CYBERSQUATTING: DIGITAL INDIA AND GLOBAL POLICY

Introduction

On August 28, 2024, the Competition Commission of India (CCI) greenlit an $8.5 billion merger between Reliance’s Viacom 18 and Walt Disney’s Star India media assets, an agreement pending for over six months. The hurdle came to light when, halfway through this deal, a Delhi-based developer had earlier anticipated the possible merger and registered the domain (jiohotstar.com) under his name as an administrator back in 2023 to shell a hefty sum from Reliance. With the non-fulfilment of his rationale, he was eventually forced to put the domain up for sale, which was later acquired by Duabi-based siblings Jainam and Jivika Jain to chronicle their life events. Ultimately, Viacom 18 acquired the domain name after the Jain siblings offered the ownership to Reliance free of charge.

This chain of events has put forth cybersquatting as the matter in question. Cybersquatting is an act when a person knowingly obtains a domain name consisting of the mark or name of a company from a registrar for the purpose of ransoming the right to that domain name back to the legitimate owner for a price. This puts the individuals, businesses and company’s customers at risk of becoming the victims of fraud, data theft, dilution or other forms of harm. This business liability is jeopardised by losing the confidence of the public and investors.

With the expansion of cyberspace in the last three decades, cybersquatting has become an alarmingly serious legal concern. This piece explores cybersquatting, its existing legal procedure and its practicality and shortcomings. It further draws insights from various jurisdictions and shifts the stance to the need of the hour of a model law to counter the challenges posed by Web 2.0 (current technology focusing on social networking, user-generated content and cloud computing) and the upcoming Web 3.0. (next generation of world wide web built on the concept of decentralisation, token-based and blockchain technology.)

Cybersquatting and India’s Legal Framework

Like most nations, India also doesn’t have a defined set of laws for the protection of domain names and is dealt with under provisions of the Trademark Act of 1999. At present, these laws do not explicitly deal with cybersquatting issues; however, they primarily depend on general sections grappling with trademark infringement, passing off and fraud. The existing framework fails to incorporate the specific aspect of cybersquatting, such as the practice of registering domain names solely for resale. In Satyam Infoway Ltd v Sifynet Solutions (2004)^[1], the court acknowledged the lack of legislation in India addressing cybersquatting dispute settlement. Regarding disputes arising in Indian courts concerning domain abuse, they have often been tried under trademark infringement and passing off under the ambit of intellectual property law seeking injunctions. The Delhi High Court in Yahoo! Inc. v. Akash Arora & Anr^[2]. granted permanent injunction restraining Akash Arora from using the domain name “yahooindia.com” or any other deceptively similar name. The court also established that domain names are integral to company business goodwill and are protected under trademark laws. Passing off of decisions by the court does help in obtaining the domain name back, but there is still a lack of provision for statutory damages. In the Jio-Hotstar case, the matter couldn’t have been dealt with under the Indian judiciary once domain ownership had transcended on the foreign land. Even if an Indian court orders domain transfer, enforcing this on international borders remains difficult while making jurisdiction challenging.

Comparative Analysis: Global Cybersquatting Laws

With the surge in domain-related disputes, the INRegistry introduced the Indian Domain Name Dispute Resolution Policy (INDRP) in 2006. However, INDRP is restricted to disputes related to domains that only feature Indian domains, i.e., “.in”. It does not extend to the other country code top-level domains (ccTLDs, i.e. “.uk”, “.us”, “.cn”) and generic top-level domains (gTLDs), such as the most common and unrestricted global domain names without any territorial limits (i.e., .com, .net, and .org). Additionally, it is limited to the exclusion of monetary compensation, thus not living up to the expectation of a strong deterrent against potential malicious offenders. Moreover, India lacks the legislative framework for cybersquatting in criminal laws, leaving the door to only civil remedies, which intermittently at times, might not be an adequate source of action against the fraudsters with ill intentions. Further, the cases involving unregistered trademarks also face hurdles when common law principles require proving goodwill, misrepresentation and actual harm. All of this often serves as an impediment to this slow-paced judicial resolution all over the world, which halts businesses’ growth. For example, in the 2000s, when Starbucks started its coffee chain business in Russia, it learned that Sergei A. Zuykov had already registered the trademark STARBUCKS. The company he registered for only existed on paper, and he had neither an inventory nor employees to brew coffee and was willing to sell the trademark to the coffee company for $600,000. Unlike other companies (e.g., Audi) that paid thousands of dollars to the same trademark squatter, Starbucks opted to litigate and eventually won the trademark back in November 2005. Although the company prevailed, the litigation process was long drawn out, uncertain and hectic. Because of this, the need for specific provisions to combat these issues becomes apparent.

