Cybersecurity

Cyber-Squatting: No Man’s Land?

06 Mar 2012

17 min read

Introduction

The Internet, over the course of the last ten years, has gone from being a novelty tool for technology enthusiasts to being one of the most ijontegral necessities to our daily lives. Millions of businesses and billions of individuals worldwide communicate with one another by means of e-mail, whilst an ever-increasing number of businesses have moved from being purely rooted in the physical world, to marketing their goods and services in Cyberspace. While this is certainly a positive development opening up a multitude of commercial opportunities and a more transparent market, the internet has also opened up new routes for unethical, abusive and opportunistic behaviour. One such form of behaviour is the practice of “cyber-squatting”, which can be generally defined as the malicious registration of and dealing in domain names having third party goodwill rights or interests with a view to extorting a profit therefrom.

The Technology

Before delving into the legal ramifications of this mischief, it is best to fully define the relevant technical background to provide the correct contextual setting. To begin with, a domain name can be equated to an electronic address on the Internet: each device connected to the Internet is allocated its own Internet Protocol address (“IP Address”). Websites and webpages also have their own IP Address, and this would normally point to the server upon which they are hosted. Version 4 of the Internet Protocol (IPv4) makes use of the IP Address in four octets of binary number, represented in decimal form, such as the following: 74.125.224.72, which belongs to Google. Typing http://74.125.224.72/ in one’s Internet browser will therefore take that person to Google’s homepage.

The problem that arises, however, is that it is difficult for humans to remember numbers; therefore the Domain Name System (“DNS”) was created, which is essentially a sophisticated method for mapping an IP Address to a string of words and letters which are meaningful to the human being. This string of words and letters is the “domain name” as we know it, which effectively serves as an distinct identity badge for that person or entity registering it.

Classes of Domain Names

To return to the analogy of electronic versus physical-world addresses, one could think of the domain therefore as veritable real-estate in Cyberspace. Just as there are classes of real-estate, so too, are there a variety of classes of domain, and these are generally divided into levels. The first level of domains is considered as being the ‘Top–Level Domains’ which are commonly abbreviated as TLD’s. These include Generic Top Level Domains (gTLD’s) such as the common ‘.com’ and ‘.net’, and which, as Internet addresses go, are the “prime locations”, and hence the most sought after. The others are Country Code Top Level Domains (ccTLD’s) which pertain to the country which issues them such as ‘.mt’ for Malta, ‘.uk’ for the United Gindom, and ‘.it’ for Italy. The TLD’s are usually fixed and immutable.

The second level domains are those domains which come after the TLD. To illustrate, if one were to register a “.com” gTLD for “abc”,  it would read ‘abc.com’ with ‘abc’ being the second level domain. The second level domains, unlike the TLDs, are changeable by the end user with whichever name they choose. This is usually the name of a person, product or company. It is also common practice to register similar names to that which one primarily uses so that the host can redirect wayward users to the correct website, such as, for example the registration of “avc.com” to anticipate typing mistakes made by less accurate users looking for “abc.com”.

The idiosyncrasy of a domain name, as opposed to a trademark or brand name, is that it is absolutely unique. If one registers ‘abc.com’, no other person or entity in the world could ever register ‘abc.com’[1]. If two (or more) different entities were allowed to keep the same domain name, the said domain name would resolve to two (or more) different IP Addresses, causing the system to become “unstable”, so that the same query made by different people from different computers would resolve to different IP Addresses. Such an outcome would clearly undermine and disrupt the function of the Internet.

Registration of Domain Names

The Internet Corporation for Assigned Names and Numbers (ICANN) coordinates and allocates IP Addresses through the Internet Assigned Names Authority (IANA), which is operated by ICANN. ICANN operates through contracts with various registries for gTLDs, with a single registry being responsible for each gTLD. The registries can then subcontract their services to various registrars, which register the second level domain names within a specific TLD. The entity to which the second-level domain name was assigned, can then assign third-level domain names internally (such as “info@abc.com”).

The registration of ccTLDs is contracted to organisations within that particular country; however the ccTLD registries have a looser relationship with ICANN than the gTLD registries.

