acm-header
Sign In

Communications of the ACM

Communications of the ACM

The Collision of Trademarks, Domain Names, and due Process in Cyberspace


The domain-name system (DNS), which plays a key role in routing the large majority of Internet traffic, was designed at a time when there were few hosts and the pre-Internet network was limited mostly to academic users, researchers, and noncommercial traffic. The idea of giving internetworked computers easily remembered names dates back at least to 1971 when Peggy Karp, an early author and editor of the network engineers' Requests For Comments, prepared the first hosts.txt file, the predecessor of the modern "root" file. Each version of the DNS since then has sought to provide routing efficiency, ease of use, and the ability to scale, although it's unlikely many of the founders foresaw quite how much it would need to scale. Today, with a substantial part of the name-resolution infrastructure still provided on a volunteer basis (and the name assignment function increasingly regulated and commercialized), the DNS continues to meet its objectives of providing mnemonic-to-IP mappings while preventing name collisions on the Internet. It thus undergirds part of the network's fundamental technical stability.

Technical success, however, has bred social issues. In the mid-1990s, the DNS and the people administering it were blindsided when copyright and trademark holders decided the DNS collided with naming systems in "meatspace," or the part of life that is not cyberspace, especially with trademark law. The manifold consequences of this perceived collision have already included U.S. legislation, strange doings by various international bodies, the creation of the Internet Corporation for Assigned Names and Numbers (ICANN), plus the invention of a unique and idiosyncratic arbitration system with troubling due-process problems. It is no exaggeration to say that this crash of two collision-avoidance systems has shaped—perhaps one could say misdirected or even warped—the governance of the Internet.

Trademark law is organized around a set of objectives and assumptions that map incredibly badly onto the Internet, and even worse onto an Internet that uses the current DNS. Trademarks (and service marks) are intended to be a user-friendly shorthand for an expected level of product attributes, such as quality. Trademark law seeks to protect consumers from fraud, counterfeiting, and confusion, as well as the goodwill businesses build up in their trademarks. If someone passes off inferior goods by affixing a competitor's trademark or something that looks confusingly similar to it, both consumer expectations and supplier goodwill suffer.


The modern domain-name crisis really began when a small band of speculators discovered they could register names corresponding to trademarks, then try to resell them to trademark holders for large profits.


Throughout most of the world, trademarks are acquired solely through registration with the appropriate government department. In some countries, however, notably the U.S., "common-law trademark" rights can also be acquired through use, without the formality of registration. Like domain-name registrations, trademark reservations have a first-come-first-served aspect to them, though the similarity is limited.

Traditionally, trademark law is organized predominantly on sectoral, geographic, and national principles. The exception is a small class of "famous" names (such as Coca-Cola) where the assumption is that consumers in the region in which the mark is famous would reasonably associate the name with any type of goods on which it might appear. Otherwise, the guiding principle behind a great deal of trademark law is that it achieves its purposes best by limiting the reservation of rights in a name (or symbol or other identifier) to the type of goods and location where these goods are sold. Thus, "Joe's Pizza" can get a trademark in the town where it sells pizza, not for the whole state or the whole country; different Joe's Pizzas can dot the landscape as long as they do not serve overlapping territories. If one Joe's Pizza becomes a national business, it cannot undermine the preexisting rights of the Joe's Pizzas already extant, but it can more or less prevent them from expanding their markets. Similarly, Apple Computer coexists internationally with Apple Records because these businesses offer different classes of goods and services.

In short, trademark law is designed to allow multiple, concurrent use of the same name by different people in the same business in different places or by substantially different businesses in the same place. Trademark law is national law geared to local and regional conditions, supported by a set of international treaties in which most nations agree to allow foreigners to acquire domestic trademarks and give these marks equal treatment with other domestic marks.

