American Association of Museums Member Center
Login
Member Home
Help
Topics

Join a Distinguished Bunch

Become a Peer Reviewer!
Cyber Pirates! Responding to Internet Theft

By Patrick O’Donnell

 

This article was published in Museum News, November/December 2001.

 

 

A teen working on a school report for his government class turns to the Internet, that lightning-fast and ever-growing repository of every sort of information imaginable. His teacher has advised him to start at U.S. government sites, many of which are quite helpful and relatively authoritative. Being an experienced navigator of cyberspace, he skips the search engines with their dozens of false hits and simply types “whitehouse.com” into his browser.

 

He’s in for an unpleasant surprise. Instead of the presidential seal and press releases about tax cuts at home and spy planes in China, his computer pulls up a cornucopia of sexually explicit images. Shocked, and believing his typo-prone fingers have betrayed him, he quickly (well, relatively quickly) retypes the domain name and hits enter, only to see more of the same. He has stumbled upon cyberpiracy.

 

Whitehouse.com is the most infamous, but far from the only Internet domain name designed to take advantage of a famous name to which the Web site operators have no connection. The practices generally described as cyberpiracy lack universally accepted definitions, but the main variations are as follows. In classic cyberpiracy, the operator sets up a Web site under a domain name similar to a well-known name to lure surfers looking for the famous name. (The Web site for the White House where Mr. Bush works is at whitehouse.gov.) A closely related practice is cybersquatting in which registrants of domain names based on famous names try to sell them to the owners of those names, who can then buy their way out of the potential trouble and embarrassment. And a third, particularly inventive practice is called typosquatting, in which someone registers a name that is just slightly off a famous one. For instance, if you type whitehous.com into your browser, you will be directed to neither Mr. Bush nor nude photographs but to a commercial site called megago.com.

 

The problem has reached museums and other cultural organizations, too. A Thai law firm reports that the first Thai cyberpiracy case involves a museum focusing on Thai art and architecture called the Jim Thompson House. And last year, the Sydney Opera House won an arbitration against a local computer firm that had registered the name sydneyoperahouse.net. The following is an explanation of the nature of the problem and your museum’s legal options for dealing with it.

 

 

Background

A basic domain name consists of two parts, the second-level domain name and the top-level domain name. All World Wide Web addresses end in a top-level domain name—the familiar .com, .net, .edu, .org, .gov, etc. Second-level domain names are the descriptive parts just to the left of the dot, like aam-us in AAM’s Web address, www.aam-us.org.

 

The number and type of top-level domain names are controlled by ICANN—the Internet Corporation for Assigned Names and Numbers—under an agreement with the U.S. Department of Commerce. ICANN accredits registries, which keep master lists of domain names correlated with the numeric codes computers use to find them. Each day a group of core computers, the “root servers” upon which the entire Internet relies, download the master list for each top-level domain name from the appropriate registry, ensuring that any computer using the Internet is guided to the correct Web site.

 

The registries contract with registrars (not the kind who work in museums) who in turn deal with people who want to buy a domain name. The registrars are primarily middlemen; you ask them if a given name is available, they tell you whether it is, and if so, they register it to you. You give them technical data about your Internet service provider (ISP) and the computer that will host your Web site, which they give to the registry for the appropriate top-level domain. You also give them identifying and contact data about yourself, which they make publicly available in a “whois” service, allowing anyone on the Web to find out who has registered a particular domain name.

 

The registrars by and large do not screen registrants for .org, .net, and .com names. They do require registrants to click through boilerplate agreements in which they generally promise not to infringe upon a trademark or engage in any other illegitimate use, but do not check into or enforce such clauses.

 

Legitimate registrants and cyberpirates alike can acquire domain names quickly, cheaply, and nearly anonymously. Some registrars charge as little as $19. With online registration and payment, it’s easy to register using false contact information, so victims may have a great deal of trouble locating cyberpirates.

 

Using an infinite variety of famous names a cyberpirate can obtain many illegitimate domain names. According to press accounts, one Pennsylvania man named John Zuccarini has registered names echoing Oprah Winfrey, Nicole Kidman, Dilbert, Microsoft’s Encarta, and Encyclopaedia Britannica, and he has been involved in cyberpiracy suits with other entities ranging from the Dave Matthews Band to The Wall Street Journal.

