In which I reconsider after Marc Randazza serves me humble pie

Please forgive the borderline-creepy fanboy-ism of this post. On my third day of blogging, Marc Randazza, First Amendment badass, responded in the comments to my post yesterday about revealing the identity of the holder of

If you’re unfamiliar with Mr. Randazza, he’s a widely-respected First Amendment attorney with an innate ability to spin legalese into coherent, entertaining gold. Seriously, go read his successful defense of against blowhard Glenn Beck’s attempt to take control of a critical domain name, or his whirlwind tour of the use of phallic imagery in architecture and art throughout human history in defense of a trademark rejected by the US Patent & Trademark Office on the basis that it — heavens to Betsy — resembled a penis. Not to imply that Mr. Randazza’s work is all about internet memes and dicks — it’s just that censorious thugs find it easier to target speech many might find offensive, because they think juries, judges, and arbitrators will let First Amendment principles slide, and principled attorneys like Mr. Randazza can defend peoples’ rights whether they like or revile their speech.

Am I gushing? Sorry. Let’s move on to the part where Mr. Randazza serves me humble pie, and I reconsider the culpability of in ceding to Charles Carreon’s censorious threats.

Mr. Randazza commented on yesterday’s post to point out that, as a domain registrar, has its hands tied by the Registrar Accreditation Agreement of the Internet Corporation for Assigned Names and Numbers, the bureaucracy tasked with administering the registration of domain names. Mr. Randazza notes:

Domain privacy services all reveal your information if presented with a letter. ICANN Rule all but requires it. Essentially, that makes the privacy service stand in the shoes of the actual registrant.

He’s correct on this. Rules 3.7.7 et seq require: The Registered Name Holder [the person registering the domain] shall provide to Registrar accurate and reliable contact details […] including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder[.] […] Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information […] to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm.

In plain English: when a domain is registered using a ‘proxy’ or ‘private registration’ service, the proxy company stands in the shoes of whoever registered the domain, at least to the extent that the use of the domain name is wrongful. When a complaint disclosing “reasonable evidence of actionable harm” is received, the proxy company has two options: (1) “promptly” disclose the true identity of the domain holder or (2) tell the complaining person to buzz off and accept responsibility for the harm caused, if the use is in bad faith.

Proxy services like Domains By Proxy have been hit hard when they utterly fail to disclose holders’ information and the domains are being used in abject bad faith.

But, wait, aren’t those regulations a bit ambiguous? What does “promptly” mean? Would a registrar still be liable if it waited for a subpoena, or at least a court or arbitration panel complaint having been filed? Rule provides no guidance, leaving registrars subject to the mercy of an arbitrator to determine whether their ultimate disclosure of a holder’s information is “prompt.” If the registrar is wrong, they may be subject to the full amount of damages asserted by the mark holder. Mr. Carreon, for example, asserts that the use of entitles him to damages of $100,000, an amount far exceeding the $11 annual fee charges for private registration. Presumably, a registrar could recoup any subsequent losses from the domain holder — assuming, of course, that the holder’s contact information is legit and the holder has resources to recover from. That’s not a gamble a registrar will be willing to take.

That said, a registrar is only required to provide “prompt” disclosure or accept liability for use of a domain after being presented with “reasonable evidence of actionable harm.” This, too, is unclear, and evaluating the merits of a complaint is likely costly — not to mention that a thorough evaluation before disclosure might take too much time, rendering any subsequent disclosure as not “prompt.”

What would make the private registration system better?
Mr. Randazza also disagrees with me as to whether proxy domain registration services are an appropriate or effective means of protecting anonymous domain holders:

I do not agree that this is problematic. What do you want for $1 per year? That’s not market rate for defending you!

What someone should launch is a “robust privacy service” — where the service charges a few hundred bucks a year, but pools that money to actually fight illegitimate cases (but makes smart internal decisions about the claims and gives up those who might actually be using the service for wrongdoing).