Domain Name Dispute Resolution Policy

The Internet Corporation for Assigned Names and Numbers (ICANN) has been regulating domain names globally ever since 1998. Their initiative of Uniform Domain Name Dispute Resolution Policy (UDRP), a mechanism designed to resolve disputes over internet domain name registrations, was formulated as a counter to rapid domain abuse in the initial years. The UDRP regulates domains (gTLDs) such as .com, .net, and others, with wider perspectives emphasising guidelines for resolving conflicts between domain name registrants and other parties (excluding the registrar) concerning the registration and use of a domain. ICANN-accredited domain name registrars worldwide have incorporated the UDRP into their terms of agreement, thereby virtually adhering to every domain registrant. The US-based World Wrestling Federation (WWF) brought the first domain abuse case under WIPO against a California resident who registered the domain name (“www.worldwrestlingfederation.com”.) Throughout the years, WIPO has been the largest UDRP service provider and handles proceedings for gTLDs and over 80 ccTLDs, registering over 6192 cases in 2023. While the UDRP has been successful in disputes involving domain names, in the long run, it faces mishaps and legal shortcomings. The UDRP does not stipulate any legal rule which is to be applied by the panels. Rule 15(a) of UDRP singles out that panellists of dispute resolution cabinet advert to the verdict of their own as the principle of law deems applicable. There is no indication of panellists of one service provider setting up as precedence for another service provider. At times, the UDRP panel refer to national laws to establish whether a complainant has a trademark right. However, jurisdictional laws should not be taken into account when determining bad faith. How does a panel choose to apply one country’s law to that of another? Section 4(k) of UDRP is another pitfall declaring UDRP decisions not binding on courts and affirming concession to either of the parties for challenging the verdict to a court of competent jurisdiction for unfettered resolution. The Sallen v. Corinthians Licenciamentos LTDA^[3] was a significant case of a UDRP panel decision challenged in the court of law and the plaintiff seeking declaratory relief under ACPA. The circumstance that parties to a UDRP proceeding may initiate a judicial proceeding at veracity sabotages the essence of a UDRP panel decision, perhaps of proceeding as a whole. All of this obstructs the crux of arbitration, missing out to court on the finality of a decision, cost efficiency and expeditious adjudication. It is imperative that foreign laws need to be revised on an international stance and to broaden potential development to counter cybersquatting.

Anticybersquatting Consumer Protection Act

The United States Congress in 1999 passed the Anticybersquatting Consumer Protection Act (ACPA), which empowers trademark owners to take legal actions against the deliberate, bad-faith and abusive registration of domain names violation by trademark squatters which are identical or confusingly like the established trademarks with false intent of making a profit. The law set forth a path for the court to consult on nine provisions of ACPA. The mere registration of another’s trademark or personal name as a domain name is actionable under ACPA, irrespective of whether the registrant is actively seeking to sell the domain name. ACPA also allows in rem actions against domain names when domain abusers can not be tracked down, enabling rightful owners to proceed against the domain name itself in the dominion, where the domain name registrar is stationed. In Harrods Ltd. v. Sixty Internet Domain Names, 2002^[4], the court granted an injunction in rem jurisdiction over Harrods Ltd. (Harrods UK) domain names registered by Harrod’s (Buenos Aires) Limited. An in rem action was brought by the plaintiff because the court cannot acquire in personam jurisdiction over HBAL. Section 20 of the Civil Procedure Code in India presents the applicant to bring a case before a judge within the jurisdiction of either of the parties live or present a case before a judge under whose jurisdiction the cause of action occurs. India could adopt in rem jurisdiction for cases where cybersquatter is untraceable and also lay hold of gTLDs under the extent of INRegistry like ACPA. In addition, Indian law could also integrate 15U.S.C.§ 1117(d) of ACPA, which prescribes for plaintiffs to recover statutory damages in lieu of actual damages ranging from $1,000 to $100,000 per domain if the plaintiff chooses to do so. In Electronics Boutique Holdings Corp. v. Zuccarini^[5], the United States District Court ordered the five domain names handover and also awarded $500,000 along with payment of attorney’s fees and costs. All things considered, the present ACPA, UDRP-ICANN and other tools make provision, although imperfectly functioning, the framework for mark owners to protect their intellectual property rights with room for improvement for the ongoing Web 2.0 and upcoming Web 3.0.