 

 

Changes in the Top-Level Domains

Ongoing additions of the domain-name regime will expand the possibilities for cyberpiracy. ICANN plans to open a new range of top-level domains: .biz, .info, .pro, .aero, .name, .coop, and .museum. Network Solutions, Inc. (NSI), the current registry for all .com, .net, and .org names, recently announced a “testbed” program allowing non-Roman characters (Chinese, Korean, Japanese, Arabic, Hebrew) in some of the existing domain names. Both changes add new ways for cyberpirates to capitalize on the famous names of others.

 

The newly sanctioned top-level name .museum, promises museums some protection against cyberpiracy because the anticipated registrar—the Museum Domain Management Association —proposes to give .museum domain names only to institutions meeting the definitional standard set by the International Council of Museums. MuseDoma also proposes to follow a specified, three-level descriptive naming convention, not the first-come, first-served free-for-all approach that characterizes the .com name. Though the procedures for these new .museum names had not been finalized at press time (indeed, MuseDoma has yet to finalize the contract authorizing it to embark on this project), they have been under discussion for some time. It seems clear that conflicts over .museum names are more likely to involve conflicting legitimate claims to domain names (for example, several museums focusing on black history might seek american.blackhistory.museum) or non-legal disputes over whether the three-level, hierarchical naming convention under consideration is too cumbersome rather than true cyberpiracy disputes.

 

But the threat of cyberpiracy in the older domain names remains. A .com name will often continue to be a Web surfer’s first guess; .com names may remain popular for museums, just as they are for other entities; and .com names (along with .org and .net) will continue to show up in search-engine results.

 

 

What You Can Do

 

Register Multiple Variations of Your Name

It may be galling, and it may be expensive, but the first and best line of defense against cyberpirates of any flavor is to buy up as many alternate versions of your museum’s domain name as you can think of and afford. If your institution has become well-enough known to become a possible target of cyberscams, consider buying your name in every top-level domain open to you: .org, .com, and .net, today, and .museum, .biz, .info, etc., tomorrow. To truly maximize protection, buy not just your proper name but also common short forms, acronyms, and nicknames. And, if you are very well known, consider buying conceivable typos based on your name.

 

Fees can run into hundreds of dollars annually, but it is still likely to be cheaper than even one contested court case against a cybersquatter.

 

Register Your Trademark

Do you charge admission or sell gift-shop items bearing your museum’s name? If so, you probably engage in “commercial use” of your name and may qualify for trademark or service mark protection. Register your name with the U.S. Patent and Trademark office if you have not already done so.

 

A “mark” (which is what your name is called when used as a trademark or service mark) is protected even if not registered, but registration gives you nice tactical advantages against a cybersquatter. It helps establish a presumption that you have rights to the name, and it may help establish that the cybersquatter knew, or should have known, that you use the mark. It protects your good name not just in cyberspace but in the real world, too, so there are reasons for registration aside from those discussed here.

 

If Hit by Cyberpirates, Arbitrate or Bring an Anti-Cyberpiracy Claim

 

If prophylactic measures don’t work, and a cyberpirate obtains a Web version of your name that you hadn’t thought of, it may be time to fight. Keep in mind that the mere registration of a domain name that is the same as or close to yours does not necessarily offend your rights. You are more likely to have a case when the registrant uses your name to actually launch a Web site or offers to sell the name back to you with the threat that he’ll use it or sell it to someone else if you don’t pay up.

 

The first thing to consider is swallowing your outrage and paying up. Many cyberpirates are small-timers with little invested in a given name. If you can protect yourself with an agreement to buy the name for $250, maybe with a covenant that the cyberpirate never obtain any variation of your name again, it’s probably worth it. The cost of negotiating that settlement will be minimal compared with pressing any sort of contested claim.

 

But if you cannot secure the domain name for a reasonable settlement or other considerations rule that out (say, you’ve gained press attention as a victim of cybersquatting and now fear encouraging copycats), what do you do?

 

Arbitration

There is a trend in the corporate world away from litigation in court in favor of arbitration outside of court. Arbitration is believed to be cheaper, especially in complex cases. It is very popular for domain-name cases since most registrars now require domain-name registrants to agree to arbitrate disputes that later arise over the domain name. Arbitration has several advantages:

  • It’s easy. The procedural rules of arbitration are much less formal and complex than court rules.
  • It can be all-paper. The World Wide Web is indeed worldwide. Your cyberpirate could be anywhere on the globe that has computers and phone lines. Court rules on venue and jurisdiction could force you to go anywhere. But an arbitration panel will often decide a dispute based upon written submissions. You don’t have to pay for your lawyers’ time and expenses to fly across the country to argue a case or for foreign lawyers to argue the matter before the courts of Bangkok or Berlin.
  • Growing expertise. Another laudable aspect of arbitration is that the most popular arbitration bodies now have handled thousands of these cases. Unlike most courts, which must handle a wide range of matters, the arbitration organizations have the luxury of specializing, and they may develop better expertise on the subject matter among repeat panel members. Statistically, some arbitration organizations tend to rule in favor of trademark holders (which you may be, even if you have never registered) more than others, and you can bring the case to the organization you choose.

