United States: Master Of Your Domain
An Overview of the Anticybersquatting Consumer Protection Act

A domain name – the virtual address of a web page – is among the most valuable pieces of intellectual property in use today. Unheard of a decade ago, domain names are being bought and sold for millions of dollars as "dot-com" has become the mandatory suffix for many new brands. Yet the legal protections for this new gold standard have been mediocre at best, and an entire cottage industry has arisen to take advantage of that fact by staking claims to domain names that are thought to be valuable to others. At the same time, wholly dissimilar interests actually use the same name and while trademark law has long settled the question whether Cadillac can be both a dog food and a car, there is only one "cadillac.com." (Who owns it? Hint: your dog does not surf the web). Those who belatedly tried to register what they assumed were "their" names as domain names were frequently surprised to find that others had preceded them, and "their" names were already taken. Many lawsuits followed.

In November, 1999, Congress belatedly passed and the President signed a Federal budget into law. This may seem to have little to do with domain names, but in Washington our elected representatives move in mysterious ways. Tucked into the Budget bill, and passed along with it, was the Anticybersquatting Consumer Protection Act (ACPA). This article will describe how courts had previously been handling intellectual property disputes regarding domain names; how the new law changes the landscape; and how the ACPA might affect how practitioners counsel clients.

The Internet is nothing more than a huge network of other networks set up so that any one computer can communicate with any other. When the Internet was being developed, computer scientists identified each "location" by assigning it a unique numerical address that in turn was translated into a form that has come to be commonly known as http://www.whatever.com. The first portion of that address (http://www) simply told the computer that what was coming next was the location on the net from which it should go get information. The last portion (whatever.com) was the "domain name."

Before 1994, nobody really cared about domain names because e-commerce did not exist. Consumers were not using the Internet, and none of today’s major commercial Internet Service Providers were providing Internet service. Instead, proprietary systems such as CompuServe and AmericaOnline offered users "online" service, which consisted of getting to use only the content that was actually part of those services. Neither even included a web browser with their software. It was possible, albeit very difficult, to send e-mail from CompuServe to someone who was using a different online service. In doing so, consumers first encountered the ".com" at the end of their own e-mail address, but probably most did not pay it much attention.

Others did notice, and some acted on what they saw as a golden opportunity. Registering a domain name was absurdly easy. Pick a name you want, pay the nominal registration fee, and if nobody else got there before you, the domain name was yours. As with the land rushes of yesteryear, a fast and intrepid individual had an advantage over a slower-moving organization. One of the earliest examples of this kind of dispute arose in an unlikely context: Adam Curry, a former vj at MTV, wanted to create a new business capitalizing on his fame. He therefore registered the domain name "mtv.com" and established an e-mail subscription newsletter. His former employer was none too pleased when they went to try to register "mtv.com" only to find a former employee had taken "their name." MTV filed suit, claiming trademark law violations, and the case was eventually settled. Today, if you point your browser at http://www.mtv.com you will not find a trace of Mr. Curry, although he is still enshrined in the law at MTV Networks, Inc. v. Curry, 867 F. Supp. 202 (S.D.N.Y. 1994).

In the same year, competition between two leading test preparation services also reached the web. Princeton Review won the race to the registrar’s office and snagged not only its own name, but also "kaplan.com." Its primary competitor, Stanley Kaplan Educational Centers, filed suit and succeeded in obtaining "their" name, but it has been reported that Princeton came close to inflaming the dispute by threatening to register "kraplan.com" instead.

Other disputes arose between genuinely confusing entities. The publisher of Wired magazine, whose domain name was wire.com, filed suit against electronic magazine (called a "’zine" to those in the know) WIRE, which was using wire.net. Those litigants resolved their dispute, with the paper magazine providing financial support and free ads for the e- zine changing its domain name to "wwire.net."

