chevron-down Created with Sketch Beta.

Business Law Today

June 2016

Cyber Center: The Continued Hijacking and Ransoming of the Domain Name System by Modern-Day Corporate Privateers

Tamara Michelle Kurtzman


  • Cybersquatting creates a domain-name shortage, which results in a growing barrier to legitimate business–the inability of a company to acquire a meaningful domain can directly influence the success or failure of that business.
  • The effort by many businesses to obtain their desired domain is being waylaid by online privateers who register and hold domain names in order to later ransom them to companies seeking that domain.
  • It is important that legislation protect not only holders of existing trademarks but also the rights of businesses to fully capitalize on new marks within the online environment.
Cyber Center: The Continued Hijacking and Ransoming of the Domain Name System by Modern-Day Corporate Privateers

Jump to:

The Internet as we know it today is not yet 50 years old, but its profound influence on modem business practices, especially intellectual property, is unmistakable. Unlike in the brick-and-mortar world where consumers purchase products and services in physical stores and thus have clear context as to where, what, and from whom they are purchasing, online consumers have far fewer certain indicators of origin. Accordingly, online consumers must, to a large extent, rely on trademarks and other forms of brand recognition to identity specific goods and those responsible for their manufacture. As the number of global Internet users continues to rise, the need for corporations to maintain an online presence has similarly increased. In fact, growing numbers of businesses have become entirely Internet-based. Accordingly, trademarks serve as uniquely important identifiers in the online environment.

Just as brand names can hold significant value for their owners, so too can domain names. Often corresponding or relating to a company’s trademarks or products, domain names serve as an integral marketing and customer communication portal and offer consumers a means of easily identifying the online location of information and products of a particular business. As such, a viable domain name is not simply a luxury in today’s economy, but rather a corporate necessity without which a business is unable to effectively compete in the marketplace. The inability of a company to acquire a meaningful domain can therefore directly influence the success or failure of that business. The effort by many businesses to stake a claim within the World Wide Web is being waylaid by online privateers who register and hold domain names in the hopes of later ransoming them to companies who wish to utilize the names for legitimate and productive purposes. The result of this practice is the frustration of corporate opportunity for those unable or unwilling to pay the sums demanded by these domain-name marauders.

Anticipatory Cybersquatting

Anticipatory cybersquatting is the practice of registering domain names with minimal present value in the hopes that these names will become desirable, and therefore increasingly valuable, in the future. Specifically, anticipatory cybersquatters register domains that have no connection with the registrant for the sole purpose of selling them at a later stage to companies that have a legitimate connection to that domain, and at a much higher price than for which it was originally purchased. The result is that new businesses often find that many, if not all, of the domain names that correspond to their trademarks, products, or services have already been registered by one of these domain-name privateers. Such businesses face a difficult dilemma: pay the inflated sums demanded by the domain holder or settle for a more obscure domain name that has not yet been registered. It is important to note, however, that not all instances of anticipatory cybersquatting quash legitimate business opportunity. Specifically, as the harms associated with this practice derive primarily from an interference with a trademark holder’s trademark rights, the registration of domain names that cannot be trademarks in the first place (such as generic terms) do not compromise corporate opportunity.

Although at first glance anticipatory cybersquatting might appear to be no different from other legitimate speculative practices, anticipatory cybersquatting is indeed unique in that it directly obstructs corporate opportunity and prevents rights holders from fully exploiting those rights. If a domain name under which a company wishes to offer its products has already been claimed, it must settle for a less desirable domain name that may be less effective in attracting customers. Accordingly, the practice of anticipatory cybersquatting in many respects seems more akin to ticket scalping––the practice of purchasing large numbers of tickets to popular events and then reselling those tickets at inflated prices.

Like scalpers, anticipatory cybersquatters purchase domain names hoping that a later demand for those names will enable them to resell the domains for a profit, but a significant difference exists in the impact of these practices. Attending an event is largely a form of entertainment. A business’s inability to secure a domain name that sufficiently relates to its name or products, however, might well have a significant effect on its very existence. Although scalpers have long argued that their practices are simply those of free-market merchants, the U.S. Supreme Court and more than half of state legislatures do not agree. Indeed, 29 states have enacted legislation restricting the manner in which event tickets may be resold, and the U.S. Supreme Court has upheld antiscalping legislation as a legitimate constitutional exercise of the state’s police power. Like tickets to an event, domain names are finite in number, and, like scalpers, anticipatory cybersquatters purchase large quantities of these resources for the sole purpose of reselling them for profit. Although a great many states prohibit ticket scalping, however, none prohibit anticipatory cybersquatting.

Similarly, the warehousing, hoarding, or brokering of toll-free vanity telephone numbers has long been prohibited under the Communications Act. A vanity phone number is essentially a mnemonic device designed to facilitate the recollection of a string of numbers by associating them with a word. Like domain names, vanity numbers are unique and have distinct value as a business-marketing device. Unlike domain names, however, the hoarding of vanity numbers is specifically prohibited as an unreasonable practice contrary to the public interest. If anticipatory squatting of telephone numbers is recognized as an activity sufficiently detrimental to justify interdiction, then it requires no stretch of the imagination to infer that the similar act of anticipatory cybersquatting likewise warrants prohibition.

