USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 1 of 24
[PUBLISH] In the United States Court of Appeals For the Eleventh Circuit
____________________
No. 22-10223 ____________________
TOCMAIL, INC., Plaintiff-Appellant, versus MICROSOFT CORP., a Washington corporation, Defendant-Appellee.
Appeal from the United States District Court for the Southern District of Florida D.C. Docket No. 0:20-cv-60416-AMC ____________________ USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 2 of 24
2 Opinion of the Court 22-10223
Before NEWSOM, LUCK, and TJOFLAT, Circuit Judges. PER CURIAM: Microsoft Corporation offers email security software to shield users from cyberthreats. TocMail, Inc. is a relative new- comer to the cybersecurity scene and offers a product geared to- wards a specific type of threat called Internet Protocol (IP) evasion. TocMail launched its IP-evasion product, got a patent, and then sued Microsoft for false advertising—all within two months. In its complaint, TocMail alleged that Microsoft misled the public into believing that Microsoft’s product offered protection from IP eva- sion. And TocMail—who had been selling its product for two months, spent almost nothing on advertising, and had not made a single sale—alleged billions of dollars in lost profits. Maybe that was enough to survive a motion to dismiss. The problem is that, at summary judgment, TocMail failed to back this allegation up with actual evidence. There’s no evidence that TocMail suffered any injury at all. And so it lacks standing to sue. This means that we don’t have jurisdiction to entertain this appeal. FACTUAL BACKGROUND AND PROCEDURAL HISTORY Microsoft Microsoft, one of the world’s largest technology companies, sells computer software. Microsoft’s Office 365 software includes programs like Skype, SharePoint, Teams, Outlook, Word, Power- Point, and Excel. Microsoft also offers an email security service. The company’s default email security service is responsible for USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 3 of 24
22-10223 Opinion of the Court 3
discarding bad emails before they are delivered to Microsoft’s us- ers. The default service “scans each message in transit in Office 365 and provides time of delivery protection, blocking malicious hyper- links in a message.” In 2015, Microsoft introduced a new and improved email protection service called Advanced Threat Protection. 1 Advanced Threat Protection had two main features: Safe Attachments and Safe Links. Safe Attachments looked for malicious attachments, and Safe Links looked for malicious links. Safe Links was not a standalone product and couldn’t be purchased on its own. Instead, customers could gain access to Safe Links by either buying Ad- vanced Threat Protection as an add-on to Office 365 or by purchas- ing an Office 365 suite that came with Advanced Threat Protection. This case is about Safe Links. While Microsoft’s default se- curity system protected users at the “time of delivery,” Safe Links offered “time-of-click” protection. In other words, “attackers sometimes try to hide malicious URLs with seemingly safe links that are redirected to unsafe sites by a forwarding service after the message has been received.” Safe Links helped address that post- delivery threat. It offered that protection by “evaluat[ing] whether [a] link [was] good or bad” every time a user clicked on a link. Safe Links evaluated links in two ways. First, Safe Links had a reputation service that checked links against a constantly updated
1 Advanced Threat Protection was later renamed Microsoft Defender for Of- fice 365. Because the parties use the old name, so will we. USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 4 of 24
4 Opinion of the Court 22-10223
list of known malicious links. Second, Safe Links had a detonation service. The detonation service followed links to the web content to assess the content and determine if the website was malicious. Hackers use various forms of “evasion” to circumvent cy- bersecurity software. For example, hackers use geo evasion, sand- box evasion, app-level evasion, human-validation evasion, time- based evasion, and IP evasion. This case revolves around time- based evasion and IP evasion. Time-based evasion involves a “[d]elayed launch of phish content.” IP evasion occurs when a link sends visitors to different websites depending on the visitor’s IP ad- dress. The point of IP evasion is to send a security program to one (safe) website and the real user to another (malicious) website. While there’s no genuine dispute that Safe Links guarded against at least some forms of time-based evasion, the parties do dispute whether Safe Links protected users from IP evasion. Microsoft advertised its Advanced Threat Protection service through brochures, guides, and other materials. In those materials, Microsoft touted its service. In one advertisement, for example, Microsoft said: Sophisticated attackers will plan to ensure links pass through the first round of security filters. They do this by making the links benign, only to weaponize them after the message is delivered, altering the des- tination of the links to a malicious site. With Safe Links, we are able to protect users right at the point of click by checking the link for reputation and trig- gering detonation if necessary. USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 5 of 24
