.4

In December 2006, the Honorable John C. Coughenour granted in part and denied in part Virtumundo’s motion to dismiss for pleading deficiencies. The order dismissed Gordon’s Prize Statute claims, in their entirety, and his CEMA and CPA claims to the extent they related to the gathering of “personally identifying information.” Wash. Rev.Code § 19.190.080. The court gave leave to amend the complaint to cure pleading deficiencies, but Gordon never did so.

Virtumundo then moved for summary judgment on all remaining claims, which consisted of Gordon’s CAN-SPAM Act claims and the surviving CEMA and CPA claims. By Order dated May 15, 2007, the district court granted the defense motion, see Gordon v. Virtumundo, Inc., No. 06-0204, 2007 WL 1459395 (W.D.Wash. May 15, 2007). Judge Coughenour concluded that both Gordon and Omni lacked standing to pursue a private action under the CAN-SPAM Act and that the state law claims failed as a matter of law based in part on federal preemption grounds.

Gordon alone now appeals this grant of summary judgment.5

II

We review a district court’s grant of summary judgment de novo, and may affirm on any basis supported by the record. Burrell v. McIlroy, 464 F.3d 853, 855 (9th Cir.2006). Our review is governed by the same standard used by the trial court under Federal Rule of Civil Procedure 56. Adcock v. Chrysler Corp., 166 F.3d 1290, 1292 (9th Cir.1999). ‘Viewing the evidence in the light most favorable to the nonmoving party, we must determine whether there are any genuine issues of material fact and whether the district court correctly applied the relevant substantive law.” Devereaux v. Abbey, 263 F.3d 1070, 1074 (9th Cir.2001) (en banc).

A determination of standing is a question of law that we review de novo, see Nat’l Res. Def. Council v. EPA, 542 F.3d 1235, 1244 (9th Cir.2008), as is a finding of federal preemption, see Indus. Truck Ass’n, Inc. v. Henry, 125 F.3d 1305, 1309 (9th Cir.1997).

Ill

A

We first turn to Gordon’s CAN-SPAM Act claims. The CAN-SPAM Act became effective on January 1, 2004, and was enacted in response to mounting concerns associated with the rapid growth of spam e-mails. Congress determined:

(1) there is a substantial governmental interest in regulation of commercial electronic mail on a nationwide basis;
(2) senders of commercial electronic mail should not mislead recipients as to the source or content of such mail; and
(3) recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source.

15 U.S.C. § 7701(b).6 The Act does not *1048ban spam outright, but rather provides a code of conduct to regulate commercial email messaging practices. Stated in general terms, the CAN-SPAM Act prohibits such practices as transmitting messages with “deceptive subject headings” or “header information that is materially false or materially misleading.” See 15 U.S.C. § 7704(a)(1), (2). The Act also imposes requirements regarding content, format, and labeling. For instance, unsolicited email messages must include the sender’s physical postal address, indicate they are advertisements or solicitations, and notify recipients of their ability to decline further mailings. 15 U.S.C. § 7704(a)(5). Moreover, in order to comply with the Act, each message must have either a functioning return e-mail address or a comparable mechanism that allows a recipient to “opt out” of future mailings. 15 U.S.C. § 7704(a)(3).7

The CAN-SPAM Act’s enforcement provision empowers the Federal Trade Commission, state attorneys general, and other state and federal agencies to pursue legal actions to enforce the Act’s provisions. 15 U.S.C. § 7706(a), (b), (f). Congress also provided a limited private right of action, which states: A “provider of Internet access service adversely affected by a violation of’ § 7704(a)(1), (b), or (d), or “a pattern or practice that violates” § 7704(a)(2) through (5) of the Act “may bring a civil action in any district court” to enjoin further violation by a defendant or to recover either actual or statutory damages, whichever is greater. 15 U.S.C. § 7706(g)(1). Statutory damages under the CAN-SPAM Act are substantial and can equal as much as $300 per unlawful email.8 15 U.S.C. § 7706(g)(3). The Act also authorizes an award of attorneys’ fees and costs against any party at the district court’s discretion. 15 U.S.C. § 7706(g)(4).

Therefore, in any private action claiming CAN-SPAM Act violations, a threshold issue is whether the plaintiff satisfies the statutory standing requirements. On its motion for summary judgment, Virtumundo challenged Gordon’s and Omni’s ability to pursue a private action under § 7706(g)(1). The district court conducted a thorough analysis of the existing case law, the CAN-SPAM Act itself, and the legislative history. Based upon the well-developed facts of the summary judgment record, the district court concluded that Plaintiffs had not demonstrated adequate harm — i.e., an “adverse effect,” as the district court called it — and therefore lacked standing with respect to these federal claims. Gordon, 2007 WL 1459395, at *8.

We agree that Gordon lacks standing to bring a private action under the CAN-SPAM Act. We commend the district court’s pioneering analysis in this uncharted territory, and reach a similar conclusion based on our assessment of the CAN-SPAM Act’s statutory standing requirement and the appellate record.

B

As recognized by several courts, the case law regarding the relevant legal stan*1049dards under the CAN-SPAM Act is “scant,” ASIS Internet Servs. v. Optin Global, Inc., No. 05-05124, 2008 WL 1902217, at *15 (N.D.Cal. Apr.29, 2008), and few courts have construed the standing provision, ASIS Internet Servs. v. Active Response Group, No. 07-6211, 2008 WL 2952809, at *2 (N.D.Cal. July 30, 2008). Neither we nor any of our sister circuits have comprehensively addressed this issue. We endeavor to do so here, at least in part.

1

We begin by acknowledging that the CAN-SPAM standing inquiry involves two general components: (1) whether the plaintiff is an “Internet access service” provider (“IAS provider”), and (2) whether the plaintiff was “adversely affected by” statutory violations. See, e.g., Brosnan v. Alki Mortgage, LLC, No. 07-4339, 2008 WL 413732, at *l-*2 (N.D.Cal. Feb.13, 2008). Beyond that, however, the statutory standing provision read as a whole is ambiguous — a point upon which all parties agree. We therefore employ familiar techniques of statutory construction to evaluate Congress’s intent with regard to both components and their relation to one another.

While over time courts have developed various canons to assist with statutory interpretation, this “is an area in which absolutist rules do not [always] lead to sensible or accurate results.” Mt. Graham Red Squirrel v. Madigan, 954 F.2d 1441, 1453 (9th Cir.1992). “[I]t is,” after all, “the duty of a court in construing a law to consider the circumstances under which it was passed and the object to be accomplished by it.” United States v. Curtis-Nev. Mines, Inc., 611 F.2d 1277, 1280 n. 1 (9th Cir.1980) (quoting United States v. Anderson, 9 Wall. 56, 76 U.S. 56, 65-66,19 L.Ed. 615 (1869)); accord Callejas v. McMahon, 750 F.2d 729, 731 (9th Cir.1984). Therefore, especially in this highly technical and evolving field, “[c]ommon sense not dogma is what is needed in order to explore the actual meaning of legislative enactments.” Mt. Graham Red Squirrel, 954 F.2d at 1453.

There are a few points that heavily influence our analysis, which we identify at the outset. First, despite what Gordon and likeminded anti-spam enthusiasts might contend, the purpose of the CAN-SPAM Act was not to stamp spam out of existence. While Gordon is likely not alone in his deep-seated hostility toward spam and those who profit from it, there are beneficial aspects to commercial e-mail, even bulk messaging, that Congress wanted to preserve, if not promote. Indeed, the Act recognizes e-mail’s value as a worthwhile commercial tool:

Electronic mail has become an extremely important and popular means of communication, relied on by millions of Americans on a daily basis for personal and commercial purposes. Its low cost and global reach make it extremely convenient and efficient, and offer unique opportunities for the development and growth of frictionless commerce.

15 U.S.C. § 7701(a)(1); see also S.Rep. No. 108-102, at 2 (2003), as reprinted in 2004 U.S.C.C.A.N. 2348, 2349 (“Unlike direct mail delivered through the post office to consumers, [e-mail] can reach millions of individuals at little to no cost and almost instantaneously.”). The tailored regulations, which target deceptive and predatory practices and attempt to alleviate the negative effects of spam without unduly stifling lawful enterprise, embody the fine balance struck by Congress.

