American Bar Association
Forum on Communications Law
Master of Your Domain-An Overview of the Anticybersquatting Consumer Protection Act
by JEREMY D. MISHKIN
A domain name-the virtual address of a Web page-is among the most valuable pieces of intellectual property in use today. Unheard of a decade ago, domain names are being bought and sold for millions of dollars as "dot-com" has become the mandatory suffix for many new brands. Yet the legal protections for this new gold standard have been inadequate at best, and an entire cottage industry has arisen to take advantage of that fact by staking claims to domain names that are valuable to others. At the same time, wholly disparate interests actually use the same name. Although trademark law has long settled the question of whether Cadillac can be both a dog food and a car, there is only one "cadillac.com." Those who belatedly try to register what they assume are "their" names as domain names are frequently surprised to find that "their" names are already taken. Many lawsuits follow.
In November 1999, Congress belatedly passed and the president signed a federal budget into law. Buried in the budget bill-and enacted with it-was the Anticybersquatting Consumer Protection Act (ACPA). This article describes how courts have previously handled intellectual property disputes regarding domain names, how the new law changes the landscape, and how the ACPA is likely to affect how lawyers counsel clients.
History of Cybersquatting
The Internet is nothing more than a huge network of other networks set up so that any one computer can communicate with another. When the Internet was being developed, computer scientists identified each "location" by assigning it a unique numerical address that in turn is translated into a form that is commonly known as http://www. whatever.com. The first portion of that address (http://www) simply tells the computer that what was coming next was the location on the Internet from which it should get information. The last portion (whatever. com) is the "domain name."
Before 1994, domain names were not a major concern because e-commerce did not exist. Consumers were not using the Internet, and none of today's major commercial Internet service providers were providing Internet service. Instead, proprietary systems such as CompuServe and AOL offered users "online" service, which consisted of gaining access to content that was actually part of those services. Neither included a Web browser with their software. It was possible, albeit very difficult, to send e-mail from CompuServe to someone who was using a different online service. In doing so, consumers first encountered the ".com" at the end of their own e-mail address, but probably did not pay much attention to it.
Others did notice, and some acted on what they saw as a golden opportunity. Registering a domain name was absurdly easy: pick a name, pay a nominal registration fee, and if nobody else got there before you, the domain name was yours. As with the land rushes of yesteryear, a fast and intrepid individual had an advantage over a cumbersome organization.
One of the earliest examples of this kind of dispute arose in an unlikely context. Adam Curry, a former vj at MTV, wanted to create a new business capitalizing on his fame. He registered the domain name "mtv.com" and established an e-mail subscription newsletter. His former employers were not pleased when they tried to register "mtv.com," only to find that a former employee had taken "their name." MTV filed suit, claiming trademark law violations, and the case was eventually settled. Today, if you point your browser at http://www.mtv.com, you will not find a trace of Mr. Curry, although he is still enshrined in the law at MTV Networks, Inc. v. Curry.
Also in 1994, competition between two leading test preparation services reached the Web. Princeton Review won the race to the registrar's office and snagged not only its own name, but also "kaplan.com." Its primary competitor, Stanley Kaplan Educational Centers, filed suit and succeeded in obtaining "its" name, but it has been reported that Princeton came close to inflaming the dispute by threatening to register "kraplan.com" instead.
Other disputes arose between genuinely confusing entities. The publisher of Wired magazine, whose domain name was wire.com, filed suit against an electronic magazine (known as a 'zine), WIRE, that was using wire.net.4 The litigants resolved their dispute, with the paper magazine providing financial support and free ads when the e-zine changed its domain name to "wwire.net."
The era of cybersquatting arrived. As the public became more aware of the Internet, and as browsers appeared along with modem speeds that made them useful, domain names skyrocketed in value. Some legitimate businesses found that their carefully nurtured brand names were used in unforeSeeable ways. An early example was presented in Hasbro, Inc. v. Internet Entertainment Group.5 Any parent knows the simple joy of playing the board game Candyland with a youngster who is learning about colors. Hasbro (the maker of Candyland) was therefore not amused to find that candyland.com had been registered by the defendant, which used the site to display sexually explicit material. An injunction was granted, and the name went to Hasbro.