22-10223 Opinion of the Court 5
In other words, the advertisement explained that Safe Links— through time-of-click protection—would shield users from links that are weaponized after they are delivered. The advertisement also explained that Microsoft’s “machine learning models” would “meticulously analyze[]” content to “check for malicious signals and apply deep link inspection.” And it noted that the “average malware catch rate for Office 365 email [was] the highest in the industry at 99.9%.” Microsoft’s other advertisements were similar. TocMail TocMail is a relative newcomer to the cybersecurity scene. On December 12, 2019, four or so years after Microsoft came out with Safe Links, TocMail made its product available. And months later, on February 25, 2020, TocMail obtained a patent for its prod- uct. TocMail describes its product as “a cloud-based, time-of-click service that provides patented protection against redirects that use IP evasion to change to a malicious destination after delivery.” While TocMail and Safe Links both offered time-of-click protec- tion, the products weren’t the same. The products worked differ- ently, and Safe Links performed a broader array of tasks. TocMail hasn’t done much to market its product. In bring- ing its product to market, TocMail has issued two press releases, sent some emails to potential investors, and spent a few thousand dollars on digital advertising. That’s essentially it. TocMail hasn’t made any sales. TocMail admits that, although over 33,000 people have visited its website, it has not made a single sale and has zero USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 6 of 24
6 Opinion of the Court 22-10223
revenue. There’s no evidence that TocMail has achieved any rep- utation in the marketplace. The Original Complaint We’ll now walk through the procedural history, focusing on those parts that speak to TocMail’s standing to sue. TocMail sued Microsoft on February 26, 2020—the day after TocMail got its pa- tent. At that point, TocMail’s product had been on the market for two months. In its complaint, TocMail alleged that Microsoft mis- led consumers into believing that Safe Links prevented IP evasion. TocMail alleged that it offered the “only time-of-click redirection service immune to this attack.” TocMail estimated that there were about 100 million sub- scriptions to Microsoft’s Safe Links service at the time, and it al- leged that Microsoft’s “deception cause[d] these 100 million [users] to withhold trade from [TocMail].” In other words, TocMail claimed that “more than 100 million professionals with[e]ld trade from [it] due to Microsoft’s deceptive practices.” And so TocMail—which had yet to sell a single product—averred that it suffered (and would suffer) “more than $43 billion in lost profits.” TocMail brought two counts: false and misleading advertis- ing under the Lanham Act, 15 U.S.C. § 1125(a)(1)(B) (count one); and contributory false and misleading advertising under the Lan- ham Act, 15 U.S.C. § 1125(a)(1)(B) (count two). USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 7 of 24
22-10223 Opinion of the Court 7
The First Motion to Dismiss Microsoft moved to dismiss. Microsoft’s primary argument was that “TocMail lack[ed] [prudential] standing . . . under [sec- tion] 1125(a) of the Lanham Act.” See generally Lexmark Int’l, Inc. v. Static Control Components, Inc., 572 U.S. 118 (2014). Microsoft argued that TocMail didn’t fall within the Lanham Act’s “zone of interests” because TocMail failed to allege any “economic injury.” According to Microsoft, TocMail’s claim that it lost out on millions of customers (and billions of dollars) was simply an “unsupported conclusion[]” that rested on questionable “assumptions.” TocMail disagreed. TocMail argued that it had prudential standing to bring its claims. TocMail said that it fell within the Lan- ham Act’s zone of interests because it had alleged that it suffered a commercial injury. In support, TocMail pointed to its allegations that “more than 100 million [users] with[e]ld trade from [it] due to Microsoft’s deceptive practices.” These allegations of “injury,” TocMail said, were enough. Microsoft’s “factual” attack was “for another day.” The district court sided with TocMail and denied Microsoft’s motion to dismiss as to prudential standing. The district court ex- plained that, to come within the Lanham Act’s zone of interests, “a plaintiff must allege an injury to a commercial interest in reputa- tion or sales.” TocMail had alleged that it had “been economically injured because consumers have withheld, or will withhold, trade from [it] due to trusting Microsoft’s false advertising.” That, in the district court’s view, was enough. While Microsoft had attacked USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 8 of 24