Second, Congress conferred standing only on a narrow group of possible plaintiffs: the Federal Trade Commission, certain state and federal agencies, state attorneys general, and IAS providers adversely affected by violations of the CAN-SPAM *1050Act. See 15 U.S.C. § 7706(a), (b), (f), (g). The decision to restrict the right of action does not reflect an indifference or insensitivity to the effects of spam on consumers. The contrary is true. The CAN-SPAM Act’s express findings and legislative history are littered with references to the burdens shouldered by individuals, businesses, and other institutions. The Act itself recognizes the “costs to recipients ... for the storage of [unsolicited commercial e-mail], or for the time spent accessing, reviewing, and discarding such mail, or both.” 15 U.S.C. § 7701(a)(3). We surmise that Congress’s intent was to limit enforcement actions to those best suited to detect, investigate, and, if appropriate, prosecute violations of the CAN-SPAM Act — those well-equipped to efficiently and effectively pursue legal actions against persons engaged in unlawful practices and enforce federal law for the benefit of all consumers.

Third, our review of the congressional record reveals a legitimate concern that the private right of action be circumscribed and confined to a narrow group of private plaintiffs: “[Section 7706](g) provides for a limited right of action by bona fide Internet service providers.” 150 Cong. Rec. E72-02 (Jan. 28, 2004) (remarks of Rep. Dingell) (emphasis added); accord id. at E73-01 (remarks of Rep. Tauzin). It is perhaps a sad reality that Congress must specify a bona fide IAS provider, as possibly distinct from a non-genuine IAS provider. But this demonstrates to us that lawmakers were wary of the possibility, if not the likelihood, that the siren song of substantial statutory damages would entice opportunistic plaintiffs to join the fray, which would lead to undesirable results. While Congress did not intend that standing be limited to fee-for-service operations,9 we think it did intend to exclude plaintiffs who, despite certain identifying characteristics, did not provide the actual, bona fide service of a legitimate operation. See 150 Cong. Rec. E72-02 (“[W]e intend that Internet access service providers provide actual Internet access service to customers.”). We believe that Congress’s clear intention to restrict private action remains of great importance and guides the proper standing analysis.

Fourth and finally, we must factor into the calculus the unique nature of the subject matter at issue. Especially in this arena, the engine of innovation moves far more quickly and nimbly than the methodical pace of legislation. That is readily apparent here. In the few years since the CAN-SPAM Act became effective, the uses of the Internet and the prevalence and variety of available online services have multiplied exponentially. The marketplace has developed a panoply of related products and services not available when Congress authored the federal legislation. Significantly, no longer are typical Internet users primarily limited to accessing e-mail accounts and searching for content or information. With the rise of social networking sites, blogs, and other user-driven websites, the ability to post content on the Internet or to create forums for others to do so is no longer a privilege reserved for the technologically savvy or the financially elite. The rate of development will only accelerate. As this inevitably occurs and the gateway to the online world further widens for the masses, courts should be mindful that the lines Congress intended to draw when *1051drafting the statutory text might lose clarity.

With these principles in mind, we apply a standing analysis that encapsulates Congress’s will when it provided a limited private right of action.

2

We first address whether Gordon is a “provider of Internet access service” who, if adversely affected by a statutory violation, has private standing to bring CAN-SPAM Act claims. The CAN-SPAM Act defines “Internet access service” by reference to the Communications Act, see 15 U.S.C. § 7702(11), which provides:

The term “Internet access service” means a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.

47 U.S.C. § 231(e)(4). We have not previously spoken “as to who is an ‘Internet access service’ provider” within the meaning of the CAN-SPAM Act, see Ferguson v. Quinstreet, Inc., No. 07-5378, 2008 WL 3166307, at *5 (W.D.Wash. Aug.5, 2008), and note the ambiguity of this statutory definition.

District courts in our circuit have interpreted the definition of “Internet access service” broadly to encompass a wide range of services, and not merely traditional Internet Service Providers (“ISPs”) — i.e., the service that connects customers to the Internet itself. See Hypertouch, Inc. v. Kennedy-Western Univ., No. 04-05203, 2006 WL 648688, at *3 (N.D.Cal. March 8, 2006) (stating that “a provider of e-mail service alone, without any other services, qualifies” as an IAS provider under the CAN-SPAM Act). For instance, one such court reasoned that, although the definition “appears primarily to contemplate services that provide consumers their initial connection point to the Internet, the language is broad enough to encompass entities such as Faeebook,” a popular social networking site, “that provide further access to content and communications between users for persons who may initially access the Internet through a conventional [ISP].” Facebook, Inc. v. ConnectU LLC, 489 F.Supp.2d 1087, 1094 (N.D.Cal.2007); see also My Space, Inc. v. The Globe.com, Inc., No. 06-3391, 2007 WL 1686966, at *3 (C.D.Cal. Feb.27, 2007) (holding that MySpace had standing under the CAN-SPAM Act and interpreting the definition of “Internet access service” broadly to “include[] traditional [ISPs], any email provider, and even most website owners”). Gordon claims IAS-provider status, asserting that through the gordonworks.com domain and the leased server space he enables users to access Internet content and e-mail. On a superficial level, this proposition is hard to dispute. In the most general terms, a “service that enables users to access” online content or e-mail could encompass the proprietor of an Internet coffee shop or, as one district court suggested, “any person who allows another person to use their computer to access the Internet,” Ferguson, 2008 WL 3166307, at *5. Indeed, at some level, common utility services play a role in enabling users to access Internet content. Without question, this was not what Congress intended when it was defining the private right of action.

While we agree that statutory standing is not limited to traditional ISPs, we reject any overly broad interpretation of “Internet access service” that ignores congressional intent. Contrary to Gordon’s suggestion, providing e-mail accounts cannot alone be sufficient. Many employers and institutions, for example, provide their em*1052ployees or members with e-mail accounts and service — including our court. The findings codified in the statute note Congress’s concern pertaining to the growth of unsolicited commercial e-mail and its imposition of “monetary costs on providers of Internet access services,” which have standing to sue, as well as on “businesses, and educational and nonprofit institutions that carry and receive such mail.” 15 U.S.C. § 7701(a)(6). Clearly, Congress viewed IAS providers as distinct from entities that merely “carry [or] receive such mail.” Standing under the CAN-SPAM Act requires more. See, e.g., White Buffalo Ventures, LLC v. Univ. of Texas at Austin, 420 F.3d 366, 373 (5th Cir.2005) (“[W]e are hard-pressed to find that providing email accounts and email access does not bring [the University of Texas] within the statutory definition .... ” (emphasis added)). There may well be a technical or hardware component implicit in the definition. But, we find the parties’ briefing on the topic inadequate to reach an informed decision here. Because it is not necessary to our holding, we decline this opportunity to set forth a general test or define the outer bounds of what it means to be a provider of “Internet access service.”

Nevertheless, we conclude that Gordon does not fit any reasonable definition of “Internet access service” provider. Gordon is a registrant of a domain name, which he, through Omni, hosts on leased server space. He neither has physical control over nor access to the hardware, which GoDaddy owns, houses, maintains, and configures. From our review of the record, Gordon’s service appears to be limited to using his “Plesk” control panel, which he accesses via an ordinary Internet connection through an ISP, to set up email accounts and log-in passwords and to execute other administrative tasks. Verizon enables his online access. GoDaddy provides the service that enables ordinary consumers to create e-mail accounts, register domain names, and build personalized web pages. Gordon has simply utilized that service for himself and on behalf of others. It matters not that he entered the keystrokes or clicked the mouse. Nor is it relevant that he created gordonworks.com e-mail addresses for family and friends, and not merely himself. While Verizon and GoDaddy might have a compelling argument that they are IAS providers within the meaning of the CAN-SPAM Act, Gordon’s claim that he holds such elite status is unconvincing.

In addition to his nominal role in providing Internet-related services, we are also troubled by the extent to which Gordon fails to operate as a bona fide e-mail provider. As discussed in greater detail below, Gordon has purposefully avoided taking even minimal efforts to avoid or block spam messages. Instead, Gordon devotes his resources to adding his “clients’ ” email addresses to mailing lists and accumulating spam through a variety of means for the purpose of facilitating litigation.

Gordon’s arguments of technical compliance with this standing component, without any regard for the overarching congressional purpose, are not compelling. The record here is sufficiently developed. We hold that Gordon is not an “Internet access service” provider within the meaning of the CAN-SPAM Act.