The Issues: Cybersquatting

Having stated all of the above, it stands to reason that the registration of domain names can therefore have a variety of commercial and legal implications, particularly in the areas of ‘Fair Competition’ and ‘Trademark Registration’. Since companies may opt to register domain names for the purpose of trade and/or for marketing their trade practices, it becomes immediately evident that domains have become, at their most basic level, a marketing asset of paramount importance due to the fact that such domain names connect one’s trade, services, and/or brands to the global Internet community.  Domain names can aggregate tremendous value: according to the Guinness Book of Records, business.com is the most expensive domain name sold to date for $7.5 million; whilst Beer.com and Wine.com were sold for $7 million and $2.9 million respectively.[2] It stands to reason, therefore, that companies tend to compete over such cybernetic real-estate with great vigour.

Sadly, this has also brought about the practice of registering domains which have no connection with the registrant, for the sole purpose of selling them, at a later stage, to companies which have a legitimate connection to that domain, at a much higher price than it was bought for originally. To illustrate, in the landmark case of ‘British Telecommunications plc. vs One in a Million Limited and Ors’[3] “burgerking.co.uk” was offered to Burger King for a price of £25,000, and “bt.org” was offered to British Telecommunications for £4,700.

At face value, this practice should already evoke a sense of unethical practice. Holding such domain names for ransom, so to speak, is in fact the practice known as “cyber-squatting”, evoking the idea of “squatting” associated with the real estate analogy made above.

Another common occurrence is that where a cybersquatter registers a well-known name or brand as a second level domain, in order to direct users to his own website, which would be full of adverts. It is estimated that a cybersquatted domain can receive an average of ten thousand hits a month if the trademark is well known.[4] Since advertisers making use of the domain will pay a small amount (usually $1) for each time the advert is shown, this can mean big money for the cybersquatter who is effectively free-riding a well-known trademark. Another issue that stems from this is that the proper owner of the domain is often left discredited from the consumer’s point of view for not keeping a professional website or one that has any connection whatsoever with the trademarked product or service.

Both issues can be illustrated by reference to the recent National Arbitration Forum decision over the domain name and trademark of the popular video game series “Call of Duty: Modern Warfare 3”. In this case, a man by the name of Anthony Abraham bought the Domain ‘modernwarfare3.com’, using it to advertise its main competitor- ‘Battlefield’ –  in its stead.[5]

“Typo-squatting” is another variant of cybersquatting , and refers to a situation where a person registers misspelled versions of a well-know domain name or trademark in order to indirectly and maliciously take advantage of the associated goodwill. An example of such practices can be found in the American case of John Zuccarini, who registered misspelled domains for sites which children may be likely to look up, such as “britneyspears.com” or “cartoonnetwork.com”, only to have them redirect to websites of questionable moral value. He then proceeded to ‘mouse-trap’ users on these websites by disabling the browser’s ability to revert to the previous search page. Mr Zuccarini was subsequently brought to justice and sentenced to two years imprisonment.[6]

Resolution of Cybersquatting Disputes

The application of traditional norms to Information Technology issues is oftentimes a challenging matter, and it is for this reason that ICANN chose to implement its own dispute resolution policies and procedures. ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP)[7] is applied as a mandatory remedy in domain name disputes relating to gTLDs. A registrant of gTLD, therefore, agrees to be bound by the UDRP as a condition of the allocation of the domain.

A domain name dispute or Cybersquatting claim which arises in relation to a gTLD will thus be examined under the UDRP, rather than under national legislation, at least at the first instance.

The UDRP provides that a domain name registration is deemed to be abusive when:

  1. the domain name is identical or misleadingly similar to a trade or service mark in which the complainant has rights; and
  2. the holder of the domain name has no apparent rights or legitimate interests in respect of the domain name; and
  3. the domain name has been registered in bad faith.[8]

The bodies responsible for the administration of ccTLDs can adopt their own dispute resolution policies and procedures, although most of these are generally inspired by the ICANN UDRP. One example is Nominet UK, which implemented its own Dispute Resolution Service in 2001.[9]

On the other hand, the body responsible for the administration of the Maltese ccTLD, Network Information Centre (NIC), does not employ its own dispute resolution procedure, and in fact the Terms and Conditions on the NIC website state that “any dispute over the rights to use a particular domain name between [the registrant] and any third party after the proposed domain name has been registered should be settled between [the registrant and the third party] using any of the ordinary remedies afforded by law”.[10] This places a registrant in relation to a ‘.com.mt’ domain in a position where his only option, in the event of a dispute, would be recourse to the Maltese Courts[11]. Unfortunately, litigation in Court is a lengthy procedure and due to this reason, it is unlikely to lead to a satisfactory resolution of the matter, particularly when compared to the dispute resolution procedures mentioned above.

The other problem which would be faced by the registrant, in such a case, is the fact that there is currently no specific provision of Maltese law dealing with Cybersquatting or other domain name disputes.  The claimant will therefore have to rely on traditional legal norms in order to institute proceedings. This was evidenced in Maltese case of Clamus Limited vs Vella Gera Mark[12].The judgement in the Clamus case clearly stated that there was no specific reference to Cybersquatting of any kind under Maltese law. Nonetheless, the Court felt that it is still possible to frame a Cybersquatting issue as a trademark infringement and/or unfair competition case.

In taking its decision, the Court made reference to the above-mentioned UK case of ‘British Telecommunications plc. vs One in a Million Limited and Ors’ where the tort of ‘passing off’ was applied against a number of defendants who were systematically involved in the registration of well-known names and trademarks, without the requisite consent, with the intent of selling them to the owners of the goodwill at a premium price. The tort of ‘passing off’ which arises from common law[13], occurs, as established in Reckitt & Coleman Products Ltd v Borden Inc[14]where:

  1. the plaintiff’s goods/services have reputation and
  2. there is a misrepresentation by the defendant, leading to the public believing that the good/services being offered by the defendant are those of the plaintiff and
  3. this causes, or is likely to cause, damage to the plaintiff as a result of such misrepresentation.

An action on the basis of passing off can therefore be taken even in the case of an unregistered mark, provided that the mark has goodwill.

One can easily draw a parallel between the concept of ‘passing off’ as described above, and the concept of ‘unlawful use of names, marks of distinctive devices’ which is found under Article 32 of the Maltese Commercial Code[15], and which enunciates the following:

“Traders shall not make use of any name, mark or distinctive device capable of creating confusion with any other name, mark or distinctive device lawfully used by others, even though such other name, mark or distinctive device be not registered in terms of the Trademarks Act, nor may they make use of any firm name or fictitious name capable of misleading others as to the real importance of the firm”.

The Court in Clamus Limited vs Vella Gera Mark, which related to a known, albeit unregistered mark, therefore based its decision on the above-quoted Article 32 of the Maltese Commercial Code , and its similarly with the tort of passing off, as applied to Cybersquatting cases in the United Kingdom. It consequently ordered the defendant to cancel the registration of “clamus.com”, and in default to pay a penalty for each day of non-conformance with the decision. The Court, however, added that in order for damages to be incurred by the victim of a Cybersquatting event, such damages must be proven and quantifiable, in accordance with the general Maltese law rules on tort. In this case, the Court and refused to liquidate damages in the plaintiff’s favour as it deemed that no evidence has been brought in this respect.

It should also be noted that since this was a ‘.com’ domain, it is quite peculiar that the Court did not take cognisance of the mandatory dispute resolution procedure provided by ICANN (namely the UDRP), instead choosing to resolve the matter of its own accord.

At the time of writing, this seems to be the only judgement of its kind emanating from the Maltese Courts. With the current increase in the importance of the Internet as a marketing and sales medium we should expect more cases dealing with Cybersquatting in the near future, which will contribute in no small way to the development of the legal doctrine on the subject and add flesh to the current general legal rules which deal indirectly with this issue.

Conclusions

It is clear that Cybersquatting is a reality which has to be controlled in order to encourage a coherent and fair electronic market. Although many solutions may exist at law in dealing with the issue when it arises, one cannot help but feel like these are rather indirect in their approach. Framing a domain name dispute as a trademark infringement, passing off or unfair competition matter is not without merit; however it is arguably a complex way around, and one which is somewhat creatively trying to fit a “new” problem within the definition of an “old” law. Moreover, as mentioned above, the resolution of such disputes through a court of law is not likely to offer the efficiency or timeliness required by the claimant. The rightful owner of a domain name cannot afford to wait for numerous months, or years, to take possession of the domain. Doing so would be effectively equal to a loss of the domain, as the claimant will need to make use of another domain in order to have an online presence, and will inevitably become associated with the latter domain, rather than with the preferred domain.

