Feeds

I'll see your domain name in (US) Court!

Extra-territorial landgrab

  • alert
  • submit to reddit

New hybrid storage solutions

Two little-noticed and otherwise unremarkable decisions from the US 4th Circuit Court of Appeals, decided on 23 August 2002, now affirm a principle that is perhaps worrying for those 20 million or so .com domain name registrants who live outside the USA. The cases deal with the question of the geographical location of a domain name and which court can exercise jurisdiction over it.

So where exactly does a domain name live? If you're a purist, you'll say that it doesn't 'live' anywhere - the Domain Name System is a tree structured distributed database involving a hierarchy of nodes from leaf to root. In other words, your domain name is an address accessible via a range of entries on a range of geographically dispersed computers connected to the Internet.

But if you're a United States District Judge, presented with a .com domain name, you'll say that a domain name is a piece of property with a geographical existence - in the Commonwealth of Virginia, USA. Why? Because that is where the registry for .com domain names is to be found.

The court decisions affirming this principle were Porsche Cars v Porsche.net and others, and Harrods Limited v Sixty Internet Domain Names. You may be wondering how it is that the Plaintiffs appear to be suing domain names rather than people or companies. In an odd twist, strange at least to most non-lawyers, US law says that a domain name is a piece of property that can be sued in its own right. This is called an in rem action (Latin for 'against the thing' as opposed to in personam or 'against the person'). The consequence of this peculiar state of affairs is that all of those registrants who have a .com domain name but live outside Virginia are viewed as absentee owners of property situated there. If you injure someone by virtue of that property (we're talking trademark disputes here) then Virginia's courts will take the case.

This may sound surprising, but it has worked for both Porsche and Harrods, each of whom sued some sixty or so domains in a single action. In Porsche's case, at least two of the domains belonged to a British citizen with no immediately apparent connection to Virginia. In Harrods, the domain names were registered by Harrods BA, a South American department store formerly allied to its famous namesake in the UK. Porsche's British defendant has now agreed to submit to personal jurisdiction in California but this seems to have been a tactical move in the litigation and does not defeat the general principle that he could be hauled into a Virginia court for the sake of his domain names.

At the root of the problem is the fact that the US Congress has treated domain names as property in terms of legislation called the Anti-Cybersquatting Consumer Protection Act 1999, or ACPA for short. It's plain from the title of the Act that Congress was grappling with cybersquatting - admittedly a major issue for US business and in particular for trademark holders at the height of the dot-com boom. But the US has ploughed its own furrow with its approach. Many countries' legal systems accept that in trademark disputes a domain name can be treated as a sign, the analogy being that registering coke.com in conflict with the Coca-Cola Company's rights is much the same as nailing up a large board over your business with the word 'Coke' painted on it in the familiar style of that company's brand without the right to do so. However, few would elevate a domain name from being a sign or indicator to the level of being an item of property.

Lawyers from most countries agree that a domain name is a right held under a contract from a domain registry that, in simple terms, says "We, the Registry, will put an entry on our computer that directs people looking for your domain name to whatever computers you would like us to". It's a long step in most people's minds from that kind of contract for services to a formal right in property. To give an example, in the UK you're most likely to see an in rem action being raised against a ship; a nice, obvious, physical thing you can see and touch, and a piece of property that has an identifiable location from moment to moment. But now the same situation applies for domain names, as confirmed by the US Court of Appeals. So for as long as the .com registry (and incidentally, the .net, .org and many other registries) are situated in the USA, US jurisdiction will apply.

The Court in the Harrods case held that Virginia's interests in the marketability of property within its borders and in providing dispute resolution concerning the possession of that property supported the exercise of in rem jurisdiction. It went on:-

Virginia's interest in not permitting foreign companies to use rights emanating from, and facilities located in, its territory to infringe U.S. trademarks also supports [this] exercise....

In other words, if your .com domain name (however inadvertently) infringes a US trademark, the Commonwealth of Virginia has an interest in not permitting you, as a foreigner or otherwise, to use the facilities of the domain name registry database. If you thought you were registering your domain name with your registration service provider in your own particular country, think again:-

By registering these domain names in Virginia [the Defendants] exposed those names to the jurisdiction of the courts in Virginia (state or federal) at least for the limited purpose of determining who properly owns the Domain Names themselves.

So how bad is this for non-US citizens? Happily, the circumstances in which you're likely to find yourself in a Virginia court are limited to trademark and cybersquatting matters, covering trademark infringement, trademark dilution and domain name registration in bad faith. However, it is clear from the Harrods case that a clash of genuine trademark rights (admittedly with an element of potential trademark abuse on the part of the defendant) can take you, or more accurately, your domain names to a Virginia court.

Andrew Lothian is the CEO of Demys, a specialist in Internet brand protection. He is a serving member of the Nominet (UK Internet Naming Authority) Dispute Resolution Service Expert Panel and a recent appointee to the World Intellectual Property Organization's Domain Name Panel.

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.