But if ever there were a poster child for the cybersquatter, it would be Dennis Toeppen. In 1995, Panavision International attempted to register its own name "panavision.com" but found that the name had already been taken by an Illinois resident named Toeppen. Mr. Toeppen had created the "panavision.com" Web page consisting of photographs of the City of Pana, Illinois. When Panavision's lawyers sent him a cease and desist letter, Toeppen responded with a memorable letter in which he claimed that he had done nothing illegal:
If your attorney has advised you otherwise, he is trying to screw you. He wants to blaze new trails in the legal frontier at your expense. Why do you want to fund your attorney's purchase of a new boat (or whatever) when you can facilitate the acquisition of "Panavision.com" cheaply and simply instead?
"Cheaply and simply" turned out to be $13,000 paid to Toeppen for the name, along with his promise not to "acquire any other Internet addresses which are alleged by Panavision Corporation to be its property." Mr. Toeppen apparently had similar "cheap and simple" solutions to offer to other companies. He had registered domain names that sounded familiar to Delta Airlines, Neiman Marcus, Eddie Bauer, Lufthansa, "and over 100 other marks."7 According to the Ninth Circuit, he had offered to sell domain names to Intermatic and American Standard for prices ranging from $10,000 to $15,000 each.
Panavision sued under the Federal Trademark Dilution Act, which requires the plaintiff to show that: (1) the mark is famous; (2) the defendant is making commercial use of the mark in commerce; (3) the defendant's use began after the mark became famous; and (4) the defendant's use of the mark dilutes the quality of the mark by diminishing the capacity of the mark to identify and distinguish goods and services.
Mr. Toeppen argued that his registration of "panavision.com" was not "commercial use" and the Ninth Circuit agreed, citing a number of courts that have so held. But then the court took a more expansive approach and explained:
Toeppen's argument misstates his use of the Panavision mark. His use is not as benign as he suggests. Toeppen's "business" is to register trademarks as domain names and then sell them to the rightful trademark owners. He acts as a spoiler, preventing Panavision and others from doing business on the Internet under their trademarked names unless they pay his fee. . . . Toeppen made a commercial use of Panavision's trademarks. It does not matter that he did not attach the marks to a product. Toeppen's commercial use was his attempt to sell the trademarks themselves. Under the Federal Trademark Dilution Act and the California Anti-dilution statute, this was sufficient commercial use.9
Toeppen further argued that his actions did not constitute "dilution" because Panavision could easily have used alternative domain names and pursue its e-commerce interests. All Panavision had to do, he claimed, was establish another "address" where it could place its Web pages and use its own trademarks. The Ninth Circuit rejected that claim, finding that a domain name was
. more than address. A significant purpose of a domain name is to identify the entity that owns the Web site. "A customer who is unsure about a company's domain name will often guess that the domain name is also the company's name." Cardservice Int'l. v. McGee, 950 F. Supp. 737, 741 (E.D. Va. 1997). "[A] domain name mirroring a corporate name may be a valuable corporate asset, as it facilitates communication with a customer base." MTV Networks, Inc. v. Curry, 867 F. Supp. 202 (S.D.N.Y. 1994).10
Citing another case involving Mr. Toeppen, the court affirmed that "[i]f Toeppen were allowed to use 'intermatic.com,' Intermatic's name and reputation would be at Toeppen's mercy and could be associated with an unimaginable amount of messages on Toeppen's Web page. . . ."11
The Other Side of Cyberpiracy
Although cyberpiracy is a real problem, it is important to recognize that there is another side to the issue. Mr. Toeppen's conduct was punished by the courts, but other domain names spawned litigation where there was clearly no intent to confuse or defraud. For instance, the popular PC supplier Gateway 2000 was unhappy to find that another company had registered and was using "gateway.com." But in that case, the court refused to enjoin the defendant from using the name. The court found that the defendant had registered the domain name in 1988 and was not trying to pass itself off as the PC company. Instead, it had chosen the domain name because of the generic meaning of "gateway" in the computer context, i.e., a unit connecting two computers. Moreover, the court found that the defendant included a link on its Web site for people who had intended to browse the PC company's page. Finally, the court observed that the PC company had registered its federal trademark in 1994, six years after the defendant had first used this domain name.
On the other hand, there are domain names where the registration Seems particularly designed to fool a user. Two excellent examples are the first registration for "plannedparenthood. com" that was filed by Catholic Radio, an anti-abortion advocate, which went so far as to display "Welcome to the Planned Parenthood Home Page" as the first image Seen by a user. Only upon browsing did users find the anti-abortion content of the page's real sponsor. In Planned Parenthood Federation of America v. Bucci,13 the court granted an injunction under the Lanham Act preventing Catholic Radio from using the domain name, and in so doing rejected Catholic Radio's assertion that it ought to be permitted to use the trademark as its domain name on the basis of "parody."
