I'll see your domain name in (US) Court!

Extra-territorial landgrab

  • alert
  • submit to reddit

3 Big data security analytics techniques

Two little-noticed and otherwise unremarkable decisions from the US 4th Circuit Court of Appeals, decided on 23 August 2002, now affirm a principle that is perhaps worrying for those 20 million or so .com domain name registrants who live outside the USA. The cases deal with the question of the geographical location of a domain name and which court can exercise jurisdiction over it.

So where exactly does a domain name live? If you're a purist, you'll say that it doesn't 'live' anywhere - the Domain Name System is a tree structured distributed database involving a hierarchy of nodes from leaf to root. In other words, your domain name is an address accessible via a range of entries on a range of geographically dispersed computers connected to the Internet.

But if you're a United States District Judge, presented with a .com domain name, you'll say that a domain name is a piece of property with a geographical existence - in the Commonwealth of Virginia, USA. Why? Because that is where the registry for .com domain names is to be found.

The court decisions affirming this principle were Porsche Cars v Porsche.net and others, and Harrods Limited v Sixty Internet Domain Names. You may be wondering how it is that the Plaintiffs appear to be suing domain names rather than people or companies. In an odd twist, strange at least to most non-lawyers, US law says that a domain name is a piece of property that can be sued in its own right. This is called an in rem action (Latin for 'against the thing' as opposed to in personam or 'against the person'). The consequence of this peculiar state of affairs is that all of those registrants who have a .com domain name but live outside Virginia are viewed as absentee owners of property situated there. If you injure someone by virtue of that property (we're talking trademark disputes here) then Virginia's courts will take the case.

This may sound surprising, but it has worked for both Porsche and Harrods, each of whom sued some sixty or so domains in a single action. In Porsche's case, at least two of the domains belonged to a British citizen with no immediately apparent connection to Virginia. In Harrods, the domain names were registered by Harrods BA, a South American department store formerly allied to its famous namesake in the UK. Porsche's British defendant has now agreed to submit to personal jurisdiction in California but this seems to have been a tactical move in the litigation and does not defeat the general principle that he could be hauled into a Virginia court for the sake of his domain names.

At the root of the problem is the fact that the US Congress has treated domain names as property in terms of legislation called the Anti-Cybersquatting Consumer Protection Act 1999, or ACPA for short. It's plain from the title of the Act that Congress was grappling with cybersquatting - admittedly a major issue for US business and in particular for trademark holders at the height of the dot-com boom. But the US has ploughed its own furrow with its approach. Many countries' legal systems accept that in trademark disputes a domain name can be treated as a sign, the analogy being that registering coke.com in conflict with the Coca-Cola Company's rights is much the same as nailing up a large board over your business with the word 'Coke' painted on it in the familiar style of that company's brand without the right to do so. However, few would elevate a domain name from being a sign or indicator to the level of being an item of property.

Lawyers from most countries agree that a domain name is a right held under a contract from a domain registry that, in simple terms, says "We, the Registry, will put an entry on our computer that directs people looking for your domain name to whatever computers you would like us to". It's a long step in most people's minds from that kind of contract for services to a formal right in property. To give an example, in the UK you're most likely to see an in rem action being raised against a ship; a nice, obvious, physical thing you can see and touch, and a piece of property that has an identifiable location from moment to moment. But now the same situation applies for domain names, as confirmed by the US Court of Appeals. So for as long as the .com registry (and incidentally, the .net, .org and many other registries) are situated in the USA, US jurisdiction will apply.

The Court in the Harrods case held that Virginia's interests in the marketability of property within its borders and in providing dispute resolution concerning the possession of that property supported the exercise of in rem jurisdiction. It went on:-

Virginia's interest in not permitting foreign companies to use rights emanating from, and facilities located in, its territory to infringe U.S. trademarks also supports [this] exercise....

In other words, if your .com domain name (however inadvertently) infringes a US trademark, the Commonwealth of Virginia has an interest in not permitting you, as a foreigner or otherwise, to use the facilities of the domain name registry database. If you thought you were registering your domain name with your registration service provider in your own particular country, think again:-

By registering these domain names in Virginia [the Defendants] exposed those names to the jurisdiction of the courts in Virginia (state or federal) at least for the limited purpose of determining who properly owns the Domain Names themselves.

So how bad is this for non-US citizens? Happily, the circumstances in which you're likely to find yourself in a Virginia court are limited to trademark and cybersquatting matters, covering trademark infringement, trademark dilution and domain name registration in bad faith. However, it is clear from the Harrods case that a clash of genuine trademark rights (admittedly with an element of potential trademark abuse on the part of the defendant) can take you, or more accurately, your domain names to a Virginia court.

Andrew Lothian is the CEO of Demys, a specialist in Internet brand protection. He is a serving member of the Nominet (UK Internet Naming Authority) Dispute Resolution Service Expert Panel and a recent appointee to the World Intellectual Property Organization's Domain Name Panel.

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story


Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.