This article has been written by Anindita Deb, a student from Symbiosis Law School, NOIDA. In this article, the author discusses the concept of cybersquatting in the United States, along with the conditions required to hold one liable for cybersquatting, the defenses, and the rights of legitimate owners.
It has been published by Rachit Garg.
Are you worried about someone taking advantage of your online presence? If you’re a business owner or even a private individual, you should be aware of the concept of cybersquatting. In this blog post, we’ll take a look at what cybersquatting is, how it is regulated in the US, and some of the steps you can take to protect yourself.
Trademarks serve as identifiers and signify a company’s goodwill. In recent years, there has been a lot of uproar over trademark infringement through numerous techniques, one of which is cybersquatting. Cybersquatting is the registration of a domain name that contains a reference to a well-known brand, giving the false appearance that the domain name belongs to the owner of the trademark. Such deceit can drastically harm a company’s growth and development opportunities.
What is cybersquatting
Cybersquatting is a type of online activity in which someone registers a domain name that is similar to an existing trademark or brand. The cybersquatter then either uses the domain to benefit from the confusion or attempts to sell the domain back to the owner for a premium price. This practice has become a serious issue for companies, as it can lead to a significant loss of revenue.
The United States has a number of laws that aim to protect companies and individuals from cybersquatting. In the US, the most commonly used and effective law is the Anticybersquatting Consumer Protection Act (ACPA) of 1999. The ACPA is an amendment to the Lanham Act, and it prohibits the registration, trafficking, or use of an Internet domain name that is confusingly similar to a trademark or service mark.
The Anticybersquatting Consumer Protection Act of 1999 : What we need to know
The Anticybersquatting Consumer Protection Act, 1999 (ACPA), lays down a comprehensive legislative framework that combats the issue of cybersquatting in the United States. It is an Act to safeguard consumers and promote electronic commerce by amending various trademark infringement, dilution, and counterfeiting laws and for other related purposes. The ACPA holds one accountable to the owner of a trademark if they “register, traffic in, or use a domain name” that is either identical or confusingly similar to a “distinctive” mark or is identical, confusingly similar, or deceptively similar to a “famous mark” with the “bad faith intent to profit from that mark.”
The ACPA has been extensively implemented to redress a number of wrongs. These include “cybersquatting,” which happens when a registrant acquires a domain name that contains someone else’s mark and makes a lucrative offer to sell it to the mark holder.
The ACPA has also been used to prevent domain registrants from unfairly benefiting from the commercial use of another’s mark, for example, by selling or showing ads for products that compete with those of the mark holder at a domain featuring the mark. It has also been successfully enforced to stop the tarnishment of a mark resulting from its use on a website that contains pornographic or other content that the mark holder does not want his mark associated with.
Bad faith requirement under the ACPA
The bad faith requirement is an essential element under the Anticybersquatting Consumer Protection Act of 1999. The ACPA is a United States federal law that provides protection against the bad faith registration, trafficking, and use of domain names that are identical or confusingly similar to trademarks.
Under the ACPA, in order to establish a violation, the plaintiff must prove, among other things, that the domain name registrant acted in bad faith. The ACPA defines ‘bad faith’ as the intent to profit from the goodwill associated with someone else’s trademark. Bad faith may be demonstrated through a variety of factors, which are outlined in the statute itself.
The ACPA provides a non-exhaustive list of factors that may be considered in determining whether a domain name registrant has acted in bad faith. These factors include:
- The trademark or other intellectual property rights of the domain name owner, if any;
- The extent to which the domain name consists of the legal name of the domain name registrant or a name that is otherwise commonly used to identify that person;
- The prior use of the domain name in connection with the bona fide offering of goods or services;
- Lawful noncommercial or fair use of the mark in a web site under the domain name;
- The intent to divert consumers from the legitimate owner’s online location to a website that could harm the owner’s goodwill;
- The offer to sell the domain name to the trademark owner or a competitor for a substantial profit;
- The intentional provision of false contact information during the domain name registration process;
- The registration of multiple domain names that are identical or confusingly similar to famous trademarks;
- The extent to which the mark incorporated in the domain name is distinctive or famous;
Three of these factors, whose existence supports the assumption that the defendant did not act in bad faith, focus on potential legitimate uses of the domain by the defendant. These factors include:
- The defendant’s trademark or other intellectual property rights in the name;
- The extent of the domain name consisting of the defendant’s legal or nick name; and,
- The defendant’s prior use of the domain in connection with the bona fide offer of goods or services.