At the other end of the political spectrum, the Archdiocese of St. Louis filed suit against the use of the domain names "papalvisit.com" and "papalvisit1999.com." The entity that had registered those domains was the same one that had originally registered "candyland.com" and was a well-known supplier of adult material on the Internet. The court concluded that the church's common law trademarks would be diluted by being associated with such content.14 Other religious dilution issues arose in Jews for Jesus v. Brodsky.
Understandably, some litigants were unhappy with the fact that "their" name had been "given away" in the first place. Some decided to blame the entity that was responsible for assigning names, on the theory that it had been jointly responsible for the alleged infringement. One such suit was brought by Lockheed Martin.
Lockheed Martin had used the term "skunk works" for decades to describe its unique engineering facility. When the company found that "skunkworks. com" had been registered as a domain name, it sued Network Solutions (commonly known as InterNIC) for the infringement. The court rejected that claim, finding that InterNIC was not liable for "inducing others" to infringe on Lockheed's service mark, nor could it be liable for the potentially infringing conduct of others. The court ruled that InterNIC had no affirmative duty to Seek out potentially infringing uses of domain names by registrants.
Over the years, the original registrar for domain names, InterNIC, attempted many administrative means to avoid these kinds of predicaments. Under one proposal, InterNIC would have automatically "suspended" any domain name that was the subject of a challenge by any entity without making any determination as to the basis for the challenge or the good faith of the challenger. In speech and debate cases, this situation is known as a heckler's veto, so-called because any single individual has the authority to halt the process. InterNIC posts its current policy on the Web at www.networksolutions.com/legal/dispute-policy.htm.
The New Law
These early cases involved similar legal theories. Many plaintiffs asserted federal claims for false advertising, dilution, and false designation of origin along with analogous state law claims. By 1999, Congress recognized that the Lanham Act had to be amended to resolve the problem of cybersquatting.17 The Trademark Cyberpiracy Prevention Act added new section (d) to 15 U.S.C. § 1125 and provides a comprehensive solution for those whose marks are wrongfully appropriated into domain names.
In effect, the ACPA establishes a cause of action for the bad-faith registration, use, or "traffic in" domain names where the defendant has used a name that is identical or confusingly similar to a distinctive, preexisting mark, or where the name "is dilutive of" an already famous mark. In section (d)(1)(B), the ACPA helpfully provides the courts with a nonexhaustive outline of the ten factors that may be used to determine whether a defendant has acted in bad faith. Many of these factors have an interesting background.
Factor 1 directs the court to determine whether the person has intellectual property rights (such as a trademark) in the domain name.
Factor 2 asks whether the domain name is simply the name of the person registering it or "a name that is otherwise commonly used to identify that person." One of the more infamous domain name battles prior to the enactment of the ACPA was over the name Pokey. Television viewers may be familiar with a character named Gumby. (Older readers may remember him as an early example of "clay-mation." Younger readers may remember him from Eddie Murphy's parody on Saturday Night Live.) Gumby's best friend was a horse named Pokey. When the people who owned the rights to the Gumby characters went to register "Pokey.org," they found that someone already owned it-a ten-year-old boy, whose father had given it to him as a gift. The boy had been born well past his due date, and the family had nicknamed him "Pokey." In a remarkable display, the Gumby folks launched numerous legal weapons at the boy and earned the wrath of the online community for such a heavy-handed approach. The young man still maintains his page with his name. Obviously, Congress was not going to repeat the mistakes that the Gumby folks had made.
Factor 3 directs the court to consider whether the defendant has previously used the domain name in connection with "bona fide" offerings of goods or services. In all likelihood, this factor derives from the Gateway 2000 case.
Factor 4 allows for "lawful noncommercial or fair use of the mark" in a location that can be accessed through the challenged domain name. Recognizing that "fair use" is an integral component of existing trademark law, the ACPA gives its blessing as well. This could be an important element in evaluating the legality of names of so-called gripe sites where a disgruntled customer or former employee registers a domain name such as "xeroxsucks.com" to post and/or solicit criticism of the identified entity.
Factor 5 focuses on a defendant's "intent to divert consumers from the mark owner's online location to a site . . . that could harm the goodwill represented by the mark, either for commercial gain or with intent to tarnish or disparage the mark. . . ." This factor addresses the danger exemplified by Internet Entertainment Group's registration of the "candyland" and "papalvisit" domain names.
Factor 6 is referred to as a "Toeppen factor." It asks whether the defendant has offered to sell the domain name to the owner of the mark without ever having used the site himself or herself "in the bona fide offering of any goods or services."