8 Opinion of the Court 22-10223
TocMail’s allegations as “speculative,” the district court explained that its “only inquiry” at that stage was “whether [TocMail] plausi- bly alleged . . . economic harm––not whether [TocMail] will ulti- mately prevail on its allegations.” “Drawing all inferences in [TocMail’s] favor,” the district court found that the complaint ade- quately alleged “economic harm.” And so the district court con- cluded that TocMail’s “claims [fell] within the zone of interests pro- tected by the Lanham Act.” The district court denied Microsoft’s motion to dismiss as to prudential standing but granted Microsoft’s motion as to some other claims. The Amended Complaint TocMail filed an amended complaint. Its allegations re- mained more or less the same. TocMail continued to assert that it was “hindered from selling its patented solution [to IP evasion] be- cause Microsoft has convinced companies that it ha[d] already solved this issue.” And, as in its original complaint, TocMail al- leged that, if not for Microsoft’s false advertising, “all 100 million [Microsoft] subscriptions would have subscribed to TocMail.” But this time, TocMail brought only one count: false and misleading advertising under the Lanham Act, 15 U.S.C. § 1125(a)(1)(B). The Second Motion to Dismiss Microsoft moved to dismiss again. This time, Microsoft turned from prudential standing to the merits and argued that TocMail failed to state a false advertising claim because TocMail never alleged that it was (or was likely to be) “injured by USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 9 of 24
22-10223 Opinion of the Court 9
Microsoft’s conduct.” Microsoft said that TocMail’s “lost profits” theory was “speculative” and “implausible.” “[W]ithout a single sale, . . . TocMail presume[d] that . . . it would capture all of Mi- crosoft’s market base[.]” “Such speculative damages cannot state a plausible claim for relief[.]” In response, TocMail argued that it “sufficiently [pleaded] injury.” The district court sided with TocMail again, concluding that “TocMail sufficiently . . . pleaded injury sufficient to withstand a [r]ule 12(b)(6) motion.” “As alleged,” the district court explained, “TocMail and Microsoft compete[d] for the same customers.” And TocMail alleged that it was “hindered from selling its patented so- lution because Microsoft . . . convinced companies that [it] already solved this issue.” The district court found, “[b]ased on these alle- gations,” that TocMail “sufficiently alleged [an] injury.” Summary Judgment Then came time for summary judgment. In its summary judgment motion, Microsoft challenged each element of TocMail’s false advertising claim. What matters for our purposes is that Mi- crosoft argued that no reasonable jury could find that TocMail suf- fered any injury. Microsoft pointed out that, “[s]ince TocMail be- came available in December 2019, it has engaged in minimal adver- tising efforts.” TocMail had “not made a single sale and ha[d] no revenues.” The company had no “reputation in the marketplace.” And “TocMail did not engage any expert to conduct any damages causation analysis.” And so TocMail, Microsoft said, “cannot prove it has been or is likely to be injured by Microsoft’s advertising.” USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 10 of 24
10 Opinion of the Court 22-10223
TocMail offered two main responses. First, TocMail relied on the presumption of injury that some courts have held arises in a two-player market. According to TocMail, “TocMail and Mi- crosoft are the only cybersecurity vendors that promote their cloud-based, time-of-click services as effective protection against IP evasion.” TocMail argued that, because only two companies (TocMail and Microsoft) purported to offer this protection, the dis- trict court could presume that at least some consumers would’ve turned to TocMail if not for Microsoft’s false advertising: Given the false advertising campaign sustained over six consecutive years from one of the largest and most-trusted tech companies, it is inconceivable that not a single consumer believed Microsoft over a startup, causing them to withhold trade from TocMail, Microsoft’s only competitor for cloud-based protection against IP evasion.