3

We next turn to the “adversely affected by” component of the CAN-SPAM Act’s standing inquiry. Gordon has undoubtedly encountered a large volume of commercial e-mail. This, however, is not enough to establish statutory standing. In order to pursue a private right of action, an IAS provider must demonstrate that it has been “adversely affected by a violation of ... or a pattern or practice that violates” the Act. 15 U.S.C. § 7706(g)(1) (emphasis *1053added). As with other issues on this appeal, we find little guidance in existing case law as to the meaning of the nebulous text.

a

The CAN-SPAM Act itself does not delineate the types of harm suggested by the “adversely affected by” language. The district court, acknowledging this ambiguity, confronted the question by reference to traditional methods of statutory interpretation and ultimately concluded that the harm “must be both real and of the type uniquely experienced by IASs for standing to exist.” Gordon, 2007 WL 1459395, at *7 (emphasis added).10 To our knowledge, all courts that have addressed the issue have similarly concluded that the type of harm envisioned by Congress did not encompass the ordinary inconveniences experienced by consumers and end users. See Active Response, 2008 WL 2952809, at *5. We have considered the statutory text and the legislative record, and we agree.

It is notable that Congress conferred standing only on adversely affected IAS providers, but not adversely affected consumers. Logically, the harms redressable under the CAN-SPAM Act must parallel the limited private right of action and therefore should reflect those types of harms uniquely encountered by IAS providers. The Committee Report identified the cost of “investing in new equipment to increase capacity and customer service personnel to deal with increased subscriber complaints ... [and] maintaining e-mail filtering systems and other anti-spam technology on their networks to reduce the deluge of spam” as undesirable consequences facing the typical ISP. S.Rep. No. 108-102, at 6. “All courts that have construed the statute” have similarly defined the harms upon which standing may be predicated to include “network crashes, higher bandwidth utilization, and increased costs for hardware and software upgrades, network expansion and additional personnel.” Active Response, 2008 WL 2952809, at *5. We conclude that these sorts of ISP-type harms are what Congress had in mind.11

We do not purport to enumerate each and every harm that might satisfy the CAN-SPAM Act’s standing provision. Nor do we suggest that the list is finite. At minimum, however, the harm must be both real and of the type experienced by ISPs. While the harm need not be signifi*1054cant in the sense that it is grave or serious, the harm must be of significance to a bona fide . IAS provider — something beyond the mere annoyance of spam and greater than the negligible burdens typically borne by an IAS provider in the ordinary course of business. In most cases, evidence of some combination of operational or technical impairments and related financial costs attributable to unwanted commercial e-mail would suffice. See Hypertouch, 2006 WL 648688, at *4 (finding evidence of “decreased server response and crashes,” “higher bandwidth utilization,” and “expensive hardware and software upgrades” sufficient harm for statutory standing).

Courts must of course be careful to distinguish the ordinary costs and burdens associated with operating an Internet access service from actual harm. We expect a legitimate service provider to secure adequate bandwidth and storage capacity and take reasonable precautions, such as implementing spam filters, as part of its normal operations. Courts should take an especially hard look at the cited harm if it suspects at the outset that a plaintiff is not operating a bona fide Internet access service, as is the case here.

Defining the type of harm required for CAN-SPAM Act standing is, however, only one part of the equation. Section 7706(g)(1) also inquires whether the contemplated harm is attributable to the type of practices circumscribed by the Act — i.e., whether an IAS provider was adversely affected by misconduct. After all, network slowdowns, server crashes, increased bandwidth usage, and hardware and software upgrades bear no inherent relationship to spam or spamming practices. On the contrary, we expect these issues to arise as a matter of course and for legitimate reasons as technology, online media, and Internet services continue to advance and develop. Therefore, evidence of what could be routine business concerns and operating costs is not alone sufficient to unlock the treasure trove of the CAN-SPAM Act’s statutory damages.

To give the statutory text meaning there must be, at bare minimum, a demonstrated relationship between purported harms and the type of e-mail practices regulated by the Act — i.e., a showing that the identified concerns are linked in some meaningful way to unwanted spam and, in turn, represent actual harm. The e-mails at issue in a particular case must, at the very least, contribute to a larger, collective spam problem that caused ISP-type harms.12

*1055We note, in passing, that the threshold of standing should not pose a high bar for the legitimate service operations contemplated by Congress. In some civil actions — where, for example, well-recognized ISPs or plainly legitimate Internet access service providers file suit — adequate harm might be presumed because any reasonable person would agree that such entities dedicate considerable resources to and incur significant financial costs in dealing with spam. See S.Rep. No. 108-102, at 2-3 (recounting reports by America Online, Microsoft, and Earthlink regarding the effects of increasing volumes of spam). Where, by comparison, a private plaintiffs status as an IAS provider is questionable and reasonably contested, courts should not only inquire into the plaintiffs purported Internet-related service operations but also closely examine the alleged harms attributable to spam. We have confidence in our district courts to review the individual characteristics of the plaintiffs on a case-by-case basis and make a reasoned decision whether a purported IAS provider is truly the type of bona fide IAS provider adversely affected by commercial e-mail messaging that Congress envisioned when it enacted the CAN-SPAM Act.

b

In opposition to Virtumundo’s summary judgment motion, Gordon argued that he had been adversely affected by spam because he and his “clients” had been “forced to wade through thousands of e-mails sent by” Virtumundo that “clogged” his service. Applying the proper interpretation of the CAN-SPAM Act’s standing provision, we conclude that Gordon also fails the “adversely affected by” component. It is readily apparent that Gordon, an individual who seeks out spam for the very purpose of filing lawsuits, is not the type of private plaintiff that Congress had in mind when it fashioned § 7706(g)(l)’s standing provision. While many anti-spam enthusiasts may applaud his zealous counter-attack against alleged spammers, Gordon’s passion for the cause does not displace the will of Congress in drafting a narrow private right of federal action.

Gordon has failed to argue, let alone come forth with evidence, that, even if he was an IAS provider, he has suffered any real harm contemplated by the CAN-SPAM Act. He has not hired additional personnel, nor has he experienced technical concerns or incurred costs that can be necessarily attributed to commercial email. It is also compelling that Gordon purposefully refuses to implement spam filters in a typical manner or otherwise make any attempt to block allegedly unwanted spam or exclude such messages from users’ e-mail inboxes. In fact, Gordon acknowledges that he was able to “blacklist” domain names at the server level, so that the GoDaddy server would reject e-mails from online marketers such as Virtumundo. Still, even without taking even basic precautions, he has not “come close” to using the 500 gigabytes of bandwidth available to him through GoDaddy. He has presented nothing beyond the negligible burdens typically experienced by bona fide IAS providers. As the district court concluded, Gordon has “suffered no harm related to bandwidth, hardware, Internet connectivity, network integrity, overhead costs, fees, staffing, or equip*1056ment costs.” Gordon, 2007 WL 1459395, at *8. Indeed, given his heavy dependence on the services and hardware of third parties, it would be difficult, if not impossible, for him to incur many of these harms.13

Gordon’s claimed harms almost exclusively relate to litigation preparation, not to the operation of a bona fide service. Gordon made no real effort to avoid, block, or delete commercial e-mail, but instead has voluntarily assumed the role of a spam sleuth. He expends time and resources seeking out and capturing massive volumes of spam, which he collects and then organizes for use in his prolific lawsuits. He admits setting up domains as “spam traps” with the sole purpose of snagging as many e-mail marketing messages as possible. The record reveals that gordonworks.com was one such trap. He is not alone in his litigation enterprise. His “clients” also use their personalized domains to gather commercial e-mails, which they then send to Gordon in enormous unsorted batches of 10,000 to 50,000 messages to fuel his various anti-spam lawsuits.14 In exchange, Gordon’s “clients” share in settlement proceeds. Gordon apportions the bounty according to each individual’s contribution to the particular lawsuit — i.e., the number of e-mails provided to Gordon for use against a specific defendant.

Gordon admits operating an anti-spam business, which entails, in his words, “[n]otifying spammers that they’re violating the law” and filing lawsuits if they do not stop sending spam.15 As Gordon concedes, he is a professional plaintiff. Reply Br. of Appellant at 5. Since at least 2004, Gordon has held no employment. He has never been compensated for any of his purported Internet services, and his only income source has come from monetary settlements from his anti-spam litigation campaign. Likewise, his company, Omni, generates no revenue and is financed strictly through these lawsuits against e-mail marketers. While the term “professional,” as in “professional plaintiff,” is not a “dirty word,” see Murray v. GMAC Mortgage Corp., 434 F.3d 948, 954 (7th Cir.2006), and should not itself undermine one’s ability to seek redress for injuries suffered, Gordon’s status is uniquely relevant to the statutory standing question here. Cf. Hypertouch, 2006 WL 648688, at *4 n. 2 (rejecting defendant’s argument that Hypertouch was a “professional plaintiff’ that entered the ISP business for the sole purpose of bringing anti-spam lawsuits).