Considering the above, Mr. Randazza has a point here. The ambiguous ICANN rules and potentially high-dollar circumstances puts domain registrars in a position considerably unfriendly to anonymous domain holders, at least unless the complaint is so far out of left field that it can be dismissed out of hand. (Think “I own the McDonald’s trademark because I bought it from John Lennon before he was assassinated by Al Capp!” bizarre. Ahem.)

To these ends, some amendments to the ICANN rules have been proposed, which would clarify that “prompt” might mean “within 5 days” and setting standards for determining when a claim is actionable. These could be a good start, but could be strengthened by providing some safe harbor for registrars, at least where trademark infringement is alleged, who:

(1) verify to the complainant that the personal information provided by the domain holder appears to be accurate (i.e., that it isn’t apparently bogus and/or that the name on the credit card used to buy the domain corresponds with the name of the actual owner) and;
(2) wait to reveal personal information until the aggrieved party files a complaint (in either court or an arbitration panel) or, alternatively, subpoenas the information.

That would guarantee mark holders that someone can be sued before going through the process of filing suit and later discovering that their defendant is Nyan Cat.  It would also provide some breathing room for anonymous critics that registrars won’t be forced to turn their information over willy-nilly to a critic who subsequently doesn’t sue, or being able to contest the demand for their identity. (Whether this is what Mr. Carreon did remains to be seen — he didn’t follow through on his promise to name the holder of as a defendant in his First Amended Complaint.)

Does Mr. Carreon have a point?
But, in the case of, I doubt there is “actionable harm.” The registrar is (for reasons I’ll explain below) exempt from liability from a claim arising under the Lanham Trademark Act by virtue of 15 U.S.C. § 1114(2)(D)(iii), which provides:

A domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name.

This seems to track with Rule 4(a) of ICANN’s Uniform Dispute Resolution Policy, under which a registrar (or domain holder) may also (or perhaps alternatively) be liable upon a showing of three elements, only two of which are contestable here:

(ii) [the domain holder has] no rights or legitimate interests in respect of the domain name; and


(iii) [the] domain name has been registered and is being used in bad faith.

The legitimate interests element is debatable, as a use may illegitimate (among other reasons inapplicable here) unless:

(iii) [the holder is] making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue

Whether domains registered to parody, criticize, or otherwise lampoon the mark holder qualify under this rule isn’t clear, and that arbitrators aren’t bound by precedent only adds to the gamble a registrar takes if it opts not to disclose a holder’s information. On the other hand, it’s difficult to suggest that is actually tarnishing Mr. Carreon’s mark (his own name), as Mr. Carreon has provided a spectacular self-immolation of his mark’s reputation by suing charities because of a “your mom” joke. What silver is left to tarnish? But, again, it’s hard to blame if it assumed this element is met by Carreon.

However, I doubt the bad faith element is met. ICANN’s rules provide four examples of bad faith, none of which is explicitly met here:

(i) circumstances indicating that [the domain was registered or acquired] primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the […] owner of the trademark or service mark or to a competitor of [the owner]; or


(ii) [the domain was registered] in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that [the holder has] engaged in a pattern of such conduct; or


(iii) [the domain was registered] primarily for the purpose of disrupting the business of a competitor; or


(iv) by using the domain name, [the holder] intentionally attempted to attract, for commercial gain, Internet users to [his] web site […] by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of [his] web site[.]

Three of these examples contemplates commercial gain at the expense of the domain holder, which doesn’t appear to be happening here. As for (ii), this example of bad faith likely targets cybersquatters who register a large number of domains utilizing another’s marks in the hope that the mark holder will, without a viable unregistered domain to buy, pay whatever ransom the cybersquatter can mete out of him.

But, the four examples of bad faith provided by ICANN aren’t the exclusive means of showing bad faith. Furthermore, arbitrators have occasionally blithely abandoned the limiting language in the examples. For example, in Banco do Brasil S.A. v. Sync Technology, a holder’s domain name, at least when there was no actual web presence associated with the domain, the arbitration panel held that the limitations of the Rule don’t apply:

Prevention of reflecting the mark of the Complainant in a domain name is present, even if there is no evidence that Respondent has engaged in a “pattern of such conduct”. Disruption of the business of the Complainant is also most likely present, even if it has not been alleged that Respondent is a “competitor” of Complainant.

