November 2001
Protecting Web Domain Names
By John C. Ruhnka and John W. Bagby
Domain names make it easier for users to find and remember specific locations on the World Wide Web. When a user enters the name of a business or product (e.g., cpajournal.com) into their web browser, the domain name directs the user’s requests to a server at the correct IP (Internet protocol) address, a long string of numbers more difficult to remember than a brand name.
Domain names also create potential conflicts under trademark law, because they can also function for the purpose of generating brand image and goodwill (e.g., Ebay or AOL). Today, most new business startups and established businesses have at least some Internet presence that requires knowledge about domain name practice, registration, and protection.
Domain Names and Business Services
An ideal domain name comes readily to mind, references the business clearly and uniquely, and identifies the company’s products and services. Choosing a company or product name, trade or service mark, and Internet domain name are all important decisions with lasting impacts. Many factors come into play when choosing a domain name:
The goal of coordinating company names, product names, and trademarks with domain names is complicated because domain name registration practices developed separately from state, federal, and international trademark systems.
This disconnect between domain names and trademarks has created problems for businesses seeking to use an existing company name or trademark for their web address. Cybersquatters register a company’s name, trademarks, or close variants as domain names with the intent to resell them. Angry employees, industry critics, disgruntled suppliers or customers, or even competitors, can engage in cybersmearing, the posting of disparaging or defamatory information about management or products on bogus websites that look official.
Domain name practice is a relatively new area of intellectual property that intersects with trademark law, defamation law, First Amendment guarantees, and even securities laws. New legal developments occur frequently, and business professionals need to keep current.
Who Issues Domain Names?
Web domain names share some features with patents, trademarks, and copyrights. Patents give an exclusive right to use new, useful, and non-obvious inventions. Trademarks are commercial symbols that identify a sole source for products and services. Copyrights protect original works of expression affixed in a tangible medium from unauthorized copying or commercial use.
Patents, trademarks, and copyrights are typically issued by, or registered with, a governmental agency, such as the U.S. Patent and Trademark Office of the Department of Commerce, or the Copyright Office of the U.S. Library of Congress. Trade names may also be registered on the state level and can exist under common law, even without state or federal registration.
Domain names, by contrast, are issued by and registered with private organizations. The International Corporation for Assigned Names and Numbers (ICANN), an international nonprofit organization, certifies private organizations as accredited registrars under an international registry registrar protocol. Network Solutions Inc. (NSI) has been the leading commercial registrar for domain names since 1979. NSI developed domain name registrations in the private sector under its formerly exclusive contract with the National Science Foundation, which funded early development of the Internet. NSI (now part of VeriSign) has registered most existing domain names for the major top-level domain names (TLD)—.com, .net, .org, and .edu—over 10 million to date. Since 1999, ICANN has accredited other private registrars, such as Register.com.
International registrations. Country code TLDs can identify the country in which a web site is located, such as .de for Germany, .fr for France, .uk for the United Kingdom, and .ru for Russia. There is considerable fluidity in the relationships among nations, country codes, registries, domain name registrants, web hosts, and application service providers (ASP). For example, there is no general requirement that domain name registries be domiciled or physically located in countries whose domain names they register. Nor is there yet a general requirement that businesses must use the country codes of nations where they are incorporated or in which they have major operations. Nevertheless, nations may impose restrictions on registries or registrants. For example, the Canadian Internet Registration Authority requires some Canadian presence before it will register a .ca domain name.
Furthermore, nearly anyone, anywhere in the world, can apply for a .com or .net TLD and have the website hosted anywhere. For example, groups whose websites have been banned in their home countries could register a .com site hosted in the United States.
Cost. Annual registration fees are required by NSI and other registries to originate and to maintain a domain name registration. The NSI annual registration fees of $35 for domain names ending in .com, $30 for .net, and $25 for .org are representative, although some other registries now charge less. The original TLDs of .com, .net, .org, and .edu have been available since 1979, becoming increasingly popular with the growth of the World Wide Web in the past several year. ICANN recently approved additional TLDs, including .biz and .info, which are now available for registration. Some registries offer package deals, which may include related services such as web hosting and e-mail.
