No. CV 08-5414 (C.D. Cal. May 19, 2009)
The Central District of California denied defendant domain name registrar’s motion to dismiss plaintiff’s cybersquatting claim related to the use of the registrar’s private-registration services by an anonymous individual who allegedly hijacked plaintiff’s domain name. The court determined that the registrar was neither entitled to “blanket immunity” as a registrar nor protection under the ACPA’s various “safe harbor” provisions when it was listed as the domain name registrant or provided services beyond those of basic domain name registration. Although the court found that a direct cybersquatting action would not lie against the registrar because plaintiff’s allegations did not sufficiently allege that the registrar sought to profit from the goodwill of the plaintiff’s trademark, the acts of a customer of the registrar could give rise to contributory cybersquatting liability against the registrar on a more developed record and a finding of “exceptional circumstances” with respect to the degree of knowledge the registrar had about the customer’s illegal activity.
Plaintiff Solid Host, NL (“Solid Host”), a web-hosting company, sued defendants NameCheap, Inc. (d/b/a Whois Guard Protected) (“NameCheap”), Demand Media (d/b/a eNom) (“eNom”), and John Doe (“Doe”) (collectively “Defendants”) for cybersquatting, breach of contract, and unfair competition. Defendants eNom and NameCheap are ICANN-accredited registrars. NameCheap offers registration-privacy services under the name “WhoisGuard.” Doe is an anonymous individual.
Solid Host owned the domain name solidhost.com, which it registered through eNom in December 2004. Solid Host claimed that in August 2008, as a result of a security breach at eNom, Doe obtained Solid Host’s login and password, and moved the solidhost.com domain name to NameCheap. Doe purchased NameCheap’s “WhoisGuard” service, a privacy service that masked Doe’s identity and contact information in the Whois database. Doe also allegedly altered the IP address associated with the solidhost.com domain name, so that Internet users accessing that website viewed a website that was controlled by Doe and which stated that the domain name was for sale and provided an email address for inquiries. In connection with NameCheap’s anonymity services, Solid Host alleged that NameCheap “becomes the registered owner of a domain name desired by a customer, and licenses the name to the customer.”
Solid Host contacted Doe via the contact information on the website and received an offer from Doe to sell the domain name for $12,000. Solid Host refused to pay and contacted NameCheap, demanding that it return the solidhost.com domain name to Solid Host’s control and reveal the identity of Doe. NameCheap notified Doe of these objections, but Doe claimed he had legitimately purchased the domain name. When NameCheap relayed this information to Solid Host, Solid Host denied that the domain name had been sold. NameCheap refused to reveal Doe’s identify, indicating that it would remain “neutral” in what it perceived as a dispute between Solid Host and Doe.
Solid Host filed an ex parte application for a temporary restraining order, which the court granted on August 26, 2008. Pursuant to the court’s order, eNom returned control of the domain name to Solid Host, and NameCheap revealed Doe’s identity to Solid Host’s counsel. Solid Host did not, however, seek to amend the complaint to substitute that individual for the fictitious Doe defendant. NameCheap then filed a motion to dismiss all claims on the grounds that, as an accredited registrar, it was not subject to liability for cyberpiracy under the ACPA, the complaint failed to state a claim for cybersquatting, and Solid Host’s unfair-competition claim was based on the cybersquatting claim and not brought on behalf of the general public.
The court denied NameCheap’s motion to dismiss. As an initial matter, the court found that NameCheap’s status as a registrar did not shield it from liability because it did not act in that capacity in connection with the objected-to activities. First, the court rejected NameCheap’s argument that it was entitled to blanket immunity as a registrar under Lockheed Martin Corp. v. Network Solutions, Inc., 141 F. Supp. 2d 648 (N.D. Tex. 2001) (Lockheed Martin II). According to the court, Lockheed Martin II “stands merely for the proposition that a registrar is not liable under § 1125(d) when it acts as a registrar, i.e., when it accepts registrations for domain names from customers,” and nothing in that decision suggests that a registrar is immune under the ACPA when it acts other than as a registrar. Thus, the court concluded that “to the extent that NameCheap was the registrant of a domain name and ‘used’ the name, this section would support the imposition of liability on it, not a grant of immunity to it.”
Second, the court found that NameCheap was not immune from liability under Section 1114(2)(D)(i), which provides that “[a] domain name registrar, a domain name registry, or other domain name registration authority” shall not be liable for damages or, with some exceptions, subject to injunctive relief, for “refusing to register, removing from registration, transferring, temporarily disabling, or permanently canceling a domain name” when such action is in compliance with a court order or “in the implementation of a reasonable policy . . . prohibiting the registration of a domain name that is identical to, confusingly similar to, or dilutive of another’s mark.” The court found that NameCheap’s privacy services were not consistent with the purpose of the safe harbor, which was to work with trademark owners to prevent cybersquatting. Further, the court concluded that Section 1114(2)(D)(i) was not intended to shield registrars from liability for actions outside their core function as registrars, and thus was inapplicable here.
