Please forgive the borderline-creepy fanboy-ism of this post. On my third day of blogging, Marc Randazza, First Amendment badass, responded in the comments to my post yesterday about Register.com revealing the identity of the holder of Charles-Carreon.com.
If you’re unfamiliar with Mr. Randazza, he’s a widely-respected First Amendment attorney with an innate ability to spin legalese into coherent, entertaining gold. Seriously, go read his successful defense of glennbeckrapedandmurderedayounggirlin1990.com against blowhard Glenn Beck’s attempt to take control of a critical domain name, or his whirlwind tour of the use of phallic imagery in architecture and art throughout human history in defense of a trademark rejected by the US Patent & Trademark Office on the basis that it — heavens to Betsy — resembled a penis. Not to imply that Mr. Randazza’s work is all about internet memes and dicks — it’s just that censorious thugs find it easier to target speech many might find offensive, because they think juries, judges, and arbitrators will let First Amendment principles slide, and principled attorneys like Mr. Randazza can defend peoples’ rights whether they like or revile their speech.
Am I gushing? Sorry. Let’s move on to the part where Mr. Randazza serves me humble pie, and I reconsider the culpability of Register.com in ceding to Charles Carreon’s censorious threats.
Mr. Randazza commented on yesterday’s post to point out that Register.com, as a domain registrar, has its hands tied by the Registrar Accreditation Agreement of the Internet Corporation for Assigned Names and Numbers, the bureaucracy tasked with administering the registration of domain names. Mr. Randazza notes:
Domain privacy services all reveal your information if presented with a letter. ICANN Rule 126.96.36.199 all but requires it. Essentially, that makes the privacy service stand in the shoes of the actual registrant.
He’s correct on this. Rules 3.7.7 et seq require:
188.8.131.52 The Registered Name Holder [the person registering the domain] shall provide to Registrar accurate and reliable contact details […] including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder[.] […]
184.108.40.206 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information […] to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm.
In plain English: when a domain is registered using a ‘proxy’ or ‘private registration’ service, the proxy company stands in the shoes of whoever registered the domain, at least to the extent that the use of the domain name is wrongful. When a complaint disclosing “reasonable evidence of actionable harm” is received, the proxy company has two options: (1) “promptly” disclose the true identity of the domain holder or (2) tell the complaining person to buzz off and accept responsibility for the harm caused, if the use is in bad faith.
But, wait, aren’t those regulations a bit ambiguous? What does “promptly” mean? Would a registrar still be liable if it waited for a subpoena, or at least a court or arbitration panel complaint having been filed? Rule 220.127.116.11 provides no guidance, leaving registrars subject to the mercy of an arbitrator to determine whether their ultimate disclosure of a holder’s information is “prompt.” If the registrar is wrong, they may be subject to the full amount of damages asserted by the mark holder. Mr. Carreon, for example, asserts that the use of Charles-Carreon.com entitles him to damages of $100,000, an amount far exceeding the $11 annual fee Register.com charges for private registration. Presumably, a registrar could recoup any subsequent losses from the domain holder — assuming, of course, that the holder’s contact information is legit and the holder has resources to recover from. That’s not a gamble a registrar will be willing to take.
That said, a registrar is only required to provide “prompt” disclosure or accept liability for use of a domain after being presented with “reasonable evidence of actionable harm.” This, too, is unclear, and evaluating the merits of a complaint is likely costly — not to mention that a thorough evaluation before disclosure might take too much time, rendering any subsequent disclosure as not “prompt.”
What would make the private registration system better?
Mr. Randazza also disagrees with me as to whether proxy domain registration services are an appropriate or effective means of protecting anonymous domain holders:
I do not agree that this is problematic. What do you want for $1 per year? That’s not market rate for defending you!
What someone should launch is a “robust privacy service” — where the service charges a few hundred bucks a year, but pools that money to actually fight illegitimate cases (but makes smart internal decisions about the claims and gives up those who might actually be using the service for wrongdoing).
Considering the above, Mr. Randazza has a point here. The ambiguous ICANN rules and potentially high-dollar circumstances puts domain registrars in a position considerably unfriendly to anonymous domain holders, at least unless the complaint is so far out of left field that it can be dismissed out of hand. (Think “I own the McDonald’s trademark because I bought it from John Lennon before he was assassinated by Al Capp!” bizarre. Ahem.)
To these ends, some amendments to the ICANN rules have been proposed, which would clarify that “prompt” might mean “within 5 days” and setting standards for determining when a claim is actionable. These could be a good start, but could be strengthened by providing some safe harbor for registrars, at least where trademark infringement is alleged, who:
(1) verify to the complainant that the personal information provided by the domain holder appears to be accurate (i.e., that it isn’t apparently bogus and/or that the name on the credit card used to buy the domain corresponds with the name of the actual owner) and;
(2) wait to reveal personal information until the aggrieved party files a complaint (in either court or an arbitration panel) or, alternatively, subpoenas the information.
That would guarantee mark holders that someone can be sued before going through the process of filing suit and later discovering that their defendant is Nyan Cat. It would also provide some breathing room for anonymous critics that registrars won’t be forced to turn their information over willy-nilly to a critic who subsequently doesn’t sue, or being able to contest the demand for their identity. (Whether this is what Mr. Carreon did remains to be seen — he didn’t follow through on his promise to name the holder of Charles-Carreon.com as a defendant in his First Amended Complaint.)
Does Mr. Carreon have a point?
But, in the case of Charles-Carreon.com, I doubt there is “actionable harm.” The registrar is (for reasons I’ll explain below) exempt from liability from a claim arising under the Lanham Trademark Act by virtue of 15 U.S.C. § 1114(2)(D)(iii), which provides:
A domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name.
This seems to track with Rule 4(a) of ICANN’s Uniform Dispute Resolution Policy, under which a registrar (or domain holder) may also (or perhaps alternatively) be liable upon a showing of three elements, only two of which are contestable here:
(ii) [the domain holder has] no rights or legitimate interests in respect of the domain name; and
(iii) [the] domain name has been registered and is being used in bad faith.
The legitimate interests element is debatable, as a use may illegitimate (among other reasons inapplicable here) unless:
(iii) [the holder is] making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue
Whether domains registered to parody, criticize, or otherwise lampoon the mark holder qualify under this rule isn’t clear, and that arbitrators aren’t bound by precedent only adds to the gamble a registrar takes if it opts not to disclose a holder’s information. On the other hand, it’s difficult to suggest that Charles-Carreon.com is actually tarnishing Mr. Carreon’s mark (his own name), as Mr. Carreon has provided a spectacular self-immolation of his mark’s reputation by suing charities because of a “your mom” joke. What silver is left to tarnish? But, again, it’s hard to blame Register.com if it assumed this element is met by Carreon.
However, I doubt the bad faith element is met. ICANN’s rules provide four examples of bad faith, none of which is explicitly met here:
(i) circumstances indicating that [the domain was registered or acquired] primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the […] owner of the trademark or service mark or to a competitor of [the owner]; or
(ii) [the domain was registered] in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that [the holder has] engaged in a pattern of such conduct; or
(iii) [the domain was registered] primarily for the purpose of disrupting the business of a competitor; or
(iv) by using the domain name, [the holder] intentionally attempted to attract, for commercial gain, Internet users to [his] web site […] by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of [his] web site[.]
Three of these examples contemplates commercial gain at the expense of the domain holder, which doesn’t appear to be happening here. As for (ii), this example of bad faith likely targets cybersquatters who register a large number of domains utilizing another’s marks in the hope that the mark holder will, without a viable unregistered domain to buy, pay whatever ransom the cybersquatter can mete out of him.
But, the four examples of bad faith provided by ICANN aren’t the exclusive means of showing bad faith. Furthermore, arbitrators have occasionally blithely abandoned the limiting language in the examples. For example, in Banco do Brasil S.A. v. Sync Technology, a holder’s domain name, at least when there was no actual web presence associated with the domain, the arbitration panel held that the limitations of the Rule don’t apply:
Prevention of reflecting the mark of the Complainant in a domain name is present, even if there is no evidence that Respondent has engaged in a “pattern of such conduct”. Disruption of the business of the Complainant is also most likely present, even if it has not been alleged that Respondent is a “competitor” of Complainant.
Should Register.com have disclosed this information? I don’t think so, but it’s hard to lay blame at their feet for being subject to ICANN’s ambiguous rules. Compound that with being held hostage to Carreon’s threat of filing a claim for $100,000 in damages against them if they didn’t come to a conclusion about the merits of his claim within a single day.
Does it matter whether Mr. Carreon has a legal point?
What this means for Mr. Carreon’s critic isn’t clear, except that Mr. Carreon has set due course for the Federal District Court for the Northern District of California.
But, even assuming Mr. Carreon has a viable claim here, is this an appropriate recourse? Hardly. Having largely torched his own reputation, Mr. Carreon’s apparent plan of action is to tie his name to his trademark and beg a judge (or arbitrator) to furnish him with control over a domain name. He also seeks damages for the infringement of his trademark, the value of which he had already decimated with his ill-advised plan to sue charities and a cartoonist. Having been subjected to the Streisand Effect without learning from it, Mr. Carreon again drew attention and ire by unmasking a critic whose dinosaur jokes would have been seen only by, frankly, a couple of Popehat fans and a few stray followers of the Carreon v. Internet saga, few — if any — of whom had a positive (or even neutral) impression of Mr. Carreon before visiting the site.
Any victory for Mr. Carreon will be Pyrrhic at best.