In contrast, the organizing ideas of the Internet are worldwide nondiscriminatory access and layered protocols to enable provision of seamless service to the user and flexibility to the developer. The DNS is organized around two complementary hierarchies, one to register names and ensure their uniqueness, the other to resolve names to the dotted-quad IP numbers actually used to route Internet traffic. The DNS used by most Internet users requires that only one person have a single second-level domain (SLD) in each top-level domain (TLD) and that all TLDs be unique. (There are "alternate roots," or different data hierarchies for resolving mnemonics to IP numbers, though only a small fraction of Internet users avail themselves of them.)

Until recently, legal issues relating to the DNS were barely on the technologists' radar, and the primary objective in the few early RFCs that even addressed intersections between the DNS and the legal system was to find an external rule administered by someone else that could be included by reference as a sort of social function call. As a practical matter, Internet pioneer Jon Postel fixed the list of TLDs in 1984 [10]; it has hardly changed since then, other than the addition of a few new country codes. (ICANN plans a rollout of seven new, somewhat limited, TLDs in 2001.)

Postel delegated authority to register names in TLDs on a more or less first-come-first-served basis. In .com (and soon after in .org and .net), second-level domain names went to whoever asked for them first. Other TLDs imposed more restrictive criteria, but most also allocated second- or sometimes third-level names to the first qualifying applicant. As late as 1994, when the DNS design had already substantially evolved into the form it has today, RFC 1591 said little on the now-vexed question of domain names and trademarks. Similarly, on the equally explosive question of the creation of two-letter country code TLDs (ccTLDs), such as .us, .tv, and .tm, RFC 1591 said: "The IANA [Internet Assigned Numbers Authority] is not in the business of deciding what is and what is not a country" [9].

Soon after RFC 1591 was published in 1994, businesses started rushing to establish their presence on the Internet, prompting a rapid increase in commercial and near-commercial uses, including corporate PR. In this new environment, a system optimized for its technical virtues and easy mnemonics crashed into trademark law. The pressure on the DNS grew rapidly because businesses decided that .com was the best TLD; moreover, they came to believe that for practical purposes, only one person or firm could have "its" name on the Net. And, whether or not .com was the only TLD that mattered to business, the number of gTLDs and ccTLDs open to anyone with the money was certainly far smaller then the number of Joe's Pizzas or persons or firms named McDonalds.

Strangely, most of the defining domain-name conflicts have not been between competing trademark holders with the same name in different trademark classes nor between firms with the same name in similar trades located in different places. The modern domain-name crisis really began when a small band of speculators—quickly dubbed "cybersquatters"—discovered they could register names corresponding to trademarks, then try to resell them to trademark holders for large profits. As attractive domain names in .com began to be scarce, more and more speculators began to register names. Until July 1999 when .com names could be registered with no money down and 30 days or more to pay, domain-name speculation seemed a low-risk, potentially high-reward business. (Indeed, it is believed that in January 2000, the Bank of America bought "Loans.com" for $3 million; see www.canoe.ca/ TechNews0002/09_loans.html.) As the speculators moved from generic names to names that equaled, resembled, or contained trademarked words belonging to large and small corporations alike, disputes over domain names became increasingly common, spilling over into the court system. For example, courts in both the U.S. [7] and England [2] held that such registrations of trademarked words, for the purpose of resale to a trademark holder, constituted actionable trademark infringement. At least in the U.S., the correctness of this result was debatable, since both the Lanham Act and the Federal Anti-Dilution Act require "commercial use" of a term before it becomes actionable; perhaps seeking to do rough justice, courts found commercial use in the attempt to sell the names.

Even with the law on their side, trademark holders were increasingly worried and unhappy for three reasons. First, trademark law imposes a substantial burden of monitoring on the holder of a mark. Failure to contest adverse use can result in the loss of all or part of one's trademark rights; this need to police trademark rights makes intellectual property lawyers err on the side of aggressiveness. Second, even a successful federal court case is expensive in money and management time; domain-name speculators understood this, and the gap between a $100-or-so registration fee and the several-thousand-dollar cost of prosecuting even an uncomplicated case represented a substantial profit opportunity. And third, businesses slow to come to the Internet found the names they wanted were already registered to others; since these names worked everywhere, they necessarily worked in the locations where the business with the trademark was established, even if the domain-name registrant was in the same line of business far away.