Second, TocMail pointed to evidence that one of Microsoft’s cus- tomers, Bosch, raised concerns about IP evasion and asked Mi- crosoft if it would need to add a third-party solution for additional protection. Microsoft responded that Bosch “should be covered for email-based threats” with “the full suite of [Advanced Threat Pro- tection] and the right best practices.” At the same time, Microsoft said that it “of course encourage[s] customers to take a multi-tiered approach to security.” And it noted that it was “exploring new ideas” to prevent IP evasion. TocMail argued that Bosch would have “look[ed] to” TocMail had “Microsoft told Bosch the truth about its inability to protect against IP evasion.” USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 11 of 24
22-10223 Opinion of the Court 11
But the district court granted summary judgment for Mi- crosoft on another element of TocMail’s Lanham Act claim. The district court explained that, to prove false advertising, a plaintiff must show that the advertising is literally false or true but mislead- ing. “If an advertisement is deemed to be literally false, the plaintiff need not present evidence of consumer deception. If an advertise- ment is deemed to be true but misleading, the plaintiff must pre- sent evidence of deception.” The district court concluded that TocMail failed under both. Because no reasonable jury could find that Microsoft’s advertising was false or misleading, the district court entered summary judgment for Microsoft. TocMail timely appealed. [DE 129] STANDARD OF REVIEW Standing “is a threshold jurisdictional question that we re- view de novo.” Muransky v. Godiva Chocolatier, Inc., 979 F.3d 917, 923 (11th Cir. 2020) (en banc). DISCUSSION “Before reaching the merits, we must consider our own ju- risdiction and that of the district court.” Trichell v. Midland Credit Mgmt., Inc., 964 F.3d 990, 996 (11th Cir. 2020). “Article III of the United States Constitution limits the ‘judicial Power’—and thus the jurisdiction of the federal courts—to ‘Cases’ and ‘Controver- sies.’” Lewis v. Governor of Ala., 944 F.3d 1287, 1296 (11th Cir. 2019) (en banc) (quoting U.S. Const. art. III, § 2). “One element of the case-or-controversy requirement is that plaintiffs must establish USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 12 of 24
12 Opinion of the Court 22-10223
that they have standing to sue.” Clapper v. Amnesty Int’l USA, 568 U.S. 398, 408 (2013) (cleaned up). “The law of Article III standing, which is built on separation-of-powers principles, serves to prevent the judicial process from being used to usurp the powers of the po- litical branches.” Id. The “irreducible constitutional minimum of standing” con- sists of three elements. Lujan v. Defs. of Wildlife, 504 U.S. 555, 560 (1992). “The plaintiff must have (1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defend- ant, and (3) that is likely to be redressed by a favorable judicial de- cision.” Spokeo, Inc. v. Robins, 578 U.S. 330, 338 (2016). These three elements—injury in fact, causation, and redress- ability—must be “supported in the same way as any other matter on which the plaintiff bears the burden of proof, i.e., with the man- ner and degree of evidence required at the successive stages of the litigation.” Lujan, 504 U.S. at 561. “At the pleading stage, general factual allegations of injury resulting from the defendant’s conduct may suffice[.]” Id. But when it comes time for summary judgment, “the plaintiff can no longer rest on such mere allegations, but must set forth by affidavit or other evidence specific facts, which for pur- poses of the summary judgment motion will be taken to be true.” Id. (cleaned up); see also Clapper, 568 U.S. at 411–12 (same). But that doesn’t mean that any evidence will do at summary judgment. For one thing, “speculation does not suffice.” Summers v. Earth Island Inst., 555 U.S. 488, 499 (2009). The Supreme Court has been reluctant, for example, “to endorse standing theories that USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 13 of 24
22-10223 Opinion of the Court 13