Factor 7 examines whether the defendant has registered the subject domain name using false information, and whether he or she has intentionally failed to maintain accurate contact information. Recognizing that many users in cyberspace remain anonymous, the ACPA officially makes it suspicious to conceal one's identity. Moreover, in further recognition that users will persevere in their insistence on being anonymous, the ACPA provides that in those instances where the person who registered the subject domain name cannot be found, the plaintiff can proceed with an in rem action against the name itself, as explained more fully below.
Factor 8 is another "Toeppen factor," taking into account whether the defendant has registered "multiple domain names which the person knows are identical or confusingly similar to trademarks or service marks of others." Such conduct strongly suggests that the registration is part of a pattern of speculation/extortion rather than a bona fide intent to use the domain name for legitimate purposes.
Factors 9 and 10 direct the court to consider the defendant's record of prior instances of "cybersquatting" or "cyberpiracy," or of concealing his or her identity in the registration process. Although a simple inquiry on the Internet will reveal whether the defendant has previously registered any other domain names in his or her own name, this factor virtually mandates that plaintiff's counsel conduct formal discovery addressed to defendant on this subject as well.
Once a plaintiff has proven a violation of the ACPA, a variety of remedies are available. Under § 1125 (d)(1)(C), the court can order the "forfeiture or cancellation of the domain name." The ACPA now codifies the best available remedy, "the transfer of the domain name to the owner of the mark." Moreover, under certain circumstances, a plaintiff can recover up to $100,000 per domain name in "statutory damages." This can be a tremendous benefit to qualified plaintiffs, who may not be able to prove actual damages with requisite certainty. Interestingly, the ACPA specifically authorizes the court to reduce any statutory damages award to the extent that the court finds that the infringer "believed and had reasonable grounds to believe that the use of the domain name . . . was a fair or otherwise lawful use."19 As with any other claim under the Lanham Act, a successful plaintiff can recover attorneys' fees under certain circumstances.
The new law also specifically carves out some entities that have historically been defendants in these cases. Only the person (or the licenSee of the person) who registered the domain name in violation of the ACPA can be liable. This is an important protection for Internet service providers and Web site host services and the like who may find themselves involved with a "cyberpirate." Section 4(D)(i) provides that the registrar of domain names (heretofore InterNIC, but soon to include others) is not liable for monetary relief to anyone for refusing to register, removing from registration, or otherwise canceling a domain name if it is doing so in compliance with a court order or if it is merely implementing its own "reasonable policy" that Seeks to accomplish the same purposes as the ACPA. Likewise, the registrar cannot be held liable for the wrongful domain name registration itself, unless it has acted in bad faith "to profit from such registration."
In Rem Actions
One of the ironic elements of the new law is its use of the in rem civil action,21 which was previously a form of action known mostly to Proctors in Admiralty, who used it to sue the engines of a ship. The ACPA pragmatically acknowledges that a plaintiff may have a valid claim of cyberpiracy but be unable to find the proper defendant. In cyberspace, this could be due to false information used during registration or to the fact that the person who registered is outside the jurisdiction of the court.22 New section (d)(2)(A) establishes how to proceed under these circumstances.
Where to sue. The owner of the mark can file an in rem action in the judicial district where suit could be brought "against the registrar, domain name registry or other domain name authority that registered or assigned the domain name" but only if the trademark is registered or is protected under section 706 of the Criminal Code. Moreover, the mark owner must establish to the court's satisfaction that the owner has exercised due diligence in attempting to locate or serve the person who would have been a defendant, or that the court does not have personal jurisdiction over that person.
Limitation of remedy. An in rem action is limited to obtaining a court order that forfeits, cancels, or transfers the domain name to the owner of the mark. Accordingly, even the owner of a registered mark cannot recover the up-to-$100,000 in statutory damages in an in rem action. On the other hand, the statute expressly preserves "any other civil action or remedy otherwise applicable," so the in rem action has the potential to be extremely useful to victims of cyberpiracy.
Experience to Date Passage of the new law has resulted in a stampede to the courthouses by mark owners who now feel they have a clear path toward relief and a club to wield in the form of statutory damages of up to $100,000 per domain name. Within days of the ACPA becoming law, a wide range of plaintiffs filed suits:
New Zealand's America's Cup sailing team won an injunction preventing two New Zealanders from using "americascup.com" as their domain name.
Harvard University filed suit against two men who were offering domain names that included the word "harvard" and "radcliffe" on the Web site "HarvardYardSale.com."
The National Football League sued a California resident for registering "NFLtoday.com" and "NFLtoday.net."