Multiple organizations may lawfully use the same mark in various markets or geographical locations. Using this principle, a defendant was able to defeat a plaintiff’s ACPA claim in the case of Chatham International v. Bodum, Inc. (2001), based on defendant’s registration of the domain chambord.com, where defendant used the “Chambord” mark to sell coffee makers and plaintiff used the same “Chambord” mark to sell alcohol and assorted food products.
Key features of the Act
The following highlights of the Act may be perused to get an idea of what this legislation is all about:
- Owners of trademarks are able to file a civil complaint against cybersquatters under the ACPA. At the time of the alleged cybersquatting, the trademark is required to be distinctive and either federally registered or eligible for federal registration.
- As per 15 U.S. Code § 1117(d), a court may order the transfer of the infringing domain name to the trademark owner, cancel the domain name registration, or award damages (actual damages or statutory damages ranging from $1,000 to $100,000 per domain name) if it finds a defendant guilty under the ACPA.
- The court takes into account the factors laid down under Section 1125(D), such as the registrant’s desire to profit, the scope of their trademark rights, the distinctiveness of the domain name, and the registrant’s offer to sell the domain name for a profit, when assessing whether a domain name registrant acted in bad faith.
- The ACPA has safe harbor provisions that shield Internet Service Providers (ISPs) and domain name registrars from being held liable for cybersquatting acts carried out by their customers. However, in order to be eligible for these safe harbor protections, they must adhere to specific rules, like promptly setting a domain name lock in effect.
- Domain name conflicts involving names registered with a generic Top-Level Domain (gTLD) like .com, .net, or .org are dealt with by the ACPA. However, for international domain name disputes, the Uniform Domain Name Dispute Resolution Policy (UDRP) is often used as the statutory authority instead of the ACPA.
Bad faith requirement under the UDRP
The Internet Corporation for Assigned Names and Numbers (ICANN) established the Uniform Domain Name Dispute Resolution Policy (UDRP) as a framework to settle disputes related to domain names. It provides trademark owners with an efficient means to object to the development and usage of domain names that are identical to or confusingly similar to their brands. Under the UDRP, the complainant must prove that the domain in question was registered and is being used in bad faith.
The UDRP defines bad faith as the registration or use of a domain name for the purpose of selling, renting, or transferring the domain name for financial gain. Other activities considered to be in bad faith are registering a domain in order to disrupt a competitor’s business or to prevent the trademark holder from registering the domain themselves.
To succeed in a UDRP complaint, a complainant must prove three essential elements as laid down under Paragraph 4(a) of the UDRP:
- The domain name is identical or confusingly similar to a trademark to which the complainant has rights.
- The registrant of the domain name has no legitimate rights or interests in the domain name.
- The domain name has been registered and is being used in “bad faith”.
Under the UDRP, bad faith registration and use of a domain name can be demonstrated by providing evidence of any of the following circumstances, which have been stated under Paragraph 4(b) of the UDRP Rules:
- Registration of the domain name primarily for the purpose of selling, renting, or transferring the domain name to the trademark owner or a competitor for a valuable consideration exceeding the out-of-pocket costs.
- Registration to prevent the trademark owner from reflecting its mark in a corresponding domain name, provided a pattern of such conduct is established.
- Use of the domain name to disrupt the complainant’s business, typically by creating confusion, diverting customers, or tarnishing the trademark.
- Use of the domain name to intentionally attract, for commercial gain, internet users to a website by creating confusion with the complainant’s trademark.
It is noteworthy that the UDRP does not include a comprehensive list of examples of bad faith. Panels assessing UDRP complaints have the discretion to take into account further relevant factors on an individual basis. The burden of proof lies on the complainant, who must provide proof of the domain name’s registration and usage in bad faith.