The obvious technical solution to this problem was to create new TLDs so everyone could have the second-level domain names they wanted. But that only threatened to make the first two problems worse. Postel and others proposed creating several hundred new TLDs, but opposition from firms holding large numbers of valuable trademarks blocked the plan.

The conflict eventually got the attention of the White House and the U.S. Congress. In June 1998, the U.S. Department of Commerce issued a white paper Management of Internet Names and Addresses calling for the U.S. to hand off most of its operational control of the DNS to a private nonprofit company [11]. It also identified cybersquatting as a major problem in need of action by the new entity; in the interim, it also called for the U.N.'s World Intellectual Property Organization (WIPO) to provide the new body with advice on what it should do.

The U.N.'s WIPO duly convened an elaborate process and produced a lengthy report that, after proposing a maximalist trademark agenda in its initial draft, settled for requesting only most of the loaf [3, 12]. Notably, WIPO sought the authority to create a registry of famous names it would control. Only the holder of the famous trademarks would be allowed to have domain names corresponding to these names, even if other users (especially noncommercial ones) would have had a right to use the names offline, as was routinely the case.

Congress also got into the act, ultimately passing the Anticybersquatting Consumer Protection Act (ACPA) of 1999, which created new rights for trademark name holders against domain-name registrants [1]. It authorized courts to levy up to $100,000 in statutory damages against cybersquatters, regardless of the plaintiff's actual damages; in practice, the major result of this provision likely was to pressure registrants to surrender domain names, rather than risk the danger of such a large fine. ACPA also created a new "in rem" cause of action though which plaintiffs could ask a court to transfer a domain name (but no fines) even if they were unable to locate the registrants or if the registrant lived outside the jurisdiction of the U.S. courts. However, like other trademark law in the U.S., ACPA applied only to commercial users of a trademarked term; parody, criticism, and other traditionally protected uses remained protected [1].


The procedures used by the UDRP suffer from substantial due-process flaws that would have made the program obviously illegal if the U.S. government had attempted to implement it directly rather than have it done via ICANN or some other arms-length private body.


Meanwhile, the Department of Commerce, which had become the lead government agency for DNS policy, decided it would prefer not to mediate between the dot-coms calling for new TLDs and the trademark holders arguing against them. Instead, it decided to "privatize" the DNS—coincidently removing itself from the line of fire—calling for the formation of a nonprofit corporation to take over the DNS. That call was quickly answered by the founders of ICANN. Although ICANN's makeup, its somewhat secretive origins, and various aspects of its bylaws all caused controversy, Commerce soon signed a number of contracts with ICANN, giving it day-to-day control over the DNS and effectively making it the regulator of registrars and registries in .com, .org, and .net [4].

Commerce charged ICANN with technical coordination of the DNS but also instructed it to do something about cybersquatting. In so doing, it ensured that despite a formal mandate limiting ICANN to technical coordination, ICANN would inevitably be in the more controversial business of Internet governance [4]. Although ICANN did not accept WIPO's suggestion regarding famous names, it did adopt in October 1999 a modified version of its plan for mandatory arbitration of domain-name disputes it called the Uniform Dispute Resolution Policy (UDRP) [6]. In the UDRP, ICANN imposed on all current and future registrants in .com, .org, and .net a requirement that they agree to a third-party beneficiary clause in favor of any person, anywhere, who believes a registrant's domain-name registration infringes the complainant's trademark right.