The National Hockey League filed suit against a Canadian citizen who was offering to sell e-mail addresses with the domain name "nhl.com."
Cable television shopping giant QVC filed suit against an Arizona man who had started a Web site called "AdultQVC.com."
On February 2, 2000, the Second Circuit issued the first ruling on the new law in Sporty's Farm LLC v. Sportsman's Market, Inc.23 The court upheld an injunction against a competitor-cybersquatter, but, in light of the novelty of the issue, it declined to find the behavior "willful" or the conduct to violate the Connecticut Unfair Trade Practices Act.
In an era when even household appliances are getting hooked up to the Internet,24 the need for protecting intellectual property rights in domain names will intensify. In the ACPA, practitioners now have a fine tool for protecting the rights of clients quickly and effectively. For those other clients who are interested in pushing the envelope, the ACPA also provides helpful guidance on where the safe harbors may be found. At the same time, it will be illuminating to See what any U.S. law can do to address such a pervasive problem on the Internet, which is constrained by no geographic boundaries. Although the president did sign the bill, he had initially expressed reservations about the issue. Eventually, domain name disputes may still end up being left to the Internet Corporation for Assigned Names and Numbers (ICANN) rather than being left to the hope for consistency among laws passed by all the nations of the world. As with so many areas of cyberlaw, there are many more questions than answers.
2. 867 F. Supp. 202 (S.D.N.Y. 1994).
3. STUCKEY, INTERNET AND ONLINE LAW §7.04, at 7-47 (1999).
4. There are actually a number of what are called "top level" domains such as .com and .net. Others include .gov (for government sites) and .edu (for educational institutions). Those in charge of registering domains have not consistently applied bright-line rules for who can use .net or .com, and the potential for confusion is significant. For a classic example of confusingly similar Web addresses, compare http://www.whitehouse.gov with http://www.whitehouse.com
5. 1996 U.S. Dist. LEXIS 11626, 40 U.S.P.Q.2d (BNA) 1479 (W.D. Wash. 1996).
6. Panavision Int'l v. Toeppen, 141 F.3d 1316, 1319 (9th Cir. 1998).
7. Id. at 1319.
8.15 U.S.C. § 1125(c).
9. Panavision Int'l, 141 F.3d at 1325 (internal quotations omitted).
12. Gateway 2000, Inc. v. Gateway.com, Inc., No. 5-96-CV-1021, 1997 U.S. Dist. LEXIS 2144 (E.D.N.C. Feb. 6, 1997).
13. 1997 U.S. Dist. LEXIS 3338, 42 U.S.P.Q.2d (BNA) 1430 (S.D.N.Y. 1997).
14. Archdiocese of St. Louis v. Internet Entertainment Group, 34 F. Supp. 2d 1145 (E.D. Mo. 1999).
15. 993 F. Supp. 282 (D.N.J. 1998).
16. Lockheed Martin Corp. v. Network Solutions, 985 F. Supp. 949 (C.D. Cal. 1997).
17. Only a cynic would suggest that this heightened consciousness coincided with the fact that a number of legislators found that their own names had been used as domain names, and usually not in a flattering way. A widely publicized flap revolved around Texas Governor George W. Bush. A political gadfly registered and posted a parody of the candidate's Web site, and at first glance, the parody page was indistinguishable from the real one. Another "parody" site mocked one of the legislators who had actively promoted the Communications Decency Act and used his name as part of the domain.
18. Gateway 2000, 1997 U.S. Dist. LEXIS 2144, at *3.
19. Anticybersquatting Consumer Protection Act, Pub. L. No. 106-113, 113 Stat. 1501§ 3(d)).
20. Id. § D(iii).
21. Id. § 2(A)).
22. The question of the proper jurisdictional reach of the courts in disputes involving cyberspace is beyond the scope of this article, but much of the case law to date has arisen in cybersquatting litigation such as the Panavision case and K.C.P.L. v. Nash, No. 98-3773 (S.D.N.Y. Nov. 24, 1998) (where the New York court refused to exercise jurisdiction over an out-of-state defendant based on New York's narrower long-arm statute compared with that of California, which controlled in Panavision).
23. 2000 U.S. App. LEXIS 1246 (2d Cir. Feb. 2, 2000).
24. Smartmoney.com: The Power of the Magic I-Word, January 17, 2000 (republished on Dow Jones Newswires, January 19, 2000).
Jeremy D. Mishkin is a member of the firm Montgomery, McCracken, Walker & Rhoads, LLP, in Philadelphia, and may be reached at email@example.com.