RISKVUE ARCHIVE | RISK BITES

New Tools Against Cybersquatters

By Douglas Lipstone

Up until very recently, the best that you could say about the law concerning cybersquatting¹ was that it was a mess. It was widely acknowledged that the domain name dispute resolution procedure employed by Network Solutions, Inc. (“NSI”), the sole domain name registrar up until recently, was fraught with shortcomings and loopholes. One of the major shortcomings was that the only remedy available was to put the domain name on hold so that nobody could use it; the complaint’s uItimate desired remedy, the forced transfer to the complainant of the domain name at issue, was unavailable. Compounding the problems inherent in the process was NSI’s inability to handle the flood of disputes and registration problems caused by the explosive growth of the Internet. One could argue that NSI’s policies, procedures and practices only made cybersquatting more viable as companies were forced to pay cybersquatters, as no real remedy existed.

Although it took some time, the tide seems to have turned against cybersquatters. Two recent developments, in particular, are responsible. First, NSI no longer has a monopoly on the granting of registrations to domain names and the handling of disputes related thereto. Second, the Anticybersquatting Consumer Protection Act (“ACPA”) was enacted. This “one-two punch” has laid a good foundation for even-handed protection in a rapidly evolving area of the law.

NSI’s Loss of Its Monopoly

A good part of the cybersquatting problem was due to the fact that NSI was the only registrar for domain names; anybody who wanted to register a domain name, or to challenge an existing registration, had to go through NSI and deal with their dispute resolution policy and the problems existing therewith. That has changed. There are now a number of authorized domain name registrars, and there are many more on the way. The body that authorizes and oversees all of the registrars is the Internet Corporation for Assigned Names and Numbers (“ICANN”). ICANN, in recognition of the problems inherent in the dispute resolution policy employed by NSI, implemented its own Uniform Domain Name Dispute Resolution Policy (“UDRP” for short) to which all of the authorized domain name registrars must adhere. Besides creating uniformity in the marketplace, the UDRP also addressed a number of the flaws in NSI’s policy.

The goal of the UDRP is to create a quick and cheap means to adjudicate the rights of the respective parties. Accordingly, the aggrieved party files a complaint with an ICANN-accredited domain name registrar. In the complaint, the complainant must allege that: (1) a registered domain name is either identical or confusingly similar to a mark in which the complainant has rights; (2) the domain name registrant has no rights or legitimate interest in respect of the domain name; and (3) the domain name has been registered and is being used in bad faith. The UDRP states that “bad faith” on the part of the domain name registrant can be shown if:

(1) The domain name registrant has acquired the domain name for the purpose of selling, renting or leasing the domain name to the complainant or a competitor for valuable consideration that is in excess of the domain name registrant’s out-of-pocket costs

(2) The domain name registrant has acted to block the complainant’s access to a domain name reflecting its trademark (for example, stockpiling domain name variants containing the complainant’s mark)

(3) The domain name was registered in an effort to disrupt the complainant’s business

(4) The domain name was registered in an effort to attract users to the registrant’s website by creating a likelihood of confusion with the complainant’s trademark.

The UDRP states that this list is not exclusive.

The domain name registrant has 20 days following the commencement of the action to file a counterstatement refuting these allegations. After that, the arbitrator (or panel of three arbitrators, if either party requests a panel) renders its judgement on the written submissions within two weeks of appointment. There is no discovery, hearings, motions, or other time and money consuming procedures, though the arbitrator(s) may request additional statements from either party.

The cost of this proceeding is significantly less than a lawsuit. Furthermore, the UDRP has expanded the remedies to include transfer and/or cancellation of the domain name registration. Those factors, and the speed of the proceeding, weigh in favor of instituting an action under the UDRP. Unfortunately, the UDRP does not allow for damages or injunctive relief, and the decision rendered is appealable.

Enactment of the Anticybersquatting Consumer Protection Act (ACPA)

In November of 1999, the ACPA was enacted. This Federal legislation creates a civil cause of action under the Lanham Act against anyone who, with bad faith intent to profit, either registers, traffics in or uses a domain name that: (1) is identical or confusingly similar to a mark that was distinctive when the domain name was registered; (2) is identical, confusingly similar or dilutive of a mark that was famous when the domain name was registered; or (3) infringes on marks or names protected by statute (for example, Red Cross or Olympics and related marks).

Like the UDRP, the key is whether the alleged cybersquatter was acting in “bad faith.” Similar to the UDRP, the ACPA sets out a non-exclusive list of factors that are to be examined in making this determination, including:

(1) Whether the domain name registrant has any legitimate trademark or other rights in the domain name

(2) The prior use by the domain name registrant of the domain name in the bona fide offering of goods/services

(3) Whether the domain name registrant has any intent to divert consumers from the complainant (whether for its own commercial gain or to tarnish the complainant’s reputation)

(4) Whether the domain name registrant tried to sell the domain name to the complainant

(5) The veracity of the information that the domain name registrant supplied to the registrar

(6) Whether the domain name registrant is a stockpiler of similar domain names

(7) Whether the claimant’s mark is famous

The ACPA differs from the UDRP in a number of ways. As stated above, the ACPA is federal legislation that creates a civil cause of action for cybersquatting; therefore, to institute an action under the ACPA, a lawsuit must be filed. However, because a claim under the ACPA is a civil cause of action, not only can the complainant seek the transfer of the domain name (as in the UDRP), but it can also make claims for damages (which can be trebled), costs and attorney’s fees, as well as injunctive relief, none of which are available under the UDRP. Perhaps the most significant difference between the UDRP and the ACPA is that the ACPA allows for in rem proceedings to be brought by complainants who own a Federal trademark registration. An in rem proceeding is one that is taken against the property, not against the owner of the property. The reason that this is significant is that existing case law² has held that the Lanham Act does not authorize in rem actions. Therefore sophisticated cybersquatters knew that by hiding from the complainant they could evade remedies sought by means of a trademark infringement/unfair competition lawsuit. The ACPA has specifically closed that loophole.

Conclusion

These two changes to the domain name landscape constitute a tremendous step towards bringing some much needed legal order to domain name disputes and therefore to reducing the impact of cybersquatters. 

Notes
¹ Cybersquatting has many incarnations. Perhaps the most common variant is somebody taking the well-known trademark of another and registering it as a domain name before the trademark owner does so, and then demanding what amounts to a ransom to transfer the domain name to the trademark owner. Other forms include registering slight misspellings of the trademark and linking such domain name to the registrant’s other sites or objectionable sites (for example, a porn site or a site critical of the trademark owner) thereby forcing the trademark owner to buy the misspelled domain name. There is even reverse cybersquatting where a trademark owner tries to forcibly take over a registered domain name from a domain name registrant that has the right to the domain name, but may not have the money to fight.
²Porsche Cars North America Inc. v. Porsche.Com, 51 F. Supp. 2d 707 (E.D. Va. 1999).

ABOUT THE AUTHOR

Doug Lipstone is Of Counsel in Buchalter, Nemer, Fields & Younger’s Business Practices group. He specializes in Intellectual Property matters with a focus on the creation and protection of trademarks and copyrights, and transactions relating thereto. Doug also advises clients with respect to issues that arise during the manufacturing and distribution of items under license, and has represented a variety of organizations on issues concerning the manufacturing of clothes, accessories and toys under license, for local, regional and world-wide distribution. Doug can be reached at 213-891-5106, or by e-mail at dlipstone@buchalter.com.

riskVue | The webzine for risk management professionals
January 2001