The panel may order the transfer or cancellation of the disputed domain name if the complainant successfully demonstrates all three elements mentioned above. It’s important to note that the UDRP does not involve monetary damages.
Reverse domain name hijacking under the UDRP
The UDRP also has provisions for cases of Reverse Domain Name Hijacking (RDNH), also known as reverse cybersquatting. RDNH occurs when a complainant initiates a UDRP proceeding without having a legal right to do so. A complainant can be found guilty of RDNH if they attempt to use the UDRP to take away a domain that they do not own or have a legitimate interest in.
RDNH can be a serious issue because it can harm the reputation of a domain name registrant, who may have invested significant time and resources into acquiring and developing a valuable domain name. The UDRP provides that a complainant will be found guilty of RDNH if they have “attempted to use the UDRP in bad faith to deprive a registered domain-name holder of a domain name.” In order to establish RDNH, a respondent must establish that the complainant knew or should have known that they could not prove one of the three essential elements of the UDRP complaint or that the complaint was filed in bad faith. In such cases, the domain name registrar may take action against the complainant, including suspending the domain name and making an order to pay the respondent’s legal fees and costs. The World Intellectual Property Organization (WIPO) has held in the case of uwe GMbH vs. Telepathy Inc. (2007) that “in order to establish bad faith while registering a domain name, it is crucial for the Complainant to show that the Respondent was aware, should have been aware or ought to have been aware of the Complainant and its trademark.”
It’s important to note that simply losing a UDRP case does not necessarily mean that RDNH has occurred. The panel must make a separate determination as regards reverse domain name hijacking based on the evidence presented by both parties.
In Rem jurisdiction over domain names
In rem jurisdiction is the legal right of a court to exercise its authority over a particular property or asset. In the context of cybersquatting, in rem jurisdiction is the right of a court to exercise its authority over a domain name.
In the US, a court can exercise in rem jurisdiction over a domain name if the domain name is registered in the US or the defendant is located in the US. A court can exercise rem jurisdiction over a domain name in order to resolve disputes related to ownership or use. This usually happens when a domain name is linked to criminal conduct or is involved in a legal dispute that needs to be settled. The ACPA authorizes trademark owners to file in rem actions against a domain name if the owner fails to obtain personal jurisdiction over a person who would have been a defendant or fails to locate that person after due diligence. In rem lawsuits can be brought by trademark owners “in the judicial district in which the domain name registrar, domain name registry, or other domain name authority that registered or assigned the domain name is located.”
A number of factors can be used to determine whether an entity has in rem jurisdiction over a domain name. Some of these factors have been listed below:
- the location of the registry or domain name registrar that controls the domain name.
- the place where the web servers that run the domain name’s website are located.
- the place where the person or organization that registered the domain name is located.
- location of the trademark holder who wants to make use of its rights.
If a court exercises in rem jurisdiction over a domain name, it can order the domain name registrar to transfer the domain name to the complainant.
Domain name registrars
Domain name registrars are firms or institutions which are accredited by ICANN to register and administer domain names for private individuals, as well as commercial entities. Some of the most well-known domain name registrars in the US are GoDaddy, Namecheap, Google Domains, Network Solutions, and Bluehost.
It’s essential to take into account aspects like cost, customer support, ease of use, and other services like website hosting or email hosting when selecting a domain name registrar. Additionally, it’s important to confirm that the registrar is ICANN-accredited and that it provides reliable and safe domain name registration and management services. One must further ensure that the domain name registrar is reputable. Reputable registrars provide better customer service and are more likely to take action against cybersquatters. The ICANN requires the domain registrars to follow the Uniform Domain-Name Dispute-Resolution Policy to resolve any domain name related disputes.
Domain name dispute resolution (resolving disputes under the UDRP)
The UDRP provides a streamlined process for resolving domain name disputes. Under the UDRP, a complainant must first send a complaint to the domain name registrar. The registrar then forwards the complaint to the domain name holder and opens an arbitration proceeding.
The arbitration proceeding is conducted by a panel of three experts who are appointed by the domain name registrar. The panel then reviews the evidence and renders a decision as to who has the right to the domain name.