Although both the Anti-Cybersquatting Consumer Protection Act and ICANN’s Uniform Domain Name Dispute Resolution Policy were introduced in an attempt to alleviate domain-name extortion, neither is particularly adept at combatting anticipatory cybersquatting. Specifically, both tools were originally designed to battle those forms of cybersquatting prevalent in the late 1990s––that is, the registration of domain names corresponding to recognized famous names and existing well-established trademarks. At that time, the Internet was not yet viewed by the business world as a tool for success; few companies had any online presence, let alone a domain name. Cybersquatters took advantage of the corporate world’s slow adoption of the Internet and began registering domain names identical or similar to the names of products of well-known businesses.

One of the cases of first impression relating to domain-name registration was Panavision lnt’l, L.P. v. Toeppen. 141 F.3d 1316 (9th Cir. 1998), aff’g 945 F. Supp. 1296 (C.D. Cal. 1996).

In 1995, the defendant registered about 200 Internet domain names, including names similar to well-known companies and popular trademarks. One of these domain names was “,” the name of a well-known motion picture equipment company. When the defendant attempted to sell the domain name to Panavision for $13,000, Panavision brought suit under the Federal Trademark Dilution Act. The court ruled in favor of Panavision because the defendant was in the business of registering trademarks as domain names and then selling them back to the rightful trademark holders, and this constituted commercial use of the domain name. Further, the court found that the defendant had diluted Panavision’s mark under the rationale that a domain name is not simply an address marker, but also serves to identify the entity that owns the website.

In the years since Panavision, cybersquatting has taken on various new permutations, including the practice of anticipatory cybersquatting. Given that the majority of policies and legislation relating to cybersquatting were enacted nearly two decades ago, however, significant gaps in the thwarting of cybersquatting now exist. Today, victims of anticipatory cybersquatting are not entirely without remedy, but most current solutions unfortunately are rather indirect in their approach.

Anti-Cybersquatting Consumer Protection Act of 1999

The Anti-Cybersquatting Consumer Protection Act (ACPA) was enacted in 1999 in an attempt to prevent cybersquatters from registering Internet domain names containing trademarks for the purpose of selling those domain name back to the trademark owner. Specifically, the ACPA is an addition to the Lanham Act (the primary federal trademark statute in the United States) and allows for a civil cause of action against the bad-faith registration of domain names that are either identical or confusingly similar to (or dilutive of) distinctive or famous marks. Thus, in order to receive relief under the ACPA, the name in question must have been distinctive, famous, or both at the time of the domain name’s registration, and such registration must have occurred in bad faith. In evaluating this requisite bad-faith element, the ACPA puts forth nine, nonexhaustive factors that may be considered by the court, including a registrant’s prior history of selling domain names and a registrant’s history of registering names identical or confusingly similar to existing marks. Thus, although the ACPA contemplates the purchase of domain names for resale to established trademark owners, it does not contemplate the modern practices of registering domain names with minimal present value in the hopes that these names will become desirable, and therefore increasingly valuable, in the future.

Ironically, although the ACPA is codified as part of trademark law, it nonetheless fails to apply one of the key tenets of that law to domain names, making the ACPA a largely ineffectual tool to address anticipatory cybersquatting. Specifically, trademark rights in the United States are tied directly to use in commerce. Ownership of a mark belongs to the first-to-use, not the first-to-file. If a trademark owner stops using a mark without intending to resume using it in the future, the mark is deemed abandoned. Notably, nonuse of a trademark for three consecutive years creates a rebuttable presumption of abandonment of the mark. Thus, inherent in trademark law is the principle that someone who is not using a particular trademark should not be able to block productive use of that trademark by another party. Anticipatory cybersquatters similarly fail to put the domain name in question to use in a meaningful way and simultaneously prevent others from making use of it. As such, anticipatory cybersquatting is entirely at odds with the public policy behind established trademark law. Nonetheless, cyberquatting remains largely uncurtailed by the ACPA.

Indeed, such limitations of the ACPA are reflective of a larger problem in the approach taken by many with respect to the resolution of domain-name disputes––that is, treatment of domain-name disputes as purely trademark matters. Although likelihood of confusion is certainly a consideration in domain-name disputes (e.g., when “” was registered not by People for Ethical Treatment of Animals but by People for Eating Tasty Animals), larger issues in anticipatory cybersquatting often include the obstruction of business opportunity and unfair competition. Thus, framing a domain-name dispute solely in the context of established trademark law (as the ACPA does) in many ways is simply an attempt to fit a “new” problem within the definition of an “old” law.

