Many unsuspecting American businesses are losing sales and facing intellectual property rights erosion due to an unwelcome Internet presence: the cybersquatter. Cybersquatters reportedly have already cost businesses approximately $175 billion worldwide in lost revenue.1 This article will discuss the parameters of anti-cybersquatting laws and various legal and practical options for companies to combat these modern-day outlaws.
The Early Days of Cybersquatting
Cybersquatters register domain names that are the same as or confusingly similar to existing brands. Similar to traditional “squatters,” cybersquatters stake claims to unused Internet domain names, and refuse to leave without compensation. In the mid-1990’s, a virtual gold rush on domain name registrations was fueled by tales of regular folks striking it rich, armed only with the clothes on their backs and dial-up AOL accounts.
Perhaps the most notorious of the early cybersquatters, Dennis Toeppen, registered domain names similar to Delta Airlines, Neiman Marcus, Eddie Bauer, and more than 100 other marks. His comeuppance resulted from his registration of panavision.com and his clever, or so he thought, posting of photographs of the city of Pana, Illinois, on the Web site. Toeppen offered to sell the domain name to Panavision for $13,000, asking in his “offer” letter: “why do you want to fund your attorney’s purchase of a new boat (or whatever) when you can facilitate the acquisition of ‘Panavision.com’ cheaply and simply instead?”
Panavision instead filed one of the first cybersquatting lawsuits.2 As no statute or common law specifically addressed cybersquatting at the time, Panavision relied upon the Federal Trademark Dilution Act (FTDA). FTDA protected against the tarnishment, or loss of distinctiveness, of famous trademarks, whether or not there was likelihood of confusion or competition. In a decisive victory, the Ninth Circuit ruled for Panavision, unpersuaded by Toeppen’s argument that his use of panavision.com was neither commercial nor in bad faith. “Toeppen’s commercial use was his attempt to sell the trademarks themselves,” so it “does not matter that he did not attach the marks to a product.”3 Also of significance was the court’s recognition that a domain name is “more than [an] address” and carries with it the significant purpose “to identify the entity that owns the Web site.”4
Modern Remedies Against Cybersquatting
Notwithstanding the Panavision decision, trademark laws were not well suited to address various nuances of cybersquatting. Other district court decisions refused to hold that mere “warehousing” of a domain name for the purpose of selling it constituted “use in commerce” of an infringing trademark, thus leaving a legal loophole for cybersquatters in most jurisdictions. Accordingly, in 1999 Congress enacted the Anticybersquatting Consumer Protection Act (ACPA).5 The same year, the Internet Corporation for Assigned Names and Numbers adopted the Uniform Domain Name Dispute Resolution Policy (UDRP), a low-cost administrative procedure specifically designed to resolve cybersquatting issues. Since the adoption of ACPA and UDRP, numerous court rulings and administrative decisions have defined the scope of these laws and confirmed their effectiveness in curbing unlawful Internet activities.
While there are now multiple strategies one can pursue to ensure that trademark rights are not infringed online, by no means has the Wild West of cyberspace been completely tamed. Choosing the best approach for a specific situation is more crucial than ever. Reaping a ransom for transfer of the domain is less common now than in the past, but present-day cybersquatters still generate illicit revenue by hosting “parked” Web pages that contain advertisements and links to goods and services that compete with the brand-holder’s business. Each click on a banner or link will result in profit for the cybersquatter and the loss of a potential sale to the brand owner.
Cybersquatters also may use their domain names to redirect to a competing Web site, again resulting in a loss of business to the brand-holder. Along with this tangible harm, this causes significant damage to the targeted owner’s intellectual property rights. As consumers searching for an official company Web site are led to unrelated pages, the brand becomes increasingly diluted. This is especially true if consumers are led to believe that an unauthorized Web site is endorsed by or affiliated with the brand-holder itself, resulting in a diminution of consumer trust in the brand.
A guide to options that should be considered (with counsel) to defend against cybersquatting:
- Be the First to Register Sometimes the best defense is a good offense. Domains can be obtained for as little as $1.99 each. By preemptively registering all of the top-level domains (e.g., .com, .net, .info, .biz) that relate to any existing or planned brand names, one limits vulnerability and the likelihood of a costly encounter with a cybersquatter. Planning in advance to accommodate the inattentive Websurfer by registering domains with commonly misspelled words is an additional step. In the long term, this planning can be expected to save both time and money.
- Contact the Cybersquatter Through various online tools, it is generally possible to track down almost any domain registrant. Having a trademark attorney send a cease and desist letter to a cybersquatter, advising of legal rights and requesting the voluntary transfer of the domain, will sometimes work. If the cybersquatter complies, potentially expensive legal action is avoided; if not, little is lost.
Available Legal Action:
Generally, legal options are administrative remedies through the UDRP or a federal lawsuit under the ACPA.
- Elements of a Cybersquatting Claim The basic elements of the UDRP and the ACPA are virtually identical. Under the UDRP, the plaintiff must prove: 1) that the domain is confusingly similar to its trademark; 2) that the registrant does not have a legitimate interest in the domain name; and 3) that the registrant registered and is now using the domain in “bad faith.” Under the ACPA, the plaintiff must prove: 1) that the domain is confusingly similar (or dilutive) of its trademark; and 2) that the registrant has registered, trafficked in, or used the domain name in “bad faith.”