While these fees may seem nominal for a business, many companies register multiple domain names in order to prevent unauthorized use. It is also prudent to register misspellings, nicknames, or sound-alike names. To be even more comprehensive, organizations also register each domain name in each available TLD and with each available country code TLD. As a result, standard practice has evolved to register, maintain, and monitor usage for dozens or even hundreds of domain names, with all the associated registration fees and administrative costs.
Availability. The easiest way to determine whether a domain name is available is to search a registry’s website (e.g., www.netsol.com). The NSI TLD master registry includes all .com, .net, and .org names, so it is not necessary to search multiple registries. If the desired name is taken, the registry may supply the registrant’s contact information.
Domain Names and Business Names
The domain name for a business or service must be considered within the context of trademarks, service marks, and other intellectual property. It is possible to register and obtain exclusive rights to a domain name even if it will not be used to actively host a commercial website. Many firms defensively register multiple domain names to prevent others from speculating or cybersquatting on the names.
Trademark law is concerned with consumer identification of the source of products and services; accordingly, trademarks can be protected only when actually used commercially. Since 1988, it has been possible to register inactive trademarks temporarily for six months and sometimes longer. Intent to use application permits temporary trademark registration until a new business line or start-up firm actually commences operations, but trademark law discourages the warehousing of trademarks. To ensure future trademark protection for a registered domain name, it is necessary to use that name in genuine product advertising, promotion, and sales. The name should also be registered as a trademark with the U.S. Patent and Trademark Office to avoid conflicting commercial use.
If an existing business name can be registered as a domain name, it should be. Doing so capitalizes on the valuable goodwill of an existing name, particularly if prior usage has produced a well-developed brand. Case law developing in the U.S. and other nations, as well as federal anticybersquatting law, can help retrieve a domain name that has been registered to another if it is confusingly similar to a registered trademark.
Cybersquatting
Until recently, trademark owners whose names had already been registered as domain names by others had three undesirable choices: pay the amount demanded by the registrant; face the uncertainties and costs of litigation; or abandon the mark. The Anticybersquatting Consumer Protection Act of 1999 (ACPA), however, now provides civil remedies for cybersquatting—defined as the improper registration of a trademark or the name of a living person as a domain name. Under section 43(a) of the Lanham Act, the U.S. federal trademark law, a domain name holder is liable as a cybersquatter if such a holder—
The ACPA is aimed at intellectual property pirates that intentionally register trademarks of existing goods or services or domain names that are “confusingly similar” to existing marks. It applies only to trademarks or to names of living persons. Existing products or services must be registered as federal or state trademarks, or be considered common-law trademarks, in order to receive ACPA protection. Civil actions for trademark infringement rely upon federal registration. Establishing common-law trademark rights for an unregistered business or product name complicates legal efforts.
The ACPA imposes liability only where a cybersquatter has acted in bad faith; in determining this, the federal courts will consider:
The ACPA excludes a finding of bad faith where the domain name holder reasonably believed that the use was “fair use” or otherwise lawful.
An example of such fair use occurred in Hasbro Inc. v. Clue Computing Inc. [66 F. Supp.2d 177 (D. Mass 2000)]. The district court held that Clue Computing could use its registered domain name clue.com, despite Hasbro’s existing registered trademark “Clue” for its famous board game. The two fields in which the names were used were not related; Clue Computing had registered the disputed domain name first, used it in legitimate commerce, and not attempted to sell the domain name to Hasbro.
The test for determining whether the name of a living person has been improperly registered as a domain name is simpler. The ACPA prohibits registering a name identical or confusingly similar to the name of a living person, if it is done with the specific intent to profit by selling the domain name. The ACPA is aimed at protecting individuals from having their names registered by persons or organizations in the business of selling the names back to the living individuals.
The ACPA also covers a cybersquatter’s registration of confusingly similar domain names. In Shields v. Zuccarini [254 F.3d 476 (3rd Cir.2001)], the cybersquatter registered (and used) various misspellings of the trademark owner’s domain name, diverting website traffic and reducing the value of banner ad revenues for the trademark owner. The court found that the confusingly similar domain name was not used for noncommercial or fair use purposes.
ICANN can also help resolve domain name disputes. In December 1999 ICANN inaugurated an alternative dispute resolution service called The Uniform Domain Name Dispute Resolution Policy (UDRP), which uses ICANN-approved arbitrators to resolve domain name disputes submitted to ICANN for resolution. This ICANN service has settled thousands of domain name disputes. According to ICANN, nearly 75% of these UDRP settlements resulted in the cancellation of the cybersquatter’s domain name registration. The UDRP cybersquatting standards for wrongful registration are similar to ACPA’s standards. The ICANN arbitration process, however, is less expensive, faster, and more confidential than federal court litigation. The UDRP is also well suited to international domain name disputes because the hearings are ex parte (based only on filed documents; no witnesses or parties are present). Such UDRP arbitration procedures may be used either before or after litigation, and do not bind the courts. UDRP arbitration findings can also be appealed, a departure from most arbitration practice (www.icann.org/udrp).
Remedies against cybersquatters include monetary damages and the cancellation or transfer of the improper web domain name to the original owner. Where the domain name is the name of a living person not registered under the Lanham (trademark) Act, cancellation or an order to transfer the registration to the plaintiff is appropriate. The mark owner can sue for actual damages consisting of: 1) the recapture of defendant’s profits from the wrongful use of the mark, 2) up to three times the plaintiff’s actual loss or damages, 3) court costs, and, in exceptional cases, attorneys’ fees. Alternatively, the ACPA gives plaintiffs the option of suing for statutory damages for $1,000 to $100,000, as the court deems just under the circumstances.
It can sometimes be difficult to obtain personal jurisdiction over an alleged cybersquatter (the registered holder of a contested domain name) for an ACPA lawsuit. Under the ACPA, where the trademark owner cannot obtain personal legal jurisdiction over the registered owner of the domain name or where it does not receive replies to notices sent to the owner at both the registered postal and e-mail addresses, the trademark owner can proceed in rem against the domain name itself. Even the requirement to provide notice of the ACPA suit directly to the domain name holder is waived if the domain name registrant provided false contact information, cannot be located with due diligence, or cannot be effectively reached using personal jurisdiction. The disadvantage of proceeding in rem is that the court can only grant injunctive relief in the form of cancellation, forced transfer, or forfeiture of a domain name, and cannot grant monetary damages or attorneys’ fees. This does not prevent a regular civil action for damages against the cybersquatter. In rem actions can be brought in the federal district in which the domain name registrar is located, or in any judicial district where “documents sufficient to establish control and authority regarding the disposition of the registration and use of the domain are deposited with the court.” This is accomplished by filing a court-stamped copy of the ACPA in rem complaint with the domain registrar (such as VeriSign), which must then freeze the domain name awaiting the order of the court and deposit the domain name with the court where the complaint was filed.
Cybersmearing
Presently, there is only one major legal avenue for relief from cybersmearing, the practice of placing false or defamatory statements on the web. Cybersmearing can come from any number of sources, including disgruntled employees, competitors, or customers. False statements that damage one’s reputation or business are actionable as defamation or trade libel. In cases involving infringement or slander of a trademark, the mark owner could bring a civil suit for dilution of the trademark by tarnishment.
The First Amendment protects the publication of disparaging information so long as it is true. Protection under defamation law requires in most instances that the plaintiff prove that the statements about it are false. Additionally, false statements concerning public figures, which may include well-known corporate leaders, must have been made with actual malice: The speaker must know the information to be false or must be recklessly indifferent to its veracity. Defamation litigation can trigger considerable collateral damages, including legal costs, diverted employee attention, and damage to the plaintiff’s reputation. Public awareness of a defamation lawsuit often increases publicity of a cybersmearer’s allegations.