And so the era of "cybersquatting" arrived. As the public became more aware of the Internet, and as browsers appeared along with modem speeds that made them useful, domain names skyrocketed in value. Some legitimate businesses found that their carefully nurtured brand names were being used in wholly unforeseeable ways. An early example of this phenomenon was presented in Hasbro, Inc. v. Internet Entertainment Group, Ltd., 40 U.S.P.Q.2nd (BNA) 1479 (W.D. Wash. 1996). Anyone who has ever had children knows the simple joy of playing the board game "Candyland" with a youngster who is just learning about colors. Hasbro (the maker of Candyland) was therefore not amused to find that candyland.com had been registered by the defendant, which used the site to display sexually explicit material. An injunction was granted, and the name went to Hasbro.

But if ever there were a poster child for the cybersquatter, it would be Dennis Toeppen. In 1995, Panavision International attempted to register its own name "panavision.com," but found that the name had already been taken by Illinois resident Toeppen. Mr. Toeppen had created the "panavision.com" web page consisting of photographs of the City of Pana, Illinois. When Panavision’s lawyers sent him a cease and desist letter, Toeppen responded with a memorable letter in which he claimed he had done nothing illegal:

Panavision Int’l. v. Toeppen, 141 F.3rd 1316, 1319 (9th Cir. 1998). "Cheaply and simply" turned out to be paying Toeppen $13,000 for the name, along with his promise not to "acquire any other Internet addresses which are alleged by Panavision Corporation to be its property."

Mr. Toeppen apparently had similar "cheap and simple" solutions to offer a number of other companies. He had registered domain names that sounded familiar to Delta Airlines, Neiman Marcus, Eddie Bauer, Lufthansa "and over 100 other marks." (Id. at 1319) According to the Ninth Circuit, he had offered to sell domain names to Intermatic and American Standard for $10,000 to $15,000.

Panavision sued under the Federal Trademark Dilution Act, which requires the plaintiff to show:

15 U.S.C. § 1125(c).

In his defense, Mr. Toeppen argued that his registration of "panavision.com" was not "commercial use," and the Ninth Circuit agreed, citing a number of courts that have so held. Then the Court took a more expansive approach and explained:

(Panavision, at p. 1325) (Internal quotes omitted).

Toeppen further argued that his actions did not constitute "dilution" because Panavision could easily have used alternative domain names and pursue its e-commerce interests. All Panavision had to do, he claimed, was establish another "address" where it could place its web pages and use its own trademarks. The Ninth Circuit rejected that claim as well, finding that a domain name was "…more than address. A significant purpose of a domain name is to identify the entity that owns the web site. ‘A customer who is unsure about a company’s domain name will often guess that the domain name is also the company’s name.’ Cardservice Int’l. v. McGee, 950 F. Supp 737, 741 (E.D.Va. 1997). ‘[A] domain name mirroring a corporate name may be a valuable corporate asset, as it facilitates communication with a customer base.’ MTV Networks, Inc. v. Curry." Citing another case involving Mr. Toeppen, the Court affirmed that "‘If Toeppen were allowed to use ‘intermatic.com’, Intermatic’s name and reputation would be at Toeppen’s mercy and could be associated with an unimaginable amount of messages on Toeppen’s web page….’"

While cyberpiracy is a real problem, it is important to recognize that there is another side to the issue. Mr. Toeppen’s conduct was punished by the Courts, but other domain names spawned litigation where there was clearly no intent to confuse. For instance, the popular PC supplier Gateway 2000 was unhappy to find that another company had registered and was using "gateway.com" and they filed suit. But in that case, the court refused to enjoin the defendant from using the name. The Court found that the defendant had registered the domain name in 1988 and was not trying to pass itself off as the PC company. Instead, it had chosen the domain name because of the generic meaning of "gateway" in the computer context – a unit connecting two computers. Moreover, the Court found that the defendant had gone so far as to include a link on its website for people who had intended to browse the PC company’s page. Finally, the Court observed that the PC company had only registered its federal trademark in 1994 – six years after defendant had first used this domain name. Gateway 2000 Inc. v. Gateway.com, Inc., No. 5-96- CV-1021, 1997 U.S. Dist. LEXIS 2144 (E.D.N.C. Feb. 6, 1997).