Third, the court found that NameCheap also was not covered by Section 1114(2)(D)(iii), which provides that “[a] domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name.” The court found that this provision related solely to “the act of registration of a domain name.” Because this was an action that eNom, not NameCheap, had taken in the case, the safe harbor was not available to NameCheap.
The court did find that Solid Host’s direct cybersquatting claim against NameCheap failed because NameCheap had not acted with a bad-faith intent to profit from Solid Host’s marks. The court explained that the bad faith required to support a cybersquatting claim is not general bad faith, but “a bad faith intent to profit from the mark.” Here, Solid Host alleged that NameCheap acted in bad faith by refusing to reveal Doe’s identity after being put on notice of Solid Host’s alleged rights and by profiting from the privacy service for the domain name after being put on notice of Solid Host’s alleged rights, among other things. The court found that none of these allegations suggested that NameCheap sought to profit specifically from the goodwill associated with Solid Host’s trademark (as opposed to NameCheap’s operation and promotion of its anonymity service). The court explained that whether NameCheap’s failure to reveal Doe’s identity might constitute bad faith in other contexts was irrelevant to the cybersquatting claim.
In its analysis of direct cybersquatting, the court did not discuss whether NameCheap had “registered, used, or trafficked in” the domain name. Nor did the court specifically address in this part of the decision whether NameCheap was a “registrant” or “authorized licensee” of the registrant.
Solid Host also asserted a claim of contributory cybersquatting. In evaluating this claim, the court indicated that the test was whether Solid Host had shown that NameCheap either (1) intentionally induced Doe to cybersquat, or (2) had knowledge of and directly controlled and monitored the instrumentality used by Doe to engage in cybersquatting. Because Solid Host had not alleged that NameCheap induced Doe’s cybersquatting, the court did not consider test (1). Regarding test (2), the court reviewed a number of prior decisions relating to contributory liability. Applying the holdings in these cases, known as the “flea market cases,” the court found that “NameCheap acted as the registrant for the domain name utilized in Doe’s cybersquatting scheme, which it then licensed to Doe.” Further, analogizing to the flea market cases, the court found that NameCheap was “the ‘cyber-landlord’ of the internet real estate stolen by Doe” (i.e., the solidhost.com domain name), and that NameCheap’s anonymity service was “central” to Doe’s cybersquatting scheme. The court noted that, if NameCheap had returned the domain name to Solid Host, Doe’s illegal activity would have ceased. Because of this, the court distinguished this case from prior decisions involving defendants who merely received linked traffic from an infringing website, or from a registrar that provided nothing more than a registration service.
The court next turned to whether Solid Host had sufficiently pleaded that NameCheap knew of Doe’s cybersquatting. The court explained that to allege this element, Solid Host was required to plead not only that NameCheap knew that Doe was trafficking in a domain name similar to or identical to Solid Host’s mark, but also knew that Doe was doing so with a bad-faith intent to profit from that mark. Further, the court explained that because some people use the privacy services for legitimate reasons, NameCheap could not be expected to analyze the good or bad faith of every customer that wanted to remain anonymous. Accordingly, the court indicated that “exceptional circumstances” must be shown to prove the degree of knowledge required to impose contributory liability for cybersquatting in this case.
Applying that test, the court noted the complaint’s allegations that Solid Host gave NameCheap a sworn declaration attesting to the relevant facts that allegedly “would have lead a normal and prudent person to conclude that the domain it registered had been stolen.” Based on this allegation, the court found that it could not conclude, as a matter of law, that Solid Host would not be able to prove exceptional circumstances satisfying the knowledge requirement for contributory liability. However, the court noted that the mere receipt of a demand letter from a third party would generally not suffice to provide notice of the illegitimate use of a domain name so as to justify the imposition of contributory liability. Moreover, where a demand letter is accompanied by sufficient evidence of a violation, the court found that the defendant may have a duty to investigate. The extent of that duty to investigate, however, would be circumscribed by the relative difficulty of confirming or denying the accusation under the facts of a particular case.
This decision is one of the few decisions addressing contributory cybersquatting as applied to domain name registrars, and it may be the first case where a cybersquatting claim has been pursued against the provider of private-registration services instead of against the registrar’s customer. Although the facts of the case are unusual because it dealt with the alleged hijacking of ownership of a domain name as opposed to traditional cybersquatting, the court’s discussion of the standards for determining contributory cybersquatting for a domain name registrar may nevertheless be useful in future cases.