rest on speculation about the decisions of independent actors.” Clapper, 568 U.S. at 414. For another, a conclusory affidavit can’t create a genuine issue. It’s not enough “to replace conclusory alle- gations of the complaint . . . with conclusory allegations of an affi- davit.” Lujan v. Nat’l Wildlife Fed’n, 497 U.S. 871, 888 (1990); see also McKenny v. United States, 973 F.3d 1291, 1303 (11th Cir. 2020) (“[C]onclusory affidavits lack probative value.”). Our focus here is on the first standing requirement: injury in fact. To establish an injury in fact, a plaintiff must show “an in- vasion of a legally protected interest which is (a) concrete and par- ticularized; and (b) actual or imminent, not conjectural or hypo- thetical.” Lujan, 504 U.S. at 560 (cleaned up). In other words, the plaintiff must “present specific, concrete facts showing that the challenged conduct will result [or has resulted] in a demonstrable, particularized injury to the plaintiff.” Miccosukee Tribe of Indians v. Fla. State Athletic Comm’n, 226 F.3d 1226, 1229 (11th Cir. 2000) (quotations omitted). TocMail failed to meet this standard. That’s because TocMail has offered no evidence from which a reasonable jury could find that it suffered any injury. TocMail’s theory is that Mi- crosoft’s “false advertising campaign,” in which Microsoft (alleg- edly) promised protection from IP evasion, caused consumers to “withhold trade from TocMail.” But TocMail didn’t offer testi- mony from any witness saying that he or she would have pur- chased TocMail’s product if not for Microsoft’s advertising. TocMail didn’t offer any expert testimony calculating TocMail’s USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 14 of 24
14 Opinion of the Court 22-10223
lost sales from consumers who went with Microsoft. TocMail didn’t produce a survey showing that consumers had any interest in buying TocMail’s product. There’s no evidence, in other words, that TocMail would have ever sold anything to any consumer— even putting Microsoft’s advertising to the side. In fact, the evidence suggests that TocMail wasn’t harmed at all. For starters, TocMail sued Microsoft the day after it got its patent. At the time, TocMail had only been selling its product for two months. TocMail had done minimal advertising, and there’s no evidence that TocMail had achieved any reputation in the mar- ketplace. And TocMail hasn’t made a single sale and has zero rev- enue. There’s more evidence that TocMail hasn’t lost out on any sales because of Microsoft’s advertising. TocMail itself says that it did some “test marketing.” In three separate test runs, TocMail drove around 10,000 visitors to TocMail’s website (for a total of 33,000 visitors). According to TocMail, “10,000 visitors is a repre- sentative sample of the behavior that 1 million visitors would have (with approximately 95% certainty).” “So [it] knew that if 10,000 people visited [its] site and none of them purchased the product, that [it] would have a million people visit the site with the same reaction.” And that’s what happened: not a single sale and “radio silence.” All we’re really left with, then, is speculation. See Stardust, 3007 LLC v. City of Brookhaven, 899 F.3d 1164, 1170 (11th Cir. 2018) (“Speculation does not create a genuine issue of fact; instead, USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 15 of 24
22-10223 Opinion of the Court 15
it creates a false issue, the demolition of which is a primary goal of summary judgment.” (quotation omitted)). TocMail’s chief exec- utive officer, for example, speculated that some of those 33,000 vis- itors would have bought TocMail’s product if not for Microsoft’s advertising, saying “of course . . . there would be some people in there who rejected [TocMail’s product] just because they believed that they already have the protection.” It would be “ridiculous,” he said, to suppose otherwise. But TocMail’s chief admitted that he had no “interaction” with any visitors and had no way to “quan- tify” who declined to purchase TocMail’s product for what reasons. There’s no evidence that any of those visitors had even seen Mi- crosoft’s advertising or bought Microsoft’s product. We’ve combed the record for any evidence of an injury in fact and have come up empty. Here’s the closest we could find. First, the record contains some conclusory claims of lost sales. For example, TocMail’s interrogatory answers say: Despite over 33,000 visitors to TocMail’s website who responded to an advertisement regarding pro- tection against phishing attacks, and despite TocMail being the sole provider of a pure cloud-based time-of- click solution to thwarting the very attack that Mi- crosoft falsely promoted it solved years ago, TocMail has had no sales due to Microsoft’s false advertising. Hence, Microsoft has prevented TocMail from break- ing into the market. USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 16 of 24