The Uniform Domain-Name Dispute-Resolution Policy

In addition to the enactment of the ACPA, the year 1999 also saw the implementation of ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP). This policy is a mandatory provision of all domain-name registration agreements offered by ICANN-approved registrars. Specifically, to prevail under the UDRP, a complainant must demonstrate three elements, the first of which is that the domain name is identical or confusingly similar to a mark in which he or she holds rights. Second, the mark owner must show that the registrant has no legitimate interest in the name. The third and final element is that the registrant acquired and was using the domain name in bad faith. If the trademark holder is successful in this proceeding, the domain name in question may be either cancelled or its registration transferred to the trademark owner under the UDRP.

Although the UDRP does not directly prohibit anticipatory cybersquatting, it is currently the preferable means of extricating a domain name from anticipatory cybersquatters in many circumstances. Unlike the ACPA, the UDRP does not require that the domain name at issue be distinctive or famous at the time of registration. As such, even holders of after-acquired trademark rights may seek relief under the UDRP. Additionally, unlike the ACPA (the applicability of which is confined to the United States), the UDRP applies worldwide and can be employed against foreign cybersquatters. Proceedings under the UDRP are also generally faster and far less expensive compared to a federal lawsuit under the ACPA, given that there are far less procedural and evidentiary requirements under the UDRP. Indeed, the World Intellectual Property Organization heard 2,634 UDRP cases in 2014, representing a two percent increase from the previous year. Notably, complainants prevailed in more than 90 percent of WIPO’s reported domain-name disputes.

Other Attempts by ICANN to Reduce the Impact of Anticipatory Cybersquatting

Despite the fact that the UDRP does not directly disallow anticipatory cybersquatting, ICANN has long acknowledged that the hoarding of domain names is a genuine problem and has repeatedly sought to diminish the effects of this practice by introducing new, top-level domains. This policy has done little to eliminate the impact of anticipatory cybersquatting, however. First, cybersquatters simply register names associated with the new, top-level domains. Although the release of new domains is often accompanied by a sunrise preregistration process for registrants who hold trademark or other rights in a particular name, this protects only current trademark holders and has no effect upon anticipatory cyberquatters. Second, ICANN’s policy of increasing the number of top-level domains has little meaningful effect on cybersquatting because “.com” domains remain the most prevalent and profitable top-level domains. Although companies can, and sometimes do, choose to utilize “” domain names (e.g., “.lawyer” is currently available and “.esq” will soon be available), the majority of potential website visitors are most familiar with “.com” names––in fact, Internet-based companies are frequently referred to “dot-coms.” As such, when seeking a company’s website, consumers are likely to assume that the website is a “.com.”

In light of these largely ineffective efforts, UDRP panels have been increasingly broadening their interpretations of the bad-faith UDRP element in order to find against anticipatory cybersquatters. Specifically, administrative panels increasingly are willing to rule that, even though a trademark holder may have acquired trademark rights after the registration of a domain name, action by the domain registrant that seeks to take advantage of a complainant’s goodwill in its mark is sufficient to constitute bad faith under the UDRP. Similarly, UDRP panels increasingly have been willing to find that website inactivity (a respondent’s passive holding of the domain) is evidence of bad-faith use and registration in that it suggests registration for the purpose of selling the domain for profit.

These trends by UDRP panels are the result of individual interpretation and discretion, however, and not directly reflected in the language of the UDRP. Opponents of anticipatory cybersquatting have recently begun calling on ICANN to take steps to prohibit this practice directly by adding a “not-for-resale” provision to the UDRP or by incorporating a nonuse condition into the UDRP by which registrants have a limited period from the date of registration in which they must make bona fide use of the domain name. Under a not-for-resale provision, a domain holder could be prohibited from reselling the domain for any amount above the registration fee. Under a nonuse provision, if a registrant fails to make bona fide use of the domain within a limited period, third parties would be able to petition for the domain’s transfer upon a showing of a legitimate interest in the name. Indeed, bona fide use is already a standard adopted by the UDRP for evaluation of legitimate use; thus, such a modification clearly follows in the spirit of the policy. Because domain-name challenges under a nonuse condition would take place through the same channels and result in the same remedies as current arbitrations, no additional infrastructure is required. In 2015 ICANN updated the UDRP and included several changes aimed at further streamlining dispute procedures. However, no language or provision has thus far been incorporated to directly address anticipatory cybersquatting.


Internet users often assume that a company’s domain name will correspond to its business name or the name of its products. It is this assumption that gives cybersquatting its value. Despite well-intentioned efforts by both ICANN and the federal government to curtail cybersquatting, the practice continues to flourish in light of gaping holes present in the legislation and policies governing domain-name use. Particularly conspicuous is the unaddressed practice of anticipatory cybersquatting. Nonetheless, the effect of hijacking and ransoming domain names continues to have a profound impact on the public’s ability to form corporations with viable online commercial opportunities. In order to dismantle the growing barrier to business resulting from domain-name shortages created by cybersquatting, it is important that legislation protect not only holders of existing trademarks but also the rights of businesses to fully capitalize on new marks within the online environment.