Should have disclosed this information? I don’t think so, but it’s hard to lay blame at their feet for being subject to ICANN’s ambiguous rules. Compound that with being held hostage to Carreon’s threat of filing a claim for $100,000 in damages against them if they didn’t come to a conclusion about the merits of his claim within a single day.

Does it matter whether Mr. Carreon has a legal point?
What this means for Mr. Carreon’s critic isn’t clear, except that Mr. Carreon has set due course for the Federal District Court for the Northern District of California.

But, even assuming Mr. Carreon has a viable claim here, is this an appropriate recourse? Hardly. Having largely torched his own reputation, Mr. Carreon’s apparent plan of action is to tie his name to his trademark and beg a judge (or arbitrator) to furnish him with control over a domain name. He also seeks damages for the infringement of his trademark, the value of which he had already decimated with his ill-advised plan to sue charities and a cartoonist. Having been subjected to the Streisand Effect without learning from it, Mr. Carreon again drew attention and ire by unmasking a critic whose dinosaur jokes would have been seen only by, frankly, a couple of Popehat fans and a few stray followers of the Carreon v. Internet saga, few — if any — of whom had a positive (or even neutral) impression of Mr. Carreon before visiting the site.

Any victory for Mr. Carreon will be Pyrrhic at best.


  1. suk says:

    Randazza couldn’t find his asshole if you took off his pants for him.

  2. I think “serving humble pie” should be reserved for times when someone calls you out for being wrong. In this situation, I hope I didn’t come off that way — just trying to share knowledge. :)

    Here is some more — a claim that Charles might actually have:

    California Business and Professions Code sections 17525-17528 protects personal names in a way that 15 USC 1125(d) and 15 USC 8131 do not. It makes it unlawful to register or use a domain name that is confusingly similar to someone else’s name in “bad faith.”

    “Bad faith” is defined much like the ACPA defines it.

    Of course, the registrant of might have defenses, but that’s a claim that Charles might be able to bring that wouldn’t seem to be readily dismissable.

    • Carreon could not bring a claim against for allowing the registration of, because section 17525(c) of the California Business and Professions Code.

      c) A domain name registrar, a domain name registry, or any other domain name registration authority that takes any action described in subdivision (a) that affects a domain name shall not be liable to any person for that action, regardless of whether the domain name is finally determined to infringe or dilute a trademark or service mark.

      In his demand letters and threatening correspondence vis-a-vis the registrant, Carreon has not cited the California statute that Marc cites here, but as counsel for the registrant, I am not at all concerned about that angle, for the same reason why the threatened ACPA claim is frivolous — the blog is a non-commercial parody and none of the “bad faith intent to profit” factors favor Carreon.

      • Right, but what about the privacy service? The privacy service is a different thing than the registrar.

        NameCheap made that same argument in the Solid Host case — that since they were a registrar, they were immune. But, the court saw the distinction between a registrar wearing a registrar hat and a registrar wearing a privacy service hat.

        Of course, the most important hat here is the ASSHAT — and the asshat, Charles, deserves to lose.

        That said, if he wasn’t acting like such a tempestuous moron and just went for a clean shot under 17525-17528, he very well might have a claim that doesn’t look so stupid.

  3. […] private information.  Of course, it’s hard to blame registers for being caught in a system that gives little advantage to protecting their users, but Levy notes that often stands up for its customers against trademark infringement […]

  4. Gal says:

    Doesn’t Carreon’s own website at fit example iv of usage in bad faith as listed by the ICANN rules?

    Pardon me if this is a repost. My original comment doesn’t appear to be showing up.

  5. anmeicai140283 says:


  6. paomu9169 says:


  7. jiaopin1036651 says:

    ok itisgood

Leave a Comment