16 Opinion of the Court 22-10223
TocMail’s chief also testified, when asked “[h]ow much money [he was] asking the jury for,” that he was “asking the jury for the amount . . . that [TocMail was] losing due to not being able to pro- tect tens of millions of consumers due to [Microsoft’s] false adver- tisings, which would be in the tens of billions of dollars, possibly, or single digit.” But how do we know that TocMail lost any sales? There’s no testimony, survey, or other evidence showing lost sales. All we have is TocMail’s claim of billions of dollars in losses. The problem is that a conclusory (and unsupported) claim won’t do it. See McKenny, 973 F.3d at 1303 (finding a party failed to meet its burden at summary judgment where the party offered “conclu- sory” evidence that “contain[ed] no explanation or details as to how the [party] arrived at [its conclusion]”); see also, e.g., Ga. Re- publican Party v. Sec. & Exch. Comm’n, 888 F.3d 1198, 1203 (11th Cir. 2018) (finding no standing where the party “d[id] not offer any factual support for [its] general assertion that [it would] be ‘signifi- cantly hinder[ed]’ in some way”). Second, TocMail offered an expert, Marcie Bour, who calcu- lated “[l]ost [p]rofits to TocMail . . . based on TocMail capturing a market share equivalent to Microsoft’s seats for Office products sold with [Advanced Threat Protection].” In other words, the ex- pert assumed that, “[b]ut for Microsoft’s [alleged] false advertis- ing,” TocMail “would have captured a market share equivalent to Microsoft’s seats for Office products sold with [Advanced Threat Protection].” Bour estimated that TocMail’s future lost profits USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 17 of 24
22-10223 Opinion of the Court 17
were about $15.3 billion but later reduced this figure to $9.5 billion for the first time during her deposition. But TocMail’s expert was clear that she was not saying that TocMail actually suffered this (or any other) injury. Bour admitted, for example, that she didn’t “have any data that there were ever any damages caused by any users . . . that would have switched to TocMail.” Over and over again, she testified that “the assump- tion[] for the lost profits [is] that TocMail would [have] provided [its product] based on the number of seats, the number of licenses that are currently being sold” by Microsoft. In other words, Bour was calculating a theoretical lost profits figure if TocMail had sold its product to every Microsoft customer—not the lost profits TocMail actually suffered (or would likely suffer). TocMail con- ceded as much: Bour will not be testifying that Microsoft’s false ad- vertisements caused X number of consumers to with- hold trade from TocMail, nor that the false advertise- ments caused a certain group to withhold trade, nor the length of time for damages.
....
Rather, Bour’s damages model presumes a market share of users for TocMail if Microsoft would have never engaged in its false advertising[.] USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 18 of 24
18 Opinion of the Court 22-10223
Bour, TocMail said, would not be testifying as to “actual damages.” In short, TocMail’s expert assumed injury but offered no evidence as to injury. Third, at summary judgment, TocMail pointed to evidence that one of Microsoft’s customers, Bosch, raised concerns about IP evasion and asked Microsoft if it would need to add a third-party solution for additional protection. TocMail argued that Bosch would have “look[ed] to” TocMail had “Microsoft told Bosch the truth about its inability to protect against IP evasion.” But, even if TocMail is right that Microsoft failed to inform Bosch of its short- comings as to IP evasion, TocMail has no evidence that Bosch would have bought anything from TocMail. It was TocMail’s de- cision not to depose anyone from Bosch. And we can’t speculate about what Bosch would or wouldn’t have done. See Clapper, 568 U.S. at 414 (expressing “reluctance to endorse standing theories that rest on speculation about the decisions of independent ac- tors”). TocMail lacks standing. On similar facts, we have dismissed cases for lack of stand- ing. Take Bochese v. Town of Ponce Inlet, 405 F.3d 964 (11th Cir. 2005), for example. In that case, the plaintiff entered an agreement with a private developer that gave the developer an option to buy the plaintiff’s land for $950,000. Id. at 970, 979. The contract was subject to the developer “obtaining the necessary approvals from the Town of Ponce Inlet, Florida for the construction of a 70 foot high condominium in a manner and design acceptable to [the de- veloper] at [the developer’s] sole discretion.” Id. at 970. USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 19 of 24
22-10223 Opinion of the Court 19
Eventually, the developer’s plans fell through with the town. Id. at 979. So the plaintiff sued the town, claiming $950,000 in damages. Id. at 973, 980. We held that the plaintiff lacked standing. While the plain- tiff claimed “to have suffered as a result of the [t]own’s rescission . . . the loss of $950,000 in profits he expected to earn from selling his land,” that “alleged injury . . . amount[ed] to no more than con- jecture.” Id. at 984. That’s because “[a] series of substantial varia- bles, over which [the plaintiff] himself had utterly no control, stood between [the plaintiff] and the $950,000 he hoped to earn.” Id. at 985. This included, for example, the town approving the complex, the town allowing the complex to reach seventy feet, the approval being in a manner acceptable to the developer in its sole discretion, all of this happening by the closing date, and more. Id. “We simply [could not] conclude that the loss of a hypothetical and uncertain prospect of earning a sum of money amount[ed] to an ‘actual’ or ‘imminent’ injury.” Id. A similar thing is true here. TocMail’s claim assumes: (1) that consumers read Microsoft’s advertising, (2) that consumers understand IP evasion, (3) that consumers are concerned about IP evasion, (4) that consumers would be willing to buy computer se- curity programs from a company without any reputation, (5) that consumers would pay the price TocMail is charging, and so on. As in Bochese, we can’t conclude that this hypothetical and uncertain prospect of earning money amounts to an actual or imminent in- jury. USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 20 of 24
20 Opinion of the Court 22-10223
In the end, TocMail had over a year to conduct discovery leading up to summary judgment. All TocMail needed was some evidence that it suffered an injury: some testimony, some survey, some report. But TocMail has none. Instead, TocMail has given us nothing but conclusory (and unsupported) claims of billions of dollars in damages and speculation about what consumers may or may not have done absent Microsoft’s advertising that those con- sumers may or may not have seen. TocMail’s product was on the market for two months, protected by a patent for a single day, had no reputation in the marketplace, and had never once been pur- chased. No reasonable jury could find—on our record—that TocMail suffered an injury in fact. And so TocMail lacks standing. When asked about Article III standing at oral argument, TocMail responded that we can “presume” an injury in fact (for purposes of standing) because, in its view, TocMail and Microsoft operated in a two-player market. For this, TocMail (mainly) relied on Merck Eprova AG v. Gnosis S.p.A., 760 F.3d 247 (2d Cir. 2014). There, the Second Circuit noted—while addressing the merits of a false advertising claim (not standing)—that, to prove false advertis- ing under the Lanham Act, a plaintiff must prove that it “has been injured as a result of the [defendant’s] misrepresentation.” Id. at 255 (cleaned up); see also Hickson Corp. v. N. Crossarm Co., 357 F.3d 1256, 1260 (11th Cir. 2004) (“To succeed on a false advertising claim under . . . the Lanham Act, a plaintiff must establish that . . . [it] has been—or is likely to be—injured as a result of the false ad- vertising.”). USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 21 of 24
22-10223 Opinion of the Court 21
The Second Circuit then held “that where . . . the parties op- erate in the context of a two-player market . . . and deliberate de- ception ha[s] been proved, it is appropriate to utilize [a] legal pre- sumption[] of . . . injury for the purposes of finding liability in a false advertising case brought under the Lanham Act.” Merck, 760 F.3d at 251. In that case, the Second Circuit concluded that the district court properly presumed injury because there “was a mar- ket with only two direct competitors” and the “plaintiff ha[d] met its burden of proving deliberate deception.” Id. at 260. The de- fendant had misrepresented its product as something it wasn’t: a pure dietary supplement as opposed to a mixed one. Id. “Because [the defendant’s] only competitor for such a pure product at the time was Merck, it