On the other hand, there are domain names where the registration seems particularly designed to fool a user. Two excellent examples: the first registration for "plannedparenthood.com" was filed by Catholic Radio, an anti-abortion advocate, which went so far as to display "Welcome to the Planned Parenthood Home Page" as the first image seen by a user. If the user browsed further, they found the anti-abortion content of the page’s real sponsor. In Planned Parenthood Federation of America v. Bucci, 1997 WL 133313 (S.D.N.Y. March 24, 1997), the Court granted an injunction under the Lanham Act preventing Catholic Radio from using the domain name, and in so doing rejected Catholic Radio’s assertion that it ought to be permitted to use the trademark as its domain name on the basis of "parody."

At the other end of the political spectrum, the Archdiocese of St. Louis filed suit against the use of domain names "papalvisit.com" and "papalvisit1999.com" The entity that had registered those domains was the same one that originally had "candyland.com," IEG - a well-known supplier of "adult material" on the Internet. The Court concluded that the Church’s common law trademarks would be diluted by being associated with such content. Archdiocese of St. Louis v. Internet Entertainment Group, 34 F. Supp. 2d 1145 (E.D. Mo. 1999). Other religious dilution issues arose in Jews for Jesus v. Brodsky, 993 F. Supp. 282 (D.N.J. 1998).

Understandably, some litigants were unhappy with the fact that "their" name had been "given away" in the first place. Some of them decided to blame the entity that was responsible for assigning names, on the theory that they had been jointly responsible for the alleged infringement. One such suit was brought by Lockheed Martin, which for decades had used the word "skunk works" to describe its unique engineering facility that lay both administratively and geographically "outside the boundaries" of the "official" Lockheed channels. When Lockheed found that someone had registered "skunkworks.com" as a domain name, it sued Network Solutions (more commonly known as "InterNIC") for the infringement. The Court rejected that claim, finding that InterNIC was not liable for "inducing others" to infringe on Lockheed’s service mark nor could it be liable for the potentially infringing conduct by others. Tellingly, the Court ruled that InterNIC had no affirmative duty to seek out potentially infringing uses of domain names by registrants. Lockheed Martin Corp. v. Network Solutions, Inc., 44 USPQ 1865, 1997 WL 721899 (C.D. Cal. Nov. 17, 1997).

Over the years, the original registrar for domain names, Network Solutions (NSI), attempted many administrative means to avoid these kinds of predicaments. Under one proposal, they would have automatically "suspended" any domain name that was the subject of a challenge by any other entity without making any determination as to the basis for the challenge or the good faith of the challenger. In speech and debate cases, this would be what is known as a "heckler’s veto," so-called because any single individual has the authority to halt the process in its tracks. NSI posts its current policy on the web at http://www.networksolutions.com/legal/dispute-policy.htm.

These early cases had all involved similar legal theories. Many plaintiffs asserted Federal claims for false advertising, dilution and false designation of origin along with analogous state law claims. But by 1999 Congress recognized that the Lanham Act had to be amended in order to address the problem of cybersquatting adequately. The Trademark Cyberpiracy Prevention Act added new section (d) to 15 U.S.C. § 1125, and provides a comprehensive solution for those whose marks are wrongfully appropriated into domain names. The bill’s authors had studied the case law, the actions of Mr. Toeppen (as well as others) and designed §(d) to address the most common recurring issues.

Effectively, the ACPA establishes a cause of action for the bad faith registration, use or "traffic in" domain names where the defendant has used a name that is identical or confusingly similar to a distinctive, pre-existing mark, or where the name "is dilutive of" an already famous mark. In §(d)(1)(B), the ACPA quite helpfully provides the Courts with a non-exhaustive outline of the factors that may be used in determining whether a defendant has acted in bad faith. Many of these factors have an interesting background.