 

But there are downsides. Writing a professional brief arguing your position takes time and money. The informality of the process may encourage some cybersquatters to fight when they would have defaulted in a conventional court case. And you have to pay to enter arbitration and pay the arbitrators. In a contested case, savings on time and legal fees due to the less complicated procedures of arbitration usually outweigh the expense of the arbitrator, but this might not hold true if your opponent is a small-timer who would simply ignore a court case and let you win by default.

 

In addition, the arbitrators may employ a somewhat narrower legal test than do U.S. courts. Under the Uniform Dispute Resolution Policy promulgated by ICANN, arbitrators sometimes consider commercial use of the name legitimate when U.S. law would not. In one arbitrated case, a Chicago store won an arbitration against the makers of Weber grills over the domain name Webergrill.com. Although Weber did not authorize the store to use Weber in a domain name, and it had a strong argument that Web surfers would naturally presume that they had reached an official Weber site when they had not, the arbitration panel found the use legitimate. In similar cases, federal courts often have come out the other way, holding that such use of a famous trademark as a name by someone who is not the trademark holder is not allowed. If your cyberpirate is a raw opportunist who simply registered the site and is warehousing it until he can wring some money from you, this distinction is less likely to be important. But if he uses your name in any way that could be considered legitimate, you may be better off in court.

 

Sue in Federal Court

In 1999, Congress passed the Anticybersquatting Consumer Protection Act (ACPA), which expanded the rights of trademark holders (registered and unregistered) against cybersquatters. The ACPA applies when a registrant of a domain name uses a domain name that either is a famous trademark or is confusingly similar to one, or uses it with a “bad faith intent to profit.” The latter aspect of the legal standard follows a nine-factor test that examines things like the registrant’s history of cyberpiracy, any bona fide use of the name in business, the registrant’s offer to sell it to you, and use of false contact information in the registration.

 

There are a number of benefits to an ACPA claim:

  • It cuts to the chase. If you win in arbitration, you get a private arbitration opinion. You may still have to go to court to have that order enforced. If you win an ACPA claim, however, you get a directly enforceable court decision.
  • Complexity can be your friend. As explained above, a very large part of the attraction of cyberpiracy is the low cost of the “business.” Many cyberpirates depend on volume and do not fight cases that are brought to court against them. A court case raises the stakes for the cyberpirate more than arbitration does, and it immediately changes the economics for him, too. A default by the cyberpirate often will make litigation very competitive with arbitration in terms of speed and expense. Although there are no hard numbers available on this, defaults by the cyberpirates are probably very common.
  • The standards under the ACPA are somewhat more favorable to trademark holders than either the standards used by the arbitrators or the standards of older trademark-law remedies. As noted above, federal law answers borderline questions on legitimate use in a way that gives trademark holders better protection than some arbitration decisions. And there are a number of other factors specifically set out in the law that you can point to as showing “bad-faith intent to profit” in a given case.
  • The ACPA also attempts to deal with the common problem of not being able to find the cyberpirate. In that case, you can bring your suit in rem—that is, against the domain name itself—in the jurisdiction where the registry, registrar, or other relevant domain name authority is located. Arbitration panels have sometimes taken the position that they cannot rule against a cyberpirate who does not participate in the arbitration because he cannot be found. With the in rem provisions of the ACPA, federal courts have no such qualms provided you show that you tried diligently to locate the registrant or that he is not subject to U.S. jurisdiction (for instance, he lives in England).

 

Time will tell whether cyberpiracy is a permanent plague of the Internet age, but it is in full bloom now. Ongoing change in the structure of the Internet—by adding more and more options for cyberpirates and threatening to break down what little limits there are to domain names—means that the problem is more likely to grow than fade in the short term. But there are steps you can and should take to protect your institution. You need never receive a call from the angry parents of a child who finds something shocking where your Web site should be. 

 

Patrick O’Donnell is an attorney with the firm of Harris, Wiltshire & Grannis LLP, in Washington, D.C.

  

Printer Friendly Page
Copyright and Disclaimer Notice | Privacy Policy | Sitemap
1575 Eye Street NW Suite 400, Washington DC 20005 | (202) 289-1818