*1057Because we are tasked with determining whether Gordon has been adversely affected by conduct regulated by the CAN-SPAM Act, it is highly significant that the burdens Gordon complains of are almost exclusively self-imposed and purposefully undertaken. Here, Gordon acknowledges that he benefits from the receipt of spam through his research and monetary settlements. The fact that Gordon derives substantial financial benefit but endures no real ISP-type harm from commercial email, coupled with his unusual efforts to seek out and accumulate — rather than avoid or block — spam, demonstrates that he has not been adversely affected by alleged violations of the federal act in any cognizable way.

We do not discount the harmful effects spam and spamming practices, both lawful and unlawful, have upon businesses and consumers, and we recognize the need of bona fide IAS providers, both small and large, for a legal remedy against lawbreaking spammers. We, like Congress, are sympathetic to legitimate operations hampered by a deluge of unwanted e-mail marketing. Our record, however, conclusively demonstrates that this is not the case before us. Gordon has created a cottage industry where he and his “clients” set themselves up to profit from litigation. The CAN-SPAM Act was enacted to protect individuals and legitimate businesses — not to support a litigation mill for entrepreneurs like Gordon.

As discussed above, it is undisputed that Gordon encounters huge quantities of commercial e-mail. Nevertheless, he is neither a bona fide IAS provider nor has he been adversely affected by alleged violations of the CAN-SPAM Act. We conclude that Gordon lacks standing to pursue claims under § 7706(g)(1), and affirm the district court’s summary judgment dismissal of all his federal claims.

IV

Gordon also appeals the adverse summary judgment dismissing his claims for alleged violations of CEMA, Washington’s statute regulating commercial e-mail messages. See Wash. Rev.Code § 19.190.010 et seq. Like many other states, Washington has enacted legislation that seeks to curb e-mail abuses. CEMA states in relevant part:

(1) No person may initiate the transmission, conspire with another to initiate the transmission, or assist the transmission, of a commercial electronic mail message from a computer located in Washington or to an electronic mail address that the sender knows, or has reason to know, is held by a Washington resident that:
(a) Uses a third party’s internet domain name without permission of the third party, or otherwise misrepresents or obscures any information in identifying the point of origin or the transmission path of a commercial electronic mail message; or
(b) Contains false or misleading information in the subject line.

Wash. Rev.Code § 19.190.020. The statute also prohibits certain practices aimed at inducing a person' to reveal personally identifying information. Wash. Rev.Code § 19.190.080. Like its federal counterpart, CEMA -provides for sizeable statutory damages or actual damages, whichever is greater.16 Wash. Rev.Code § 19.190.040.

*1058A

At the outset, we must frame the issue as it comes to us. First, Virtumundo does not contest Gordon’s standing to bring CEMA claims. In contrast to the more restrictive standing requirement of the CAN-SPAM Act, CEMA authorizes a recipient of a commercial e-mail message or an “interactive computer service” to bring a private action. Id.

Of Gordon’s various CEMA claims on appeal, only his claim relating to allegedly deficient headers requires detailed discussion. Gordon has no viable CEMA claim based on the body of the e-mail messages at issue. Unlike the CAN-SPAM Act, CEMA “does not regulate the body of the e-mail.” State v. Heckel, 122 Wash.App. 60, 93 P.3d 189, 194 (2004), review denied, 153 Wash.2d 1021, 108 P.3d 1229 (2005) (“Heckel II ”). Similarly, the state statute does not purport to regulate “opt-out” mechanisms. Therefore, Gordon’s CEMA claims, by nature of the state statute, are limited to the information contained in the e-mail headers and subject lines.

We further conclude, however, that summary judgment was properly granted on Gordon’s claim that Virtumundo’s e-mail subject lines are deceptive. In opposition to Virtumundo’s summary judgment motion, Gordon failed to identify or describe any specific e-mail or subject line text and simply countered that “Gordon contests” the position that the subject lines are not misleading. Gordon does not attempt to better articulate this claim on appeal.

The “party opposing summary judgment must direct [the court’s] attention to specific, triable facts,” S. Cal. Gas Co. v. City of Santa Ana, 336 F.3d 885, 889 (9th Cir.2003), and the reviewing court is “not required to comb through the record to find some reason to deny a motion for summary judgment,” Carmen v. San Francisco Unified Sch. Disk, 237 F.3d 1026, 1029 (9th Cir.2001) (quoting Forsberg v. Pac. Nw. Bell Tel. Co., 840 F.2d 1409, 1418 (9th Cir.1988)). See Hernandez v. Spacelabs Med. Inc., 343 F.3d 1107, 1112 (9th Cir.2003) (“[The nonmoving party] cannot defeat summary judgment with allegations in the complaint, or with unsupported conjecture or conclusory statements.”). Because Gordon has failed to present a prima facie case in opposition to summary judgment, his claim that Virtumundo’s subject lines violate CEMA fails as a matter of law, and summary judgment was appropriate.

Therefore, the sole remaining CEMA claim that we must address relates to the headers of Virtumundo’s e-mails. Gordon argues that the header information misrepresents or obscures the identity of the sender, and therefore violates CEMA, see Wash. Rev.Code § 19.190.020(l)(a). We review the district court’s conclusion that this claim is preempted pursuant to the CAN-SPAM Act’s express preemption clause, 15 U.S.C. § 7707(b).

B

1

As a preliminary matter, the Attorney General for the State of Washington (“State”), appearing here as amicus curiae, insists that we need not reach the preemption issue. See Atel Fin. Corp. v. Quaker Coal Co., 321 F.3d 924, 926 (9th Cir.2003) (“We may affirm a district court’s judgment on any ground supported by the record, whether or not the decision of the district court relied on the same grounds or reasoning we adopt.”). The State ar*1059gues that we may affirm summary judgment with respect to this CEMA claim because Gordon’s allegations regarding the header information do not satisfy “Washington’s well-developed deceptiveness standard,” as a matter of law. We have surveyed the legal landscape and note a fatal shortcoming in the State’s proposition. CEMA prohibits the sending of commercial e-mail that “misrepresents or obscures any information in identifying the point of origin or the transmission path.” Wash. Rev.Code § 19.190.020(l)(a). The standard for “deception” under Washington law is thus only relevant to the extent courts so limit the broad language of CEMA — a critical step that the State overlooks entirely.

In Benson v. Oregon Processing Service, Inc., 136 WashApp. 587, 150 P.3d 154 (2007), review denied, 162 Wash.2d 1004, 175 P.3d 1092 (2007), the state appellate court interpreted the previously undefined terms “misrepresent” and “obscure” according to their ordinary dictionary meaning — i.e., “misrepresent” to mean “representing incorrectly: to give a false, imperfect or misleading representation,” and “obscure” to mean “to conceal or hide from view as by or as if covering wholly or in part: make difficult to discern.” Id. at 156 (quoting Webster’s Third New Int’l Dictionary 1445 & 1557 (2003)). These broad definitions extend CEMA’s prohibitive reach and purport to regulate a vast array of non-deceptive acts and practices. As subsequent courts reviewing CEMA have recognized, without further clarification, “a sender of commercial email could be potentially held liable under [CEMA] for unintentional clerical errors,” Ferguson, 2008 WL 3166307, at *8, imperfect representations, or immaterial misstatements.

In short, we cannot conclude, as the State presumes, that CEMA’s prohibitions extend only to acts of deception. The Washington Legislature or state courts may ultimately mold CEMA’s broad language so as to cabin its breadth or interpret the law in conformity with federal legislation. This task is, however, a matter for the State, as sovereign, to resolve.17

2

We therefore turn, as we must, to whether summary judgment was proper under the doctrine of preemption. As recently noted by a district court, “[t]here is no Ninth Circuit authority on whether Plaintiffs claim under the provision of CEMA ... is preempted by CAN-SPAM.” Ferguson, 2008 WL 3166307, at *7. Indeed, the scope of the CAN-SPAM Act’s *1060preemption is an issue of first impression in this circuit. See Asis Internet Servs, v. Consumerbargaingiveaways, LLC, No. 08-04856, 2009 WL 1035538, at *5 (N.D.Cal. Apr.17, 2009).