The panel’s decision is binding on both parties, and the domain name registrar is required to take action based on the panel’s decision. The decision of the panel is based on three main factors:
- Whether the domain name is identical or confusingly similar to the trademark owned by the complainant;
- Whether the respondent has any legitimate rights or interests in the domain name;
- Whether the domain name was registered and used in bad faith.
The panel’s decision may be appealed in a court of law, but the process can be lengthy and expensive.
Complainant’s rights in a mark and similarity under the UDRP
Under the UDRP, the complainant must prove that their trademark or service mark is identical or confusingly similar to the domain name in question. The complainant must also prove that the domain name was registered and is being used in bad faith.
The UDRP also provides that the complainant must prove that they have a legitimate interest in the domain name. To prove this, the complainant must demonstrate that they had a legitimate right to the domain name before the dispute arose.
Rights and legitimate interests under the UDRP
When an individual files a complaint under the UDRP, it is essential that he prove that the respondent does not have either the right or legitimate interest in the domain name. To prove this, the complainant must demonstrate that the domain name holder has not used the domain name in connection with a bona fide offering of goods or services or for a legitimate noncommercial or fair use. In the case of SHL Medical AG v. Jacobus Petrus Elisabeth Antonius Swalen and Jacques Swalen, SHL Technologies (2020), WIPO has held that in order to succeed, the complainant must present evidence that prima facie establishes that the respondent lacks both the right and legitimate interests in the domain name.
The UDRP also provides that the domain name holder may have a legitimate interest in the domain name if they can prove that they have been commonly known by the domain name. The domain name holder may also have a legitimate interest if they can demonstrate that they are making a legitimate, noncommercial, or fair use of the domain name.
As you can see, cybersquatting is a serious issue that can be damaging to a company or individual’s online presence. The US has a number of laws and regulations in place to protect trademark and service mark holders from cybersquatting. The most effective of these is the ACPA, which prohibits the registration, trafficking, or use of an Internet domain name that is confusingly similar to a trademark or service mark.
The UDRP is also an important tool for resolving domain name disputes. Under the UDRP, the complainant must prove that the domain name was registered and is being used in bad faith. The UDRP also provides for cases of reverse domain name hijacking, in which a complainant can be found guilty of bad faith if they attempt to take away a domain that they do not own or have a legitimate interest in.
Finally, it is important to remember that the best way to protect yourself from cybersquatting is to choose a reputable domain name registrar when registering a domain name. Reputable registrars are more likely to take action against cybersquatters, and they provide better customer service.
Cybersquatting is an issue that all businesses and individuals should be aware of. By understanding the laws and regulations in place to protect them, as well as the steps they can take to protect themselves, businesses and individuals can take the necessary steps to protect their online presence.
Frequently Asked Questions (FAQs)
How can one recognize cybersquatting?
In order to find out whether the website you are visiting is being used by a cybersquatter, keep an eye out for where the domain name is taking you. It is important that you check whether the domain name links to a website. If it brings you to a site that says “this domain name is for sale,” “under construction,” “cannot find server,” or “DNS Error,” the chances are that you’re dealing with a cybersquatter. The lack of a functioning website could mean that the domain name owner just purchased the name with the intention of selling it back to you for a higher price.
However, a website’s disappearance does not necessarily indicate a cybersquatter’s absence. There might also be a genuine justification, such as the domain name owner’s completely legitimate future plans to launch a website.
How can one protect oneself from cybersquatters?
The following steps may be taken in order to stay protected from cybersquatting:
- Register your domain name from the beginning, even if you do not intend to make a website for your company/institution right away.
- You can also purchase the same domain name with multiple extensions like .com, .net, etc. in order to avoid cybersquatters.
- You can buy domain name protection plans from a verified service provider. GoDaddy offers domain name protection services.
Are cybersquatting and typosquatting similar concepts?
While the definitions of both terms may seem similar, cybersquatting and typosquatting are two different concepts. Cybersquatting occurs when a cybercriminal uses a registered website domain to advertise itself as a completely legitimate website, such as for trademarks or corporate names. Typosquatting is a type of cybersquatting in which a pre-existing URL company domain is replicated but with an intentional typo.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: