Whether you're selling products or providing services, a strong online presence is critical to your success. That can be impeded by a type of digital hijacking called “cybersquatting,” in which a third-party registers, uses or traffics in an internet domain name with bad-faith intent to profit from a trademark that belongs to someone else. How can a rights holder protect itself? Here’s a hypothetical to illustrate.
You’ve ditched your day job, followed your dreams and started a company that sells pod-style chairs that appeal to camping enthusiasts and germaphobes alike. You name your business “Goldilocks’ Three Chairs” and apply for various trademarks, including the mark GOLDILOCKS’ THREE CHAIRS, the slogan “Sitting Just Right” and a logo for your fictional Goldilocks character. You also register the domain GoldilocksThreeChairs.com. Almost overnight, you’re a success: Influencers and media outlets praise your product, and your clever social media ad campaigns go viral.
Six months after your launch, in an attempt to siphon some of your business, an unknown John Doe begins selling copycat chairs under the mark “Silversocks’ Three Hares,” using your exact slogan and a character that looks remarkably like yours. Using a registrar accredited by the Internet Corporation for Assigned Names and Numbers (ICANN), Doe renews a decades-old registration for the domain SilversocksandtheThreeHares.com (the “Silversocks domain”) and registers a new one, GoldilockssThreeChairs.com (the “Typo domain”), a slight misspelling of your business name that redirects to the Silversocks domain. Doe uses a privacy protection service to conceal his identity and contact information; his website contains no contact info at all.
What recourse do you have? How can you make him stop misdirecting consumers to his site by leveraging your intellectual property when you have no idea who he is, where he lives or how to get ahold of him?
1. Cease and Desist
Generally, when a rights holder discovers someone violating its IP, the first step is to send a cease-and-desist letter. Here, though, the lack of contact information—coupled with privacy protection—makes it difficult, if not impossible, to locate Doe. You’re forced to use the “whois” information for Doe’s domains and send a letter using (if provided) the unique privacy protected email address listed for them.
If the registrar or privacy protection service does not provide an email address, you can send the letter to Doe’s registrar, privacy protection entity and domain host. Ideally, these entities will forward your letter to Doe and reveal his contact information to you. In our hypothetical, though, all three continue to shield his identity, and he doesn’t ID himself—or respond at all.
2. UDRP Proceeding
What next? Because you’re pursuing federal registration and can show common-law rights to your mark, a Uniform Domain-Name Dispute-Resolution Policy (UDRP) proceeding is possible. These start at $1,500 plus attorneys’ fees, depending on the arbitration body and the number of panelists the complainant selects.
Filing a UDRP complaint against the Doe registrant and/or the privacy protection entity initiates this process. In 5,000 words or fewer, you must allege: 1) an identical or confusingly similar registered domain name over which you have trademark rights; 2) the lack of rights by the entity that registered the offending domain; and 3) that the other domain was registered and used in bad faith. UDRP decisions generally hold that the third element’s “register” and “use” is a conjunctive requirement. You attach “annexes” of evidence to your complaint; Doe then has a chance to respond to it, and the UDRP panel decides the issue without a hearing. The process is designed to take 60 days, though its duration may vary.
Passed in 1999, the ACPA was enacted to combat the deliberate bad-faith registration of domain names in violation of trademark rights."
A successful complaint results in cancellation or transfer of the offending domain. There are no monetary damages available under a UDRP, and it doesn’t address infringement on another website at the offending domain.
Interestingly, a UDRP proceeding may yield different results for the Silversocks domain and the Typo domain. In both instances, the first two factors above favor you: one, the Typo domain is nearly identical to yours and the Silversocks domain is confusingly similar; two, Doe lacks any prior trademark rights of his own. However, this analysis diverges when it gets to the third factor: Doe registered the Typo domain months after your launch and uses it to redirect users to his chairs sold under your slogan and a confusingly similar logo, meaning the third factor is met. But although the Silversocks domain is being used in bad faith to siphon your customers, it was registered decades before your launch, such that Doe could not have considered your then-nonexistent right or registered the name in bad faith.
3. Federal Litigation
If a UDRP proceeding is undesirable, you can pursue a federal lawsuit under the Anticybersquatting Consumer Protection Act (ACPA). Passed in 1999, the ACPA was enacted to combat the deliberate bad-faith registration of domain names in violation of trademark rights. A valid ACPA claim requires you to plead and prove 1) a valid, protectable trademark; 2) that is distinctive or famous; 3) where Doe’s domain name is identical or confusingly similar to your mark; and 4) Doe used, registered or trafficked in the domain name; 5) with a bad-faith intent to profit.
First, your “Goldilocks’ Three Chairs” is a protectable mark because although it’s yet unregistered, you have applied for registration and have significant evidence of nationwide commercial use supporting a claim to protection. Second, you must show that your mark is distinctive as a “source identifier” by showing it’s inherently distinctive or has acquired secondary meaning, or that your mark is famous. In our hypothetical, despite the word “Chairs” in your mark, evidence of distinctiveness via secondary meaning can be established from your viral success since your launch.
Next, confusing similarity can be shown because Doe reregistered the Silversocks domain at the same time he registered GoldilockssThreeChairs.com, identical to your domain but for one extra S. Courts have found intentional registration of misspelled domain names is sufficient to show confusing similarity. And because potential customers visiting the Typo domain are redirected to Doe’s site, which has a similar design, slogan and logo to your own, confusingly similarity is evident.
Fourth, you must show that Doe used, registered or trafficked in the Silversocks domain. You can do so with screen grabs of the domain and website; registration is more difficult and will take more time to prove through discovery, as the “whois” information is privacy protected. (Trafficking is not at issue in our hypothetical.)
Finally, the ACPA requires that you prove Doe acted with bad faith to profit. Courts consider a long list of non-exhaustive factors when determining intent. Evidence of bad faith in our scenario includes 1) “typosquatting,” or misspelling of your domain; 2) the lack of contact information; and 3) confusingly similar site design, slogan and logo to sell copycat products. With your case proven, the ACPA authorizes injunctive relief, transfer of domain names, attorneys’ fees (in exceptional cases) and statutory damages between $1,000 and $100,000 per domain.
In sum, you have a variety of options available to solve a cybersquatting problem. It might take time to track down online rights violators, but with persistence and patience, you can protect your brand from cyberpirates.
Ted Mahan is an associate at Irwin IP. When he is not preparing defenses against cybersquatters, Ted’s practice focuses on patent litigation in district courts across the country and before the International Trade Commission.
Lisa Holubar is Head of Trademark and Advertising Litigation at Irwin IP. Lisa’s practice also encompasses trademark prosecution and counseling clients as to the selection and enforcement of their marks and advertising review.
*Now an associate at Croke, Fairchild, Duarte & Beres.