- Basic Differences Between the UDRP and the ACPA In determining whether it makes more sense to file a complaint for cybersquatting under the UDRP or the ACPA, one should consider the following differences between the two legal mechanisms:
A company should consider proceeding under the UDRP when it seeks the relatively speedy and low-cost transfer of an offending domain name. As compared to a federal lawsuit, which can last anywhere from six months (for a default judgment) to three years, the average UDRP proceeding lasts approximately six weeks. Legal fees for the administrative proceeding will be considerably lower, as the entire UDRP process consists of a single complaint and an optional reply brief. Unlike formal litigation, there is no discovery, no motion practice, no in-person hearings, and no trial. However, the UDRP mechanism affords a limited remedy. A successful plaintiff can only obtain the transfer of the infringing domain name. There is no possibility of recovering monetary damages.
In especially egregious cases in which a cybersquatter has registered numerous infringing domains that have caused measurable financial damage to a business, it often is advisable to choose the ACPA option, which allows for up to $100,000 in damages per domain as well as costs and attorney’s fees. Further, in contrast to the UDRP, which requires that the plaintiff prove bad faith registration and use of the domain name, the ACPA only requires bad faith registration or use. A company should bring a federal action under the ACPA in cases in which the cybersquatter initially procured the domain innocently but subsequently commenced using the corresponding Web site in a manner designed to capitalize on the goodwill of the company’s trademark.
- Typosquatting—The Registration of Confusingly Similar Domains Note that both laws require only that the infringing domain be “confusingly similar,” not “identical” to an existing trademark. This distinction is key, as more than a decade has passed since the initial “gold rush” on Internet domain names, and the majority of domains that are identical to established trademarks have been taken. The days of stumbling upon an available domain such as walmart.com or mcdonalds.com are long over. But a new form of cybersquatting called “typosquatting” is alive and well. Typosquatting involves the registration of domains with a slight misspelling of a brand name in an attempt to capture careless Web-surfers (e.g., wallmart.com or mcdanalds.com). Another variation of typosquatting involves the addition of common generic terms to the trademark in an effort to lure unsophisticated Internet users who type in descriptive search terms in their Web browser (e.g., walmartsales.com, mcdonaldschickennuggets.com). Both types of domains are considered infringing, so long as the trademark owner can prove “bad faith” on the part of the domain name registrant.
- What Constitutes Bad Faith? In addition to the registration of a confusingly similar domain, under both the UDRP and the ACPA, the concept of “bad faith” is fundamental to establishing a successful claim for cybersquatting. In determining whether a domain name registrant is a cybersquatter or is simply an innocent party, any one or more of the following types of behavior may support the mandatory “bad faith” element:
1. The registrant has attempted to sell the domain for profit. The registrant must attempt to sell the domain “for profit;” an offer that merely amounts to the original purchase price of the domain is not “bad faith.” “Respondent’s general offer of the disputed domain name registration for sale establishes that the domain name was registered in bad faith…”6
2. The registrant used false information when registering the domain. Many cybersquatters use incorrect names, addresses, telephone numbers and e-mail addresses on the “whois” registry in order to avoid detection. Cases hold that providing false or misleading information in connection with the registration of the domain name is evidence of bad faith under the UDRP7 and under the ACPA.8
3. The registrant has a history of cybersquatting. To discover whether a registrant has a history of cybersquatting, one should conduct a “reverse whois” search to determine whether the registrant owns numerous other domains incorporating thirdparty trademarks. Both UDRP and ACPA cases have consistently found bad faith where there existed a pattern of registering domain names that incorporate well-known third-party trademarks.9 One also may search the public records of the National Arbitration Forum at http://domains.adrforum.com/decision.aspx to see if the registrant has been a defendant in other UDRP proceedings.10
4. The registrant receives revenue from “click through” advertisements. Using a domain name consisting of a confusingly similar variation of another’s mark for the purpose of providing links to third-party commercial Web sites constitutes bad faith.11 Whether or not the registrant is in fact profiting from the generation of “click through” fees, the law presumes that he or she is doing so in order to unfairly profit from the goodwill associated with the plaintiff ’s mark. 12.
5. The registrant offers competing goods and services. It is considered bad faith to use a domain name that is confusingly similar to an existing trademark in order to attract customers to a Web site that offers and sells goods and services in direct competition with the trademark owner. This is the case whether the defendant directly offers goods and services for sale or whether it leads consumers to other thirdparty sites through links or search results listing the plaintiff ’s competitors.13
6. The registrant “transfers” the domain name to a new registrant after receiving a cease and desist letter or after being served with a complaint. In most cases, such a “transfer” is simply a fraudulent name-change designed to avoid liability, and the original registrant retains full control of the domain name. This too is considered evidence of bad faith.14
7. The registrant refers to the plaintiff or its goods and services on itsWeb site. The express use on the registrant’s Web site of the plaintiff ’s logos or references to its goods and services also constitutes registration and use in bad faith. For example, the plaintiff prevailed in a recent ACPA action in which the defendant prominently featured the plaintiff ’s trademarks and logos on his site in connection with the unauthorized sale of branded merchandise.15
8. The registrant has knowledge of the plaintiff ’s trademark rights. The registrant’s knowledge may be “actual” or “constructive.” The former is established either by direct acknowledgment by the registrant or more commonly, through evidence that the registrant received the plaintiff ’s cease and desist letter.16 The latter may be established by the fact that the plaintiff possesses a federal registration with the U.S. Patent and Trademark Office for the trademark in question.17
Above is much of the information necessary to take on and defeat the cybersquatter, scourge of the Internet. Those who encounter cybersquatters should, of course, consult an experienced trademark attorney, and together, protect the valuable goodwill in their company’s trademarks!