This clause is not optional; ICANN's contracts with registrars requires them to include this clause in every registration contract they enter into and to modify existing contracts with their customers; registrars failing to do so would then find their registrations refused. Under the UDRP, a complainant with a trade or service mark has the burden of demonstrating three facts:

  • That the domain name is identical or confusingly similar to the registrant's use of the domain name;
  • That the registrant has no rights or legitimate interests in respect of the domain name; and
  • That the domain name was registered and is being used in bad faith [6].

The UDRP provides a nonexhaustive list of factors constituting bad faith, including registering in order to sell it to the mark holder, and some defenses, including legitimate noncommercial use.

The UDRP offers much to trademark registrants seeking to claim domain names from registrants, as the proceeding can cost under $1,000 for a panelist, depending on the complainant's choice of dispute-resolution provider. The arbitration runs on a very fast track, with each side only allowed to offer one short pleading with exhibits attached. Save in the most exceptional case—which has yet to occur—there is neither a live hearing nor online argument. Proceedings normally take 45 days or less from complaint to conclusion. Respondents who lose have 10 more days to file a challenge in a competent court; otherwise, the domain name is transferred to the complainant [6]. It is no surprise then that almost 4,000 cases have been filed under the policy since it began in mid-1999; of those that have proceeded to a decision to date, more than 75% have been decided for the complainant [8].

The UDRP's advantages to complainants come at the cost of a substantial reduction in registrants' legal rights. First, rather than both sides having equal input into who decides the case, the complainants choose the arbitral tribunal from a list of approved providers maintained by ICANN. Respondents have no say in which provider will mange the case nor peremptory challenges to arbitrators they may fear are biased. Respondents can, however, pick one member of a three-person panel—at their own expense if the complainant opted for a single panelist and the respondent decided three are needed [5]. Overall, the system gives dispute-resolution providers an economic incentive to compete by being complainant-friendly [8].

The UDRP does not require actual notice to respondents, only attempted notice for a relatively short period of time [6]. The mere sending of the complaint to postal mail, fax, and email addresses found via whois (an Internet directory service based on domain-name registration records), and by email to postmaster@<the contested domain name>; any email address shown or email links on www.domainname suffices to start the 20-day clock for the respondent's only chance to reply. The decision to forgo requiring actual notice in absolutely all cases is understandable, given the efforts the sleaziest registrants pursue to hide their contact details in shady registrations. The short deadlines, on the other hand, are completely unfair. Respondents who happen to take a three-week vacation without email can lose their chance to explain why they should keep their domain names without ever knowing it was endangered.

Most significant, the consequences of the arbitration discriminate against registrants. UDRP decisions are not "binding"; if the complainant loses, the arbitration does not preclude an attempt to bring the case in court [6]. "Nonbindingness" is a feature, not a bug; a summary procedure in which each side has only one submission and in which there is no testimony, cross-examination, briefing, or argument cannot by itself hope to make reliable determinations or sort out complex competing claims. If the system can, by design, resolve only uncomplicated cases of trademark infringement, it follows that complainants with more complex cases should lose but should still be entitled to their day in court—where sometimes they deserve to prevail.

The problem is that losing respondents are much worse off than losing complainants. Losing registrants have to sue to keep the name, taking on the burden of proof and possibly being subject to different courts, rules of procedure, language, and choice of law than if the complainant had been forced to litigate in the judicial district in which the registrant resides. Worse, under the UDRP, a losing respondent is given just 10 days to file an action in a court with jurisdiction over the complainant—or in the jurisdiction in which the registrar is located—to halt the transfer of the domain name [5]. No injunction is needed, as mere filing of an ordinary complaint suffices to stop the clock. But the requirement that the losing registrant file a complaint within 10 days still means that either the losing respondent must have hired and probably paid a lawyer in advance or the loser needs to find representation in a hurry.