• Factor 1 directs the Court to determine whether the person has intellectual property rights (such as a trademark) in the domain name.
• Factor 2 asks whether the domain name is simply the name of the person registering it, "or a name that is otherwise commonly used to identify that person." Therein lies a story. One of the more infamous domain name battles prior to the enactment of the ACPA was over the name "Pokey." If you watched any television in the past 25 years, you may be familiar with a character named "Gumby." (Older readers may remember him as an early example of "clay-mation." Younger readers may remember him from Eddie Murphy’s parody on Saturday Night Live.) Gumby’s "best friend" was a horse named "Pokey," but when the people who owned the rights to the Gumby characters went to register "Pokey.org" they found that someone already owned it – a 10-year old boy, whose father had given it to him as a gift. The boy had been born well past his due-date, and the family had nicknamed him "Pokey." In a remarkable display of over-aggression, the Gumby folks launched numerous legal weapons at the boy claiming he was wrongfully using "their" name, and earned the wrath of the on-line community for their heavy handed approach. The young man still maintains his page with his name. Obviously, Congress was not going to repeat the mistakes that the Gumby folks had made.
• Factor 3 directs the Court to consider whether the defendant has previously used the domain name in connection with "bona fide" offering of goods or services. In all likelihood, this Factor derives from the Gateway 2000 case described above.
• Factor 4 allows for "lawful noncommercial or fair use of the mark" in a location that can be accessed through the challenged domain name. Recognizing that "fair use" is an integral component of existing trademark law, the ACPA gives its blessing as well. This could be an important element in evaluating the legality of names of so-called "gripe sites" where a disgruntled customer or former employee registers a domain name such as "xeroxsucks.com" to post and/or solicit criticism of the identified entity.
• Factor 5 focuses on defendant’s "intent to divert consumers from the mark owner’s online location to a site…that could harm the goodwill represented by the mark, either for commercial gain or with intent to tarnish or disparage the mark…" This Factor addresses the danger exemplified by IEG’s registration of the "candyland" and "papalvist" domain names, as described above.
• Factor 6 is one of the "Toeppen Factors" – asking whether the defendant has offered to sell the domain name to the owner of the mark without ever having used the site himself "in the bona fide offering of any goods or services." Presumably, using "panavision.com" to display images of Pana, Illinois as a place-holder would not pass muster under this Factor.
• Factor 7 examines whether the defendant has registered the subject domain name using false information about herself, and whether she has intentionally failed to maintain accurate contact information. Recognizing that many users in cyberspace remain anonymous, the ACPA officially makes it suspicious to do so. Moreover, in further recognition that users will persevere in their insistence on being anonymous, the ACPA provides that in those instances where the person who registered the subject domain name cannot be found, the plaintiff can proceed with an "in rem" action against the name itself, as explained more fully below.
• Factor 8 is another "Toeppen Factor," taking account of whether the defendant has registered "multiple domain names which the person knows are identical or confusingly similar to trademarks or service marks of others…." As the Ninth Circuit noted, such conduct strongly suggests that the registration is part of a pattern of speculation/extortion rather than a bona fide intent to use the domain name for legitimate purposes.
• Factors 9 and 10 direct the Court to consider the defendant’s record of prior instances of "cybersquatting" or "cyberpiracy," or concealing their identity in the registration process. While a simple inquiry on the Internet will reveal whether the defendant has –-in her own name - previously registered any other domain names, this Factor virtually mandates that plaintiff’s counsel conduct formal discovery addressed to defendant on this subject as well.

Once a plaintiff has proven a violation of the ACPA, a variety of remedies are available. Under §(d)(1)(C), the Court can order the "forfeiture or cancellation of the domain name." While Courts were already doing so, the Act now codifies the best available remedy – "the transfer of the domain name to the owner of the mark." Moreover, under certain circumstances a plaintiff can recover up to $100,000 per domain name in "statutory damages." This can be a tremendous benefit to qualified plaintiffs, who may not be able to prove actual damages with requisite certainty. Interestingly, the ACPA specifically authorizes the Court to reduce any statutory damages award to the extent that the Court finds that the infringer "believed and had reasonable grounds to believe that the use of the domain name…was a fair or otherwise lawful use." (§3(d)). As with any other claim under the Lanham Act, a successful plaintiff can recover attorneys’ fees under certain circumstances.