In view of these arguments, the advantages of alternative dispute policies and procedures, such as those employed by ICANN or Nominet UK become quite apparent. In the first place the policies, in point of fact, create substantive norms which tackle the specific issues raised in domain name disputes. In the second place, such procedures are informal, timely, and certainly more efficient than litigation in a court. Whilst litigation in court may be a valid option at appeal stage, or in cases where a more in-depth analysis of the law may be required, an unceremonious, clear-cut approach is best suited to the first stage of a dispute, where aprima facie analysis of the fact will, in most cases, clearly indicate who the rights in the domain should belong to. In sum, litigation should be reserved to complex situations where an examination of the facts alone will need to be accompanied by an analysis of the relevant legislation.

One must inevitably comment on the lack of such a procedure employed by NIC Malta, which, as mentioned above, leaves the claimant with little options other than instituting proceedings in the Maltese Courts. On the other hand, one must also note that the lack of disputes relating to Maltese ccTLDs may not render the implementation of such procedures viable.

It is submitted that resolution procedures at a national level will not, in actual fact be the ideal solution for this situation. Whilst there is logic in resolution at a national level, if the matter relates to a ccTLD (since a particular country is resolving matters relating to its own country code), yet our argument is that the resolution of such matters on a national basis will lead to a fragmented position on the matter. Such an outcome is undesirable because as amplified above, a domain name, unlike a trademark, is absolutely unique. Moreover, its uniqueness is on a global level, so that one and only one person or entity, worldwide, can use a specific domain name. It is therefore submitted that a globally consistent set of norms, applied through a centralised dispute resolution procedure, would be the better solution to such disputes.

Finally, we feel that a global approach to domain name disputed would also be the better way forward for expediency reasons, particularly when registrations of various gTLDs and ccTLDs are to be contested. To illustrate, an entity trading globally (e.g. “eBay”) will want to register its name not only as a “.com” or “.net”, but may also wish to register various ccTLDs (e.g. “ebay.co.uk”; “ebay.fr”; “ebay.it”; “ebay.de”). In such cases, if a third party, in anticipation of eBay’s success, had already registered the ccTLDs mentioned above, then eBay may have to enter into various dispute resolution procedures, governed by different rules, in order to tackle this issue. A harmonised approach to the matter would address this fragmentation, leading to more uniformity for an issue with global effects.

For further information about how GVZH Advocates can help you with your Technology, Media and/or telecommunications requirements kindly contact us on tmt@gvzh.mt.


[1] It should be noted that cases where the same domain name was erroneously allocated to two different entities have actually occurred. One example is in the case of Pitman Training Limited vs Nominet UK ([1997] EWHC Ch 367) in relation to the domain “pitman.co.uk”. Generally, if both registrants have a legitimate claim to the second level domain name, Nominet will grant the domain on a “first come, first serve” basis. In this case, a second registration occurred, due to an error on Nominet’s end. Eventually, following litigation, the domain name remained solely with the first registrant.

[2] Andrew Murray: Information Technology Law (Oxford University Press), pg.296.

[3] [1999] 1 WLR 903, [1998] EWCA Civ 1272, [1998] 4 All ER 476, available in English here

[4] The Harmful Effects of Cybersquatting Disputes

[5] Activision Publishing Inc. Vs Anthony Abrahams – case can be found in English here

[6] The Notorious John Zuccarini

[7] All information relevant to the UDRP can be found on the ICANN website. This can be found here

[8] Uniform Domain Name Dispute Resolution Policy, Paragraph 4(a)

[10] NIC Malta Terms & Conditions, Clause 4

[11] This is the case unless both parties to the dispute agree to go to arbitration.

[12] Clamus Limited vs Vella Gera Mark C-1988/2000/1 available in Maltese here

[13] And thus is not codified under UK Law, but is established through case-law.

[14] [1990] RPC 341.

[15] Commercial Code, Chapter 13 of the Laws of Malta, available in English here


Share