Defamation and trade libel are the traditional legal remedies for intentional damage to one’s reputation. In traditional media, significant amounts of potentially defamatory information are filtered by out the editorial process. The Internet, however, enables nearly anyone to launch a potent campaign criticizing or attacking corporate activities, products, and management.
Finding the cybersmearer. While the anonymity of the Internet protects individuals from corporate retribution for justifiable criticism (such as shielding corporate whistleblowers from reprisals for raising matters of public concern), it also reduces personal responsibility for the accuracy of statements published on the Internet or for breaches of corporate confidence. Unless the identity of a web-based defamer is known, a plaintiff must ask the court for a subpoena to force an Internet service provider (ISP) or website host to reveal the identity of the individual responsible.
Judicial interpretations of the First Amendment can protect anonymity in some instances. In 1995, the U.S. Supreme Court ruled that state laws could not prohibit ISPs from transmitting anonymous messages, regardless of their content. The ACLU has argued that the right to free speech should also apply to the Internet. In November 2000, a New Jersey Superior Court judge turned down the request of Dendrite International, a New Jersey software maker, to force an ISP to identify individuals that had made derogatory web postings about the company. The court held that the evidence offered to establish that the derogatory messages violated the law was insufficient to overcome constitutional protections to privacy. A federal court in California has developed a four-prong test for ordering disclosure of anonymous message posters [Columbia Ins. Co. v. Seecandy.com, 185 F.R.D. 573 (N.D.Cal.1999)]. First, the defendant must be described with enough specificity to determine if the court has personal jurisdiction. Second, the plaintiff must set out all the steps that will be needed to identify the defendant. Third, the plaintiff must show that the plaintiff’s claims (e.g., defamation, breach of confidentiality, securities manipulation) would survive the defendant’s motion to dismiss (i.e., there is sufficient evidence to order a trial). Fourth, reasons must be given for the John Doe subpoena. As other courts adopt or modify these criteria, the process will become clearer.
A qualified right of anonymity may not apply when web postings are used to manipulate the securities markets or violate other criminal laws. ISPs generally reveal such requested information to criminal investigators, and this has resulted in successful prosecutions. The SEC monitors web message boards when they suspect someone is using them to manipulate stock prices. In securities fraud cases, monetary damage to the company and its investors is measured by changes in stock price as well as disgorgement of trading profits made by the raiders.
ISP censorship. Three factors presently deter ISPs from censoring web activities. First, judicial interpretations of the First Amendment forbid, whenever possible, “laws or private policies with a prior restraint on free expression.” Second, ISPs must compete for subscribers, and many shun censorship in the interest of attracting users. Third, the cost of investigating all potentially defamatory or misleading postings is prohibitive.
These difficulties gained focus following the watershed case of Stratton Oakmont, Inc. v. Prodigy Services Co. An investment banking firm was criticized in a chat room hosted by Prodigy. The judge permitted the investment banker’s defamation suit to proceed, and the resulting public outcry coaxed Congress to include a provision in the Communications Decency Act (CDA) that affords ISPs nearly absolute immunity from liability for defamation (and some other forms of liability) for retransmissions of web messages originated by others. Congress intended that ISPs exercise some threshold screening and believed that this approach will encourage screening efforts because retransmission liability would be minimized.
Editors:
Paul
D. Warner, PhD, CPA
Hofstra University
L. Murphy
Smith, DBA, CPA
Texas A&M University
The
CPA Journal is broadly recognized as an outstanding, technical-refereed publication
aimed at public practitioners, management, educators, and other accounting professionals.
It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting
professionals with the information and news to enable them to be successful accountants,
managers, and executives in today's practice environments.
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.