The Way Forward

U.S. Chamber of Commerce’s 2024 International IP Index ranked India 42nd out of 55. The first case of cybersquatting in India dates back to 1999, and it has been over two decades, with the Indian digital economy reinforcing it is settling to adopt a legislative framework. The Proposed Digital India Act is poised to supersede the Information Technology Act, 2000. There are no specific stipulations or frameworks to contest the inadequacy of laws on domain abuse by any distinct approach.

In regard to the challenges and possible responses in Web 2.0, now Web 3.0 also leads to the threat of cryptosquatting (unlawful registration and use of Blockchain Domain Name Systems [BDNs] containing trademarks). Back in 2021, the global Web 3.0 market was appraised at approximately $2 billion and is presumed to reach an expected market value of around $53 billion by 2030 at a CAGR of 44.8% during the assessment session (2022-2030). As of the early 2020s, Web 3.0 allows users to register BDNs consisting of bynames similar to registered trademarks, including various well-known trademarks. As with traditional domain name registration under Web 2.0, it is burdensome, if not impractical, to discover the trademark abuser. But to ascertain in the case which of BDN registrations under Web 3.0 are in possession by the lawful trademark proprietor or by independent third parties come to be non-viable because of the obscurity of the domain registrant and the carrying out of privacy shielded arrangement that would not allow to reveal the domain owner identity. In Hermes International et al. v. Rothschild, in accordance with the MetaBirkins project involving virtual versions of Hermes BIRKIN handbags, Hermes asserted several objectives of action in the United States District Court and petitioned for the traditional Web 2.0 domain name metabirkins.com, as well as any Ethereum Name Service (ENS domains, a type of BDN) consisting the BIRKIN mark, to be turned in to Hermes. However, at times, it is against the odds that there are possible reinforcement options with respect to BDNs. For the BDNs, service providers do not have comprehensive policies like those of ICANN-UDRP outlining the prerequisite fundamentals of the registrant’s personal information.

The upcoming laws shall focus on aspects such as stronger remedies focusing on statutory damages. They shall also introduce criminal penalties for serious cases of fraud and fast-track dispute resolution and certain regulatory mechanisms to fight trademark infringements involving decentralised BDNs. This course of action will ensure the balanced development of Web 2.0 and Web 3.0, as well as a fair and safe environment for all stakeholders in the global system of ongoing technology along with upcoming BDN registrations.

References

1. Satyam Infoway Ltd v. Sifynet Solutions Pvt. Ltd (2004) AIR 2004, SC 3540 (India). ↑

2. Yahoo! Inc. vs Akash Arora & Anr (1999) IIAD Delhi 229, 78 (1999), DLT 285 (India). ↑

3. Sallen v. Corinthians Licenciamentos LTDA (2001) 273 F.3d 14 [1st Cir. 2001] (United States of America). ↑

4. Harrods Ltd. v. Sixty Internet Domain Names (2002) 302 F.3d 214,  (4th Cir. 2002) (United States of America). ↑

5. Electronics Boutique Holdings Corp. v. Zuccarini (2001) CIVIL ACTION NO. 00-4055 (E.D. Pa. Jan. 25, 2001) (United States of America). ↑

(This post has been co-authored by Avinash Kumar and Madhvendra Jha, students at Dr. Ram Manohar Lohiya National Law University, Lucknow.)

CITE AS: Avinash Kumar and Madhvendra Jha, ‘CYBERSQUATTING: DIGITAL INDIA AND GLOBAL POLICY’ (The Contemporary Law Forum, 14 February 2025) <https://tclf.in/2025/02/14/cybersquatting-digital-india-and-global-policy/>date of access