follow[ed] that Merck was damaged by [the de- fendant’s] false advertising of a mixed product as a pure one.” Id. The Second Circuit’s ruling in Merck is inapposite because the presumption of injury went to the merits of a false advertising claim and not to Article III standing. In other words, the court pre- sumed an injury for purposes of establishing liability when a de- fendant in a two-player market intentionally deceived consumers. But the court didn’t say anything about standing. And that’s not surprising. While it may make sense to presume injury in assessing the merits, presuming an injury in fact for purposes of standing would raise serious constitutional questions. That’s because stand- ing is jurisdictional, and our limited jurisdiction hinges on a plaintiff demonstrating, “through specific facts,” an injury that is “(a) con- crete and particularized; and (b) actual or imminent, not USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 22 of 24
22 Opinion of the Court 22-10223
conjectural or hypothetical.” Lujan, 504 U.S. at 560, 563 (cleaned up). A legal presumption would seem to fall short of showing (through specific facts) a concrete and actual injury. More than that, the presumption of injury employed by Merck is based on an assumption about how third parties will be- have. The presumption of injury requires us to presume that third- party consumers would have purchased a plaintiff’s product if not for a defendant’s false advertising. But this presumption collides head on with the Supreme Court’s “reluctance to endorse standing theories that rest on speculation about the decisions of independ- ent actors.” Clapper, 568 U.S. at 414; see also, e.g., California v. Texas, 141 S. Ct. 2104, 2117 (2021) (“We have said that, where a causal relation between injury and challenged action depends upon the decision of an independent third party . . . , standing is not pre- cluded, but it is ordinarily substantially more difficult to establish.” (cleaned up)). The presumption would flip this reluctance on its head, by presuming the very thing the Supreme Court has told us not to speculate about: how independent third parties will act. In short, we can’t presume an injury in fact. Indeed, the Tenth Circuit has criticized the same argument that TocMail has advanced here. In Hutchinson v. Pfeil, 211 F.3d 515 (10th Cir. 2000), the plaintiff—to prove standing—relied on the “line of authority involv[ing] a ‘presumption of . . . injury’ that al- lows a factfinder to presume injury caused by representations which are literally false or demonstrably deceptive.” Id. at 522. “[T]his presumption,” the Tenth Circuit explained, is “invoked USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 23 of 24
22-10223 Opinion of the Court 23
primarily to resolve the merits of Lanham Act claims—to establish injury as an essential element of the claim . . . —when the plaintiff, typically a commercial competitor of the defendant, clearly has standing.” Id. But this presumption alone cannot serve to prove standing. See id. The cases that use the presumption of injury “merely support the proposition that when a plaintiff with an oth- erwise sufficient interest to have standing shows that its interest has been subjected to patently false representations, harm suffi- cient to sustain a claim and justify equitable relief may be pre- sumed.” Id.; cf. Ortho Pharm. Corp. v. Cosprophar, Inc., 32 F.3d 690, 697 (2d Cir. 1994) (“Because consumer behavior is unpredict- able, and because of the general rule in our [c]ircuit against making presumptions of injury . . . favorable to the plaintiff, we affirm the district court’s decision dismissing [the plaintiff’s] Lanham Act claims for lack of standing.”). We agree with the Tenth Circuit’s criticism. The presumption cannot be used to show Article III standing. CONCLUSION This case started with allegations in TocMail’s complaint of millions of lost customers and billions in lost sales. Perhaps this was enough to survive a motion to dismiss. At summary judg- ment, though, a plaintiff needs evidence of Article III standing. But TocMail’s allegations never found support in the record. Without standing, the federal courts are powerless to hear a case. So we VACATE the district court’s summary judgment and REMAND to USCA11 Case: 22-10223 Document: 36-1 Date Filed: 04/25/2023 Page: 24 of 24
24 Opinion of the Court 22-10223
the district court with instructions to dismiss this case without prej- udice for lack of standing.