The new law also specifically carves out some entities that have historically been defendants in these cases. Only the person (or the licensee of the person) who registered the domain name in violation of the ACPA can be liable. This is an important protection for Internet Service Providers, web site host services and the like who may find themselves involved with a "cyberpirate." §4 (D)(i) provides that the registrar of domain names (heretofore, Network Solutions/InterNIC, but soon to include a number of other entities) is not liable for monetary relief to anyone for refusing to register, removing from registration or otherwise canceling a domain name if it is doing so in compliance with a Court order or if it is merely implementing its own "reasonable policy" that seeks to accomplish the same purposes as the ACPA. Nor can the registrar be liable for the wrongful domain name registration itself, unless the registrar has acted in bad faith "to profit from such registration." (§D(iii)).

One of the ironic elements of the new law is the creation of the "in rem" civil action. (§2(A)). Previously a form of action known mostly to Proctors in Admiralty, who used it to sue the engines of a ship, the ACPA pragmatically acknowledges that a plaintiff may have a valid claim of cyberpiracy but be unable to find the proper defendant. In cyberspace, this could be due to false information used during registration, or the fact that the person who registered is outside the jurisdiction of the Court. New §(d)(2)(A) establishes how to proceed under these circumstances.

• Where to sue. The owner of the mark can file an in rem action in the judicial district where suit could be brought "against the registrar, domain name registry or other domain name authority that registered or assigned the domain name" but only if the trademark is registered or is protected under §706 of the Criminal Code. Moreover, the mark owner must establish to the Court’s satisfaction that the owner has exercised due diligence in attempting to locate or serve the person who would have been a defendant, or that the Court does not have personal jurisdiction over that person.
• Limitation of remedy. An in rem action is limited to obtaining a Court Order that forfeits, cancels, or transfers the domain name to the owner of the mark. Accordingly, even the owner of a registered mark cannot recover the up-to-$100,000 in statutory damages in an in rem action. On the other hand, the statute expressly preserves "any other civil action or remedy otherwise applicable," so the in rem action has the potential to be extremely useful to victims of cyberpiracy.

Passage of the new law has resulted in a stampede to the courthouses as mark owners now feel they have a clear path towards relief, and a club in the form of statutory damages up to $100,000 per domain name. Within days of the ACPA becoming law, a wide range of plaintiffs filed suits:

• New Zealand’s America’s Cup sailing team won an injunction preventing two New Zealanders from using "americascup.com" as their domain name.
• Harvard University filed suit against two men who were offering domain names that included the word "harvard" and "radcliffe" on the Web site "HarvardYardSale.com."
• The National Football League sued a California resident for registering "NFLtoday.com" and "NFLtoday.net."
• The National Hockey League filed suit against a Canadian citizen who was offering to sell e-mail addresses with the domain name "nhl.com."
• Cable television shopping giant QVC filed suit against an Arizona man who had started a website called "AdultQVC.com".

On February 2, 2000, the Second Circuit issued the first ruling on the new law from a federal appellate court in Sporty’s Farm LLC v. Sportsman’s Market, Inc., (2d Cir. No. 98-7452, per Calabresi, J.). The Court upheld an injunction against a competitor-cybersquatter but in light of the novelty of the issue it declined to find the behavior "willful" or the conduct to violate the Connecticut state Unfair Trade Practices Act.

In an era where even our household appliances are getting hooked up to the Internet, the need for protecting intellectual property rights in domain names will only intensify. In the ACPA, practitioners now have a fine tool for protecting clients’ rights quickly and effectively. For those other clients who are interested in pushing the envelope, the ACPA also provides helpful guidance on where the safe harbors may be found.

At the same time, it will be illuminating to see what any U.S. law can do to address such a pervasive problem on the Internet, which knows no geographic boundaries. While the President did sign the bill, he had initially expressed reservations about that issue. Eventually, domain name disputes may still end up being left to the Internet Corporation for Assigned Names and Numbers, ("ICANN"), rather than hoping for consistency between laws passed by all the nations of the world. As with so many areas of cyberlaw, there are many more questions than answers.