This process contrasts very unfavorably with the choices facing a losing complainant, who has as much time to go to court as allowed by statutes of limitations or laches (an equitable principle barring delayed claims when the delay unduly harms the defendant), possibly months or even years. The rule has particularly harsh effects in such legal systems as the one in Mexico that restrict, or even prohibit, amendments to complaints once they are filed; the rule means the domain-name registrant who loses a UDRP arbitration has less than 10 days to find a lawyer and work out his theory and statement of the court case and no chance to correct errors or omissions caused by the rush.

These problems show that the procedures used by the UDRP suffer from substantial due-process flaws—that would have made the program obviously illegal if the U.S. government had attempted to implement it directly rather than have it done via ICANN or some other formally arms-length private body [4]. Worse, although the UDRP's basic substantive rules—representing the sort of compromise that leaves both sides unhappy—are probably fundamentally sound, what's written down has less effect than one would expect.

The dirty secret of the UDRP is that a noticeable fraction of the arbitrators don't follow the rules as written. For example, as noted earlier, the UDRP states that complainants must have a trademark in order to bring a complaint, that the domain name must be identical or confusingly similar to the trademarked term, and the respondent must have no legitimate right to use the name. Each of these requirements has been ignored with sufficient frequency as to make the rapid and inexpensive UDRP seem an attractive gamble to some parties engaged in "reverse domain-name hijacking" seeking to obtain a domain name they would not be able to get in court.

On paper, U.S. federal trademark law after the most recent amendments is more favorable to trademark plaintiffs than the UDRP. Yet arbitrators under the UDRP have been willing to find names—like directlinesucks, dixonssucks, freeservesucks, guinness-beer-really-really-sucks, guinness-really-really-sucks.com, natwestsucks, standardcharteredsucks, and walmartcanadasucks—are "identical or confusingly similar" to a trademarked term without the "sucks." Under standard trademark principles, it is very unlikely that a court would find that a consumer would be likely to think these terms indicate sponsorship by the company being mocked.


Respondents who happen to take a three-week vacation without email can lose their chance to explain why they should keep their domain name without ever knowing it was endangered.


Yet the arbitrator in the walmartsucks.com case concluded it "is by no means necessarily" so that the name "would be recognized as an address plainly dissociated from" Wal-Mart. Although the arbitrator allowed that "Some will treat the additional 'sucks' as a pejorative exclamation and therefore dissociate it after all from the complainant," he seemed to think that some people were not clever enough to make this distinction and would be "confused." Courts usually have a more robust view of consumers' IQs.

Moreover, in the U.S., most of the "sucks" sites would be constitutionally protected speech, even if they were potentially confusing, as long as they were purely noncommercial.

The first year's experience with the UDRP has revealed flaws in need of urgent correction. However, the outlook for reform is somewhat cloudy, since ICANN has yet to announce how it will conduct its review, currently scheduled for some time in 2001. Meanwhile, WIPO is pressing ahead through a series of reports and meetings that may call for increasing the UDRP's current (relatively narrow) scope to cover a much wider variety of claims relating to domain names, including those based on place names and personal names.

Over the next 10 years, the domain-name problem may be self-limiting. There is no technical bar to the creation of thousands, even tens of thousands or more, of new TLDs. Domain names themselves may become less important, as search engines and other means of finding Internet hosts become smarter and more ubiquitous. As the Internet becomes more deeply woven into society, many of the current, transitory problems—predominantly caused by established businesses first discovering the Internet—will become rarer and less controversial.

The more serious problem, however, lies at a more fundamental level. The DNS wars put in question not only who should be in charge of resolving the very uneasy coexistence between trademark law and the DNS but also future collisions between Internet technology and the legal regimes that order the rest of our lives. One way to resolve these problems is to decide that the Internet is not unique, letting the courts and legislatures get on with their jobs. Indeed, in the U.S. and elsewhere, these institutions have begun to do so, albeit with mixed results. Worse, the solution is slow and sometimes expensive. Trademark owners are not one of the least powerful groups in our society, and they eloquently, and often persuasively, argue that they were being taken advantage of while the law evolved its solutions, including ACPA. The search for interim or generally more nimble relief has led some trademark interests to advocate new solutions based in quasi-governmental and semiformal processes, including WIPO's domain-name initiative and ICANN.