The concept of preemption derives from the Supremacy Clause of the United States Constitution, which provides that the laws of the United States “shall be the supreme Law of the Land; ... any Thing in the Constitution or Laws of any State to the Contrary notwithstanding.” U.S. Const, art. VI, cl. 2. “Consistent with that command, we have long recognized that state laws that conflict with federal law are ‘without effect.’ ” Altria Group, Inc. v. Good, — U.S. -, 129 S.Ct. 538, 543, 172 L.Ed.2d 398 (2008) (quoting Maryland v. Louisiana, 451 U.S. 725, 746, 101 S.Ct. 2114, 68 L.Ed.2d 576 (1981)). Courts typically identify three circumstances in which federal preemption of state law exists:

(1) express preemption, where Congress explicitly defines the extent to which its enactments preempt state law; (2) field preemption, where state law attempts to regulate conduct in a field that Congress intended the federal law exclusively to occupy; and (3) conflict preemption, where it is impossible to comply with both state and federal requirements, or where state law stands as an obstacle to the accomplishment and execution of the full purpose and objectives of Congress.

Indus. Truck Ass’n, 125 F.3d at 1309 (citing English v. Gen. Elec. Co., 496 U.S. 72, 78-80, 110 S.Ct. 2270, 110 L.Ed.2d 65 (1990)). When interpreting the scope of an express preemption clause, as is the case here, we must “identify the domain expressly pre-empted” by its language. Medtronic, Inc. v. Lohr, 518 U.S. 470, 484, 116 S.Ct. 2240, 135 L.Ed.2d 700 (1996) (quoting Cipollone v. Liggett Group, Inc., 505 U.S. 504, 517, 112 S.Ct. 2608, 120 L.Ed.2d 407 (1992)).

Although the analysis of the scope of preemption begins with the text, “interpretation of that language does not occur in a contextual vacuum.” Id. at 484-85. Rather, this inquiry is guided by two principles about the nature of preemption. First, there is a presumption against supplanting “the historic police powers of the States” by federal legislation “unless that [is] the clear and manifest purpose of Congress.” Id. at 485, 116 S.Ct. 2240. “This presumption against preemption leads us to the principle that express preemption statutory provisions should be given narrow interpretation.” Air Conditioning & Refrigeration Inst. v. Energy Res. Conservation & Dev. Comm’n, 410 F.3d 492, 496 (9th Cir.2005). Second, the preemption analysis is guided by the “oft-repeated comment ... that the purpose of Congress is the ultimate touchstone in every preemption case.” Medtronic, 518 U.S. at 485, 116 S.Ct. 2240 (quotations and brackets omitted). “As a result, any understanding of the scope of a pre-emption statute must rest primarily on a fair understanding of congressional purpose,” and calls for courts to consider not only the language of the statute itself but also the “statutory framework” surrounding it and the “structure and purpose of the statute as a whole.” Id. at 485-86, 116 S.Ct. 2240 (quotations omitted); accord Altria Group, 129 S.Ct. at 543 (“Congress may indicate pre-emptive intent through a statute’s express language or through its structure and purpose.”).

With this framework in mind, we review the preemption clause of the CAN-SPAM Act, which states in relevant part:

This chapter supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail *1061message or information attached thereto.

15 U.S.C. § 7707(b)(1). The following subsection adds further clarity: Congress reiterated that the preemption clause “shall not be construed to preempt the applicability of — (A) State laws that are not specific to electronic mail, including State trespass, contract, or tort law; or (B) other State laws to the extent that those laws relate to acts of fraud, or computer crime.” 15 U.S.C. § 7707(b)(2) (emphasis added). Thus, the express language of § 7707(b) demonstrates Congress’s intent that the CAN-SPAM Act broadly preempt state regulation of commercial e-mail with limited, narrow exception. Congress carved out from preemption state laws that proscribe “falsity or deception” in commercial e-mail communications.

To date, the Fourth Circuit’s opinion in Omega World Travel, Inc. v. Mummagraphics, Inc., 469 F.3d 348 (4th Cir.2006), is the only federal circuit court decision addressing preemption of state law claims by the CAN-SPAM Act. In Omega, Mummagraphics alleged violations of the CAN-SPAM Act and Oklahoma law, see Okla. Stat. tit. 15, § 776.1(A),18 based on e-mail messages that contained a variety of inaccuracies.19 Omega, 469 F.3d at 351. The Fourth Circuit reviewed the scope of the CAN-SPAM Act’s preemption provision and concluded that Congress could not have intended, by way of the carve-out language, to allow states to enact laws that prohibit “mere error” or “insignificant inaccuracies.” Id. at 354-55. The court reasoned that a materiality component comported with the policy pursued by the federal legislation as a whole, further noting that a contrary reading “would upend [the] balance [struck by Congress] and turn an exception to a preemption provision into a loophole so broad that it would virtually swallow the preemption clause itself.” Id. at 355. Ultimately, the court determined that the challenged e-mails could not be actionable under the Oklahoma statutes “because allowing a state to attach liability to bare immaterial error in commercial e-mails would be inconsistent with the federal Act’s preemption text and structure, and, consequently, with a ‘fair understanding of congressional purpose.’ ” Id. at 359 (quoting Medtronic, 518 U.S. at 486,116 S.Ct. 2240).

Having independently analyzed the CAN-SPAM Act’s text, structure, and legislative purpose, we reach the same conclusion as the district court and the Fourth Circuit,20 and interpret the CAN-SPAM Act’s express preemption clause in a manner that preserves Congress’s intended purpose — i.e., to regulate commercial email “on a nationwide basis,” 15 U.S.C. § 7701(b)(1), and to save from preemption only “statutes, regulations, or rules that *1062target fraud, or deception,” S.Rep. No. 108-102, at 21 (emphasis added).

As with any issue of statutory interpretation, we start with the text itself. The CAN-SPAM Act’s preemption clause makes an exception for state laws that prohibit “falsity or deception” in commercial e-mail communication. 15 U.S.C. § 7707(b)(1). Because those terms are not defined in the statute, they should be given their ordinary meaning. Emmert Indus. Corp. v. Artisan Assocs., Inc., 497 F.3d 982, 987 (9th Cir.2007). Whereas the word “deception” certainly denotes something more than immaterial inaccuracies or inadvertent mistakes, the word “falsity” is susceptible to differing dictionary meanings. “Falsity” means “quality or state of being false,” which is not itself informative. Merriam-Webster’s Collegiate Dictionary 451 (11th ed.2005). The term “false” is defined, however, not only as “not true” but also as “intentionally untrue,” “adjusted or made so as to deceive,” and “intended or tending to mislead.” Id. We therefore acknowledge facial ambiguity in the statutory text. See Bryan A. Garner, Dictionary of Modem Legal Usage 348 (2d ed.1995) (stating that “false” “is potentially ambiguous”, since the word may mean either “erroneous, incorrect” or “purposely deceptive”); Bryan A. Garner, Gamer’s Modem Am. Usage 339 (2003) (same).

Recognizing the same ambiguity, the Fourth Circuit applied the maxim of noscitur a sociis, a canon of statutory construction that “counsels that a word is given more precise content by the neighboring words with which it is associated.” United States v. Williams, — U.S. -, 128 S.Ct. 1830, 1839, 170 L.Ed.2d 650 (2008). Reading “falsity” in conjunction with “deception,” which connotes a type of tort action based on misrepresentations, we are likewise persuaded that the exception language, read as Congress intended, refers to “traditionally tortious or wrongful conduct.” Omega, 469 F.3d at 354. We find further support for this reading in the statutory text, which counsels against any interpretation that preempts laws relating to “acts of fraud.” See 15 U.S.C. § 7707(b)(2). Indeed, the Committee explained that while “a State law requiring some or all commercial e-mail to carry specific types of labels, or to follow a certain format or contain specified content, would be preempted[,] ... a State law prohibiting fraudulent or deceptive headers, subject lines, or content in commercial e-mail would not be preempted.” S.Rep. No. 108-102, at 21 (emphasis added); see also 150 Cong. Rec. at E73-01 (recognizing broad preemption, except state laws prohibiting falsification techniques and deception). The Committee’s repeated reference to “fraud” and “deception” is telling and confirms that Congress did not intend that states retain unfettered freedom to create liability for immaterial inaccuracies or omissions.

Further scrutiny of congressional intent solidifies our reading of the preemption clause. As discussed supra, the CAN-SPAM Act prohibits only deceptive subject line headings or materially false or materially misleading header information. See 15 U.S.C. § 7704(a); accord 15 U.S.C. § 7701(b)(2) (“[Sjenders of commercial electronic mail should not mislead recipients as to the source or content of such mail.” (emphasis added)). Significantly, Congress intended this standard to regulate commercial e-mail messaging practices “on a nationwide basis.”21 15 U.S.C. § 7701(b)(1). It was because the patch*1063work of state laws had proven ineffective that Congress sought to implement “one national standard,” S.Rep. No. 108-102, at 21, applicable across jurisdictions. The CAN-SPAM Act expresses this goal:

Many states have enacted legislation intended to regulate or reduce unsolicited commercial electronic mail, but these statutes impose different standards and requirements. As a result, they do not appear to have been successful in addressing the problems associated with unsolicited commercial electronic mail, in part because, since an electronic mail address does not specify a geographic location, it can be extremely difficult for law-abiding businesses to know with which of these disparate statutes they are required to comply.

15 U.S.C. § 7701(a)(ll); see also S.Rep. No. 108-102, at 21-22 (“[I]n contrast to telephone numbers, e-mail addresses do not reveal the State where the holder is located. As a result, a sender of e-mail has no easy way to determine with which State law to comply”). Moreover, a single e-mail could instantaneously implicate the laws of multiple jurisdictions as it journeys through cyberspace, traveling over various facilities before reaching its intended recipient, whose location is often unknown. Therefore, “one state’s Internet laws may impose compliance costs on businesses throughout the country.” Omega, 469 F.3d at 356 (citing PSINet, Inc. v. Chapman, 362 F.3d 227, 239-41 (4th Cir.2004)). The CAN-SPAM Act was designed to ensure that “legitimate businesses would not have to guess at the meaning of various state laws when their advertising campaigns ventured into cyberspace.” Kleffman v. Vonage Holdings Corp., No. 07-2406, 2007 WL 1518650, at *3 (C.D.Cal. May 23, 2007) (concluding that the CAN-SPAM Act preempted California state law claims).

It would be logically incongruous to conclude that Congress endeavored to erect a uniform standard but simultaneously left states and local lawmakers free to manipulate that standard to create more burdensome regulation. We are compelled to adopt a reading of the preemption clause that conforms with the statute’s structure as a whole and the stated legislative purpose. See 15 U.S.C. § 7701(b)(1). The CAN-SPAM Act established a national standard, but left the individual states free to extend traditional tort theories such as claims arising from fraud or deception to commercial e-mail communication. To find otherwise would create “an exception to preemption [that] swallow[s] the rule and undermine[s] the regulatory balance that Congress established,” Omega, 469 F.3d at 356, and which would once again subject legitimate businesses to inconsistent and possibly incompatible state regulations.

Applying its proper reading, the CAN-SPAM Act’s preemption clause applies here and undermines Gordon’s remaining CEMA claim. Although he admits he was not in any way misled or deceived, Gordon argues that the headers in the e-mails at issue — specifically, the “from lines” — violate CEMA because they fail to clearly identify Virtumundo as the e-mails’ sender and therefore misrepresent or obscure the identity of the sender. See Wash. Rev.Code § 19.190.020(l)(a). The “from lines” at issue contain two components: a “from name” field, which typically references a topic or subject matter of the advertisement, and a domain name. Examples of “from lines” condemned by Gordon include “CriminalJustiee@vm-mail. com,” “PublicSafetyDegrees@vmadmin. com,” and “Tradeln@vm-mail.com.”

There is of course nothing inherently deceptive in Virtumundo’s use of fanciful domain names. See 15 U.S.C. § 7702(4); S.Rep. No. 108-102, at 3 (recognizing Microsoft’s “msn” and “hotmail” domains *1064used for e-mail services). Gordon agrees that the domains from which these e-mails were sent — e.g., “vmmail.com,” “vmadmin.com,” “vtarget.com,” and “vmlocal.com” — were properly registered to Virtumundo. Gordon further concedes that a WHOIS search, or a similar reverse-look-up database, accurately identifies Virtumundo as the domain registrant and provides other identifying information.22 Gordon complains that in order to ascertain the actual identity of the e-mails’ sender a recipient must either review the message content or consult a WHOIS-type database. He insists that any practice that requires consumers to engage in an extra step violates CEMA.

Nothing contained in this claim rises to the level of “falsity or deception” within the meaning of the CAN-SPAM Act’s preemption clause. Gordon offers no proof that any headers have been altered to impair a recipient’s ability to identify, locate, or respond to the person who initiated the e-mail. Nor does he present evidence that Virtumundo’s practice is aimed at misleading recipients as to the identity of the sender. Cf. Aitken v. Commc’ns Workers of Am., 496 F.Supp.2d 653, 667 (E.D.Va.2007) (holding that “it is inappropriate to conclude, as a matter of law, that the misleading header information is immaterial” where the defendant misappropriated identities of managers to send “pro-union” e-mails to employees). As stated by our district court, Gordon’s claim is “for, at best, ‘incomplete’ or less than comprehensive information” regarding the sender. Gordon, 2007 WL 1459395, at *12. Such technical allegations regarding the header information find no basis in traditional tort theories and therefore fall beyond the ambit of the exception language in the CAN-SPAM Act’s express preemption clause.

Gordon further suggests that the only information that could be used in the “from name” field that would not misrepresent is the name of the “person or entity who actually sent the e-mail, or perhaps ... the person or entity who hired the [sender] to send the email on their behalf.” In other words, he argues that CEMA’s provisions require that “Virtumundo” or a client’s name expressly appear in the “from lines.” The CAN-SPAM Act does not impose such a requirement. To the extent such a content or labeling requirement may exist under state law, it is clearly subject to preemption. See S.Rep. No. 108-102, at 21-22 (“State law requiring some or all commercial email to carry specific types of labels ... or contain specified content, would be preempted.”); see also Kleffman, 2007 WL 1518650, at *3 (“[T]he claim that the failure to include Vonage’s name in the email is clearly preempted.”).

In sum, Gordon’s alleged header deficiencies relate to, at most, non-deceptive statements or omissions and a heightened content or labeling requirement. Regardless of the merits of his arguments, assuming they are actionable under CEMA, such state law claims falter under the weight of federal preemption. Summary judgment was properly entered on Gordon’s CEMA claims.23

*1065V

Gordon also appeals summary judgment of his claim that Virtumundo violated the Washington CPA, which generally prohibits “[u]nfair methods of competition and unfair or deceptive acts or practices in the conduct of any trade or commerce.” Wash. Rev.Code. § 19.86.020.24 A plaintiff must typically prove five elements to establish a CPA violation: (1) an unfair or deceptive act or practice, (2) in trade or commerce, (3) that impacts the public interest, (4) which causes injury to the party in his business or property, and (5) the injury must be causally linked to the unfair or deceptive act. Hangman Ridge Training Stables, Inc. v. Safeco Title Ins. Co., 105 Wash.2d 778, 719 P.2d 531, 535-37 (1986). A violation of CEMA, however, likely constitutes a per se CPA violation.25 See Wash. Rev. Code § 19.190.030; Heckel I, 24 P.3d at 407 (“RCW 19.190.030 makes a violation of [CEMA] a per se violation of the [CPA],...”).

Gordon primarily relies upon alleged CEMA violations to establish his CPA claim. Because his CEMA claims fail as a matter of law, his CPA claims, to the extent grounded in CEMA violations, are likewise inadequate and were properly dismissed.

To the extent that Gordon also brings independent CPA claims, they too fail. Gordon has failed to identify an act or practice that “misleads or misrepresents something of material importance.” Nguyen v. Doak Homes, Inc., 140 Wash.App. 726, 167 P.3d 1162, 1166 (2007) (em*1066phasis added); accord Robinson v. Avis Rent-A-Car Sys., Inc., 106 Wash.App. 104, 22 P.3d 818, 824 (2001) (“[K]nowing failure to reveal something of material importance is ‘deceptive’ within the CPA.”). Because Gordon’s CPA claims are not predicated on unfair or deceptive conduct that has “the capacity to deceive a substantial portion of the public,” Hangman Ridge, 719 P.2d at 535, summary judgment was appropriate. See Carlile v. Harbour Homes, Inc., 147 Wash.App. 193, 194 P.3d 280, 289 (2008) (confirming that whether an act is unfair or deceptive is a question of law).

Additionally, in order to succeed on a CPA claim, “[a] plaintiff must establish that, but for the defendant’s unfair or deceptive practice, the plaintiff would not have suffered an injury.” Indoor Billboard/Wash., Inc. v. Integra Telecom of Wash., Inc., 162 Wash.2d 59, 170 P.3d 10, 22 (2007). Here, Gordon seeks only statutory damages and, despite more than adequate opportunity, has made no attempt to show that Virtumundo proximately caused him actual harm. Because Gordon has failed in his burden to provide sufficient evidence to establish an essential element of this cause of action, his CPA claims must also fail as a matter of law. See River City Markets, Inc. v. Fleming Foods West, Inc., 960 F.2d 1458, 1462 (9th Cir.1992).

VI

We briefly address Gordon’s remaining arguments and assignments of error on appeal. His claim that summary judgment violated the Seventh Amendment is devoid of merit. “As the Supreme Court held, over one hundred years ago, a summary judgment proceeding does not deprive the losing party of its Seventh Amendment right to a jury trial.” In re Slatkin, 525 F.3d 805, 811 (9th Cir.2008) (citing Fid. & Deposit Co. of Md. v. United States, 187 U.S. 315, 319-21, 23 S.Ct. 120, 47 L.Ed. 194 (1902)). Further, Gordon, dissatisfied with the result in the Western District of Washington, cannot now challenge his initial choice of venue on appeal. See generally Olberding v. Ill. Cent. R.R. Co., 346 U.S. 338, 340, 74 S.Ct. 83, 98 L.Ed. 39 (1953) (noting that the plaintiff relinquishes his right to object to venue by bringing his lawsuit in a particular district). Finally, we decline to entertain Gordon’s poorly articulated argument that the CAN-SPAM Act is unconstitutional under the Fourth and Fourteenth Amendments. See Broad v. Sealaska Corp., 85 F.3d 422, 430 (9th Cir.1996). This constitutional challenge was neither raised before the district court, nor pressed in the reply brief or at oral argument. We reject these and any additional arguments possibly buried in Gordon’s briefing not expressly addressed herein. See Indep. Towers of Wash. v. Washington, 350 F.3d 925, 929 (9th Cir.2003) (repeating the now familiar maxim: “[j]udges are not like pigs, hunting for truffles buried in briefs” (quoting United States v. Dunkel, 927 F.2d 955, 956 (7th Cir.1991))).

VII

In summary, Gordon lacks statutory standing to bring a private action for alleged violations of the CAN-SPAM Act. His state law claims fail as a matter of law because they are precluded by the Act’s express preemption clause and because he has failed to demonstrate that a genuine issue of material fact exists. Accordingly, we affirm the district court’s order of summary judgment.

All parties shall bear their own costs on appeal.

AFFIRMED.

. While "spam” in this context does not have a precise definition, it is typically understood to refer broadly to unsolicited e-mail messages (or "junk” e-mail), typically commercial in nature. See United States v. Kelley, 482 F.3d 1047, 1055 (9th Cir.2007) (Thomas, J., dissenting).

The term "SPAM” originated as the trademark name for a canned pre-cooked meat product manufactured by Hormel Foods Corporation. See Hormel Foods Corp. v. Jim Henson Productions, Inc., 73 F.3d 497, 500 (2d Cir.1996). The e-mail-related connotation has its roots in a popular 1970 sketch by the British comedy troupe Monty Python’s Flying Circus, in which the word "spam” is repeated to the point of absurdity. Kelley, 482 F.3d at 1056 n. 2 (Thomas, J. dissenting) (citing CompuServe Inc. v. Cyber Promotions, Inc., 962 F.Supp. 1015, 1018 n. 1 (S.D.Ohio 1997)). A waitress recites menu items, which, to the restaurant patrons’ dismay, involve increasingly repetitive mention of SPAM, only to be periodically interrupted by a group of Vikings chanting a chorus about SPAM until normal dialogue is impossible. David Crystal, Language and the Internet 53-54 (2001) (citing to Monty Python’s Flying Circus, 2d series, episode 25 (BBC television broadcast Dec. 15, 1970)). Thus, in the context of the Internet, "spam” has come to symbolize unwanted, and perhaps annoying, repetitious behavior that drowns out ordinary discourse. The term was first used in the electronic messaging context to describe the practice of sending advertisements to many recipients, particularly on newsgroup forums. Id. But see S.Rep. No. 108-102, at 2 n.l (2003), as reprinted in 2004 U.S.C.C.A.N. 2348, 2348 (noting that "[i]t all started in early Internet chat rooms and interactive fantasy games where someone repeating the *1045same sentence or comment was said to be making ‘spam.’ ”).

. Unless otherwise specified, we use the term “Gordon” in the recitation of the facts to collectively refer to both plaintiffs, Gordon and Omni. Omni has no employees, and Gordon is its manager and sole member.

. Gordon further admits subscribing to various mailing lists as part of his "reconnaissance” activities in preparation for his pending and potential lawsuits. For example, Gordon would register his e-mail address in order to gain access to corporate information about potential defendants.

. For example, in his motion for partial summary judgment, which the district court denied, Gordon sought statutory damages in the amount of $10,257,000, plus attorney’s fees and costs, based on 7,890 allegedly unlawful e-mails.

. A notice of appeal was filed on behalf of both Gordon and Omni. Gordon and trial counsel parted ways following the district court's summary judgment order, and Gordon proceeded pro se. Upon the filing of Gordon's opening brief, we dismissed Omni from this appeal as an improper pro se corporate appellant.

. The CAN-SPAM Act defines “commercial electronic mail message” to mean “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service *1048(including content on an Internet website operated for a commercial purpose),” excluding transactional or relationship messages. 15 U.S.C. § 7702(2).

. The CAN-SPAM Act also delineates "aggravated violations” for various spamming practices such as e-mail harvesting and dictionary server attacks, see 15 U.S.C. § 7704(b), which are not at issue in this lawsuit.

. Statutory damages are calculated by multiplying the number of violations (i.e., the number of unlawful e-mail messages) by up to $100 in the case of a violation of § 7704(a)(1), or by up to $25 for any other violation. 15 U.S.C. § 7706(g)(3). The court may consider the defendant’s conduct in setting the statutory damage award and, if it determines that violations are aggravated, may increase the damage award up to three times the amount otherwise available. Id.

. In support of its summary judgment motion, Virtumundo argued that, as providers of free services, Gordon and Omni did not qualify as IAS providers. The district court correctly rejected this argument because Congress expressly discussed free Internet services when it enacted the CAN-SPAM Act. See S.Rep. No. 108-102, at 3 (mentioning Microsoft’s free email service when discussing effects of the increasing volume of spam).

. The district court further reasoned that if the limited private right of action is to have any traction at all, "[n]ot only must CAN-SPAM private plaintiffs allege a particular type of harm, the adverse effect they allege must be significant.” Gordon, 2007 WL 1459395, at *8 (emphasis added). The court did not explain the meaning of the term "significant.” As discussed herein, we believe that Congress intended that the alleged harm be something of significance to an IAS provider. To this extent, we agree with the district court's reasoning that harm be significant.

. In their amicus brief, ASIS Internet Services, Joel Householter, and Ritchie Phillips (collectively, "ASIS”) argue that “harm” for CAN-SPAM standing purposes is merely "the cost of carrying SPAM emails over the [Internet access provider's facilities.” This view contradicts the plain text of the statute and the legislative goal of limiting the private right of action. No court has adopted this position, and we reject it as well. Congress stated that the private standing provision of § 7706(g)(1) “could include a service provider who carried unlawful spam over its facilities, or who operated a website or online service from which recipient e-mail addresses were harvested in connection with a violation.” S.Rep. No. 108-102, at 21 (emphasis added). In this context, the term "could,” which has a different meaning than "would,” see Rosas v. Monroe County Tax Claim Bureau, 323 B.R. 893, 900 (Bankr.M.D.Pa.2004) ("There is a clear difference between the plain meaning of the words 'could', 'might' and ‘will.’ "), implies that encountering spam is merely a component of the standing equation. Some qualifying harm must follow.

. Whether a private plaintiff must allege and prove that the defendant's particular e-mails caused ISP-type harms has been a point of conflict among district courts. While summary judgment in our case did not turn on a lack of causation, the district court’s order has contributed to the confusion within our circuit. In finding a lack of “adverse effect’’ to support standing, the district court remarked that Gordon and Omni "have alleged absolutely no financial hardship or expense due to e-mails they received from Defendants.” Gordon, 2007 WL 1459395, at *8 (emphasis added). Subsequent courts have interpreted this language to impose upon private plaintiffs the burden of showing that a defendant's e-mails directly caused the harm alleged. See Optin Global, 2008 WL 1902217, at *17 ("While there is some evidence that spam generally has imposed costs on ASIS over the years, there is no evidence that the Emails at issue in this action resulted in adverse effects to ASIS..Brosnan, 2008 WL 413732, at *2-*3 (dismissing sua sponte plaintiff’s CAN-SPAM Act claims for lack of standing and citing Gordon for the proposition that "[t]he plaintiff must have suffered actual adverse effects as a result of Defendant’s actions”). As some subsequent courts have cautioned, we are troubled by the possibility that imposing a direct causation requirement, although not inconsistent with the statutory text, might create an unworkable standard for private plaintiff standing given the impracticability of *1055tracing a harm to a specific e-mail or batch of e-mails. See Active Response, 2008 WL 2952809, at *5. This reading erects a barrier that could in some situations insulate wrongdoers, especially less prolific spammers, from private enforcement actions. Nevertheless, our holding today does not foreclose this possible interpretation of § 7706(g)(1). We reserve this determination for another case where the issue is squarely presented to us and adequately briefed by the parties.

. We also note that there may be significance in distinguishing Gordon from Omni, a non-party to this appeal. See Real Marketing Servs., LLC v. Protocol Commc'ns, Inc. (In re Real Marketing Servs., LLC), 309 B.R. 783, 788 (Bankr.S.D.Cal.2004) (holding that managing member lacked standing to bring claims for damages of LLC), relied upon in Finley v. Takisaki, No. 05-1118, 2006 WL 1169794, at *2-*3 (W.D.Wash. Apr.28, 2006) (holding that, under Washington law, LLC members lacked standing because their claimed loss derived solely from their membership in the LLC); see generally United States v. Stonehill, 83 F.3d 1156, 1160 (9th Cir.1996) ("Well-established principles of corporate law prevent a shareholder from bringing an individual direct cause of action for an injury done to the corporation or its property by a third party."). The record is murky as to the distinction, due largely to Gordon's inability to distinguish himself as an individual from his capacity as Omni’s agent. Because Omni has been dismissed from this appeal, Gordon’s claims are even weaker.

. Gordon has filed and continues to file numerous actions in state and federal courts against various defendants, often representing himself pro se. As the district court noted, in 2006 and 2007, Omni was a party to 10 other lawsuits pending in the Western District of Washington alone.

. As should be apparent here, "the law” that Gordon purportedly enforces relates more to his subjective view of what the law ought to be, and differs substantially from the law itself.

. CEMA provides for greater per-violation statutory damages than the CAN-SPAM Act. A recipient of commercial e-mail or electronic text messages may recover $500 per violation, and an "interactive computer service" may recover $1,000 per violation. Wash. Rev. Code § 19.190.040. An "interactive computer service” is defined as "any information service, system, or access software provider that provides or enables computer access by multi*1058ple users to a computer server, including specifically a service or system that provides access to the internet and such systems operated or services offered by libraries or educational institutions.” Wash. Rev.Code § 19.190.010(8).

. We acknowledge, however, that the State's proposed interpretation is not unfounded. Some state court decisions imply a narrow interpretation of CEMA. See State v. Heckel, 143 Wash.2d 824, 24 P.3d 404, 412-13 (2001) (en banc) ("Heckel I") (commenting that "[CEMA] reaches only those deceptive [unsolicited commercial e-mail] messages directed to a Washington resident or initiated from a computer located in Washington”); Heckel II, 93 P.3d at 193-94 (affirming the judgment and permanent injunction in favor of the State and remarking that "the Act is narrowly tailored to regulate only deceptive commercial speech, which is not protected by the First Amendment”). Moreover, the provision at issue is titled “Unpermitted or misleading electronic mail,” Wash. Rev.Code § 19.190.020 (emphasis added), which suggests that CEMA's prohibition extends only to deceptive commercial e-mail. See Bhd. of R.R. Trainmen v. Baltimore & Ohio R.R. Co., 331 U.S. 519, 528-29, 67 S.Ct. 1387, 91 L.Ed. 1646 (1947) (noting that the title of a statute and the heading of a section may help “shed light on some ambiguous word or phrase”). This reading also finds support in the statute’s intersection with Washington's consumer protection laws. See Wash. Rev.Code §§ 19.190.030(3) and 19.190.100. Logic dictates that by equivocating violations of CEMA to violations of the CPA, the Washington Legislature intended to adopt the CPA's deceptiveness standard.

. The Oklahoma statute prohibited the initiation of an e-mail message that the sender knows or has reason to know "[mjisrepresents any information in identifying the point of origin or the transmission path of the electronic mail message,” “[d]oes not contain information identifying the point of origin or the transmission path of the electronic mail message,” or ''[Contains false, malicious, or misleading information which purposely or negligently injures a person." Okla. Stat. tit. 15, § 776.1(A).

. As a matter of clarity, the district court's summary judgment order mistakenly refers to Mummagraphics as the “plaintiff.” Mummagraphics was a defendant in the underlying lawsuit and had alleged violations of the CAN-SPAM Act and Oklahoma law as counterclaims against plaintiff, Omega World Travel. Omega, 469 F.3d at 352.

. Our reliance on Omega is limited to the Fourth Circuit's interpretation of the CAN-SPAM Act’s preemption clause. We pass no judgment on whether summary judgment was appropriate based on the unique facts of that particular case.

. The State argues that this policy goal does not extend to illegitimate commercial behavior, such as unfair or deceptive business practices. This argument, however, begs the question. Whether the exception language of § 7707(b) permits states to prohibit e-mail activity that is not unfair or deceptive is precisely the issue before us.

. WHOIS is a publically available online database through which users can access information regarding domains, including the registrant's name, address, phone number, and e-mail address. See Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act, 70 Fed.Reg. 25,426, 25,446 n.233 (proposed May 12, 2005) (to be codified at 16 C.F.R pt. 316). WHOIS data is compiled by registrars from information submitted by registrants.

. The State argues against preemption, citing Beyond Systems, Inc. v. Keynetics, Inc., 422 F.Supp.2d 523 (D.Md.2006). The district court there denied defendants' motion to dismiss, concluding that the CAN-SPAM Act did not preempt Maryland's Commercial Elec*1065tronic Mail Act, Md.Code Ann., Com. Law § 14-3001 et seq. ("MCEMA”), a statute modeled after Washington's CEMA. Id. at 532 n. 11 & 537-38. The State, without offering much in the way of independent analysis or explanation, contends that "[b]ecause CEMA is substantially identical to MCEMA, this Court should apply the same preemption analysis and find that CEMA is not preempted by CAN-SPAM.” We decline this invitation.

Notwithstanding the non-precedential nature of a district court opinion from another circuit, see United States v. Ensminger, 567 F.3d 587, 591 (9th Cir.2009), we find Beyond Systems to be of no persuasive value here. Unlike the Maryland district court, we are reviewing summary judgment on a well-developed record. More significantly, however, we view its preemption analysis as flawed. Without considering the factual allegations underlying the plaintiff's claims, the court there held that MCEMA was not inconsistent with the goals of the CAN-SPAM Act and that "insofar as a state statute is not inconsistent with CAN-SPAM, it will not be deemed pre-empted.” Beyond Sys., 422 F.Supp.2d at 537-38. The Maryland court not only fundamentally misconstrued the legislative purpose of the federal act, its analysis also belies the doctrine of express preemption. Indeed, the sole authority upon which the court relied dealt with field preemption — not, as was the case before it (or as is the case here), express preemption. See Colo. Anti-Discrimination Comm'n v. Continental Air Lines, 372 U.S. 714, 723, 83 S.Ct. 1022, 10 L.Ed.2d 84 (1963) (finding "no express or implied [congressional] intent to bar state legislation in this field” and upholding a state statute barring discriminatory hiring practices by airlines).

. The CAN-SPAM Act does not preempt CPA claims generally. The preemption clause states that the federal act will not preempt the applicability of state laws not specific to commercial e-mail. 15 U.S.C. § 7707(b)(2).

. Section 19.190.030 states, in relevant part:

(1) It is a violation of the consumer protection act, chapter 19.86 RCW, to conspire with another person to initiate the transmission or to initiate the transmission of a commercial electronic mail message that:
(a) Uses a third party's internet domain name without permission of the third party, or otherwise misrepresents or obscures any information in identifying the point of origin or the transmission path of a commercial electronic mail message; or
(b) Contains false or misleading information in the subject line.

Wash. Rev.Code § 19.190.030.