ICANN's UDRP is a rapid, lightweight, inexpensive process allowing victims of cybersquatting to vindicate their rights (in practice, more than their rights) far more cheaply and quickly than would be possible in most courts. However, ICANN is a private, nonprofit corporation purporting to be little more than a standards body engaged in "technical coordination." Yet the UDRP is not in any ordinary sense "technical coordination" of the Internet. It embodies a policy choice to sacrifice the interests of (some) domain-name registrants in favor of (some) trademark registrants for the sake of a vision of the communal good.

While this policy choice is surely one a legislature could make, it is not at all evident that Congress or any other legislature in the world ever made it nor that U.S. law allows the Department of Commerce to outsource policymaking to private bodies like ICANN [4]. Similarly, overreliance on WIPO's advice raises concerns. While undoubtedly expert, WIPO is neither democratic nor nonpartisan, as it exists to further the protection of intellectual property. The procedures WIPO uses to produce its recommendations make it likely that its work product will state a consensus of intellectual property rights holders, rather than a broader view [3].

Therefore, there is substantial risk that the chief long-term fallout from the collision between domain names and trademarks will be to institutionalize decision-making processes that are neither expert technical processes applied to true standards matters nor particularly democratic or fair.

Back to Top

References

1. Anticybersquatting Consumer Protection Act, Pub. L. No. 106-43 ß 3(a)(2), 5, 113 Stat. 218, 220 (1999).

2. British Telecommunications plc and another v One In a Million Ltd and others and other actions [1998] 4 All ER 476, [1999] 1 WLR 903, [1999] RPC 1; see www.bna.com/e-law/cases/ukspencer.html.

3. Froomkin, A. Semi-private international rulemaking: Lessons learned from the WIPO domain name process. In Regulating the Global Information Society, C. Marsden, Ed. Routledge, London and New York, 2000; see www.law.miami.edu/~froomkin/articles/tprc99.pdf.

4. Froomkin, A. Wrong turn in cyberspace: Using ICANN to route around the APA and the Constitution. Duke Law J. 50, 1 (2000), 17–186.

5. ICANN. Uniform Domain-Name Dispute Resolution Policy; see www.icann.org/udrp/udrp-policy-24oct99.htm (Oct. 24, 1999)

6. ICANN. Rules for Uniform Domain Name Dispute Resolution Policy; see www.icann.org/udrp/udrp-rules-24oct99.htm (Oct. 24, 1999).

7. Intermatic, Inc., v Toeppen, 947 F. Supp. 1227, 1237-40 (N.D. Ill. 1996)

8. Mueller, M. Rough justice: An analysis of ICANN's uniform dispute resolution policy. Info. Soc. (2001); see dcc.syr.edu/roughjustice.htm

9. Postel, J. RFC 1591, Domain Name System Structure and Delegation, Internet Engineering Task Force; see www.ietf.org/rfc/rfc1591.txt (Mar. 1994).

10. Postel, J. and Reynolds, J. RFC 920, Domain Requirements 1, Internet Engineering Task Force; see www.ietf.org/rfc/rfc0920.txt (Oct. 1984)

11. U.S. Dept. of Commerce. Management of Internet names and addresses. Fed. Reg. 65 (June 10, 1998), 31,741–31,751; see www.ntia.doc.gov/ntiahome/domainname/6_5_98dns.htm.

12. World Intellectual Property Association. The Management of Internet Names and Addresses: Intellectual Property Issues, Final Report of the WIPO Internet Domain Name Process, 1999; see wipo2.wipo.int/process1/ report/finalreport.html.

Back to Top

Author

A. Michael Froomkin ([email protected]) is a professor or law at the University of Miami School of Law.


©2000 ACM  0002-0782/01/0